Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/af48a471-47ad-45b4-92ba-7dee5d4a4caa.roa
File:                     af48a471-47ad-45b4-92ba-7dee5d4a4caa.roa (raw, json)
Hash identifier:          k5UnA9+fISxuIe468JVpANGaJfHpbU/KmIleWNP2bQE=
Subject key identifier:   B7:F4:D2:45:AA:0F:B9:E6:8D:90:90:AB:72:06:A9:67:19:E5:9D:3E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0A8C86DB101B7DE8AC19C70248BA88389EF47395
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/af48a471-47ad-45b4-92ba-7dee5d4a4caa.roa
Signing time:             Tue 20 May 2025 16:21:07 +0000
ROA not before:           Tue 20 May 2025 16:21:07 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:8c:86:db:10:1b:7d:e8:ac:19:c7:02:48:ba:88:38:9e:f4:73:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 20 16:21:07 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=48cfdfa3d6a41560843b1b000729992ff5978fe40ce68f7964c8ad90d8bdbe12, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ec:23:33:af:c8:d2:23:a3:bb:bd:60:f7:1c:
                    e3:55:78:e6:38:32:f4:3f:de:f1:f1:72:a0:b8:e2:
                    68:65:e6:b6:5d:82:be:a5:b2:f7:4b:70:88:6c:1b:
                    c1:68:b3:80:9f:39:61:42:2b:31:b4:39:5e:de:eb:
                    40:9e:c9:0a:a7:d5:71:f0:f1:27:33:ee:35:65:82:
                    91:c1:00:5b:cd:51:ea:f8:39:46:12:91:8b:16:93:
                    bc:65:c2:4a:4b:6e:bc:59:50:fd:6e:fc:68:52:e9:
                    21:54:15:21:e6:2e:48:34:e7:3a:cf:36:67:3f:81:
                    78:ea:3b:12:2b:ad:4c:50:f9:ac:71:c8:2b:15:d9:
                    40:2c:bb:a6:67:29:c5:ed:16:8c:08:77:97:45:03:
                    c0:0e:54:9e:20:42:86:f2:cb:f8:d4:e3:ec:30:0a:
                    04:28:f2:6c:3c:88:61:a3:71:3c:7f:87:ed:81:03:
                    74:c2:b9:c2:47:d6:ee:a5:34:ed:dc:c6:6e:cb:21:
                    31:6f:88:83:bb:02:cf:5e:86:f2:58:86:93:8e:c3:
                    ba:5c:cb:ba:d4:e5:13:62:ab:52:16:42:66:4f:4d:
                    6e:66:a9:22:71:36:90:58:40:3a:d3:ea:19:5d:bb:
                    b1:e1:ea:f6:de:a8:31:70:a3:78:f6:04:7a:34:ae:
                    c2:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:F4:D2:45:AA:0F:B9:E6:8D:90:90:AB:72:06:A9:67:19:E5:9D:3E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/af48a471-47ad-45b4-92ba-7dee5d4a4caa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:de:22:09:5f:1e:af:3b:a1:3f:e7:34:af:82:1c:b4:2e:39:
         9c:ff:ad:d5:25:bc:a6:b1:20:a7:f8:8b:9f:14:35:d7:0c:48:
         1a:02:e7:7c:a5:98:0e:22:c0:13:be:b9:6f:8b:7a:4e:40:53:
         4d:7e:5e:ed:a4:f0:f1:05:bb:77:c6:60:0b:c4:15:9a:51:d5:
         2b:f6:b4:2d:a5:fc:1b:67:c9:00:f6:76:63:a6:24:54:86:e6:
         8c:ce:de:6f:4d:f9:bd:d4:3d:be:2e:6a:f6:8e:c7:ea:21:c6:
         93:1f:98:59:ad:ca:87:e2:a0:44:7d:b9:cf:85:40:25:a9:88:
         99:09:b6:29:43:16:a4:49:90:60:fe:56:1b:e9:26:86:a3:c1:
         f5:e0:0c:1a:a9:6c:2b:19:ed:09:60:c2:85:27:e6:28:6e:5b:
         15:7e:57:86:83:2a:45:3c:1a:15:a7:66:40:1d:38:3d:60:5a:
         9e:6f:55:cf:00:3d:1e:31:6f:3f:dc:cc:0d:7a:72:e4:48:48:
         59:12:b8:7e:f5:57:4b:14:25:49:cc:9a:23:4b:a5:71:e4:65:
         7f:1c:a3:b5:17:d8:2e:88:b8:5d:44:3c:04:93:bb:a1:f7:ac:
         b0:e4:59:c2:14:47:24:90:e9:a3:96:1b:09:15:8b:75:49:29:
         b9:52:e7:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCoyG2xAbfeisGccCSLqIOJ70c5UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIwMTYyMTA3WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OGNmZGZhM2Q2YTQxNTYwODQzYjFiMDAwNzI5OTkyZmY1
OTc4ZmU0MGNlNjhmNzk2NGM4YWQ5MGQ4YmRiZTEyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDb7CMzr8jSI6O7vWD3HONVeOY4MvQ/3vHxcqC44mhl5rZd
gr6lsvdLcIhsG8Fos4CfOWFCKzG0OV7e60CeyQqn1XHw8Scz7jVlgpHBAFvNUer4
OUYSkYsWk7xlwkpLbrxZUP1u/GhS6SFUFSHmLkg05zrPNmc/gXjqOxIrrUxQ+axx
yCsV2UAsu6ZnKcXtFowId5dFA8AOVJ4gQobyy/jU4+wwCgQo8mw8iGGjcTx/h+2B
A3TCucJH1u6lNO3cxm7LITFviIO7As9ehvJYhpOOw7pcy7rU5RNiq1IWQmZPTW5m
qSJxNpBYQDrT6hldu7Hh6vbeqDFwo3j2BHo0rsIRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUt/TSRaoPueaNkJCrcgapZxnlnT4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FmNDhhNDcxLTQ3YWQtNDViNC05MmJhLTdkZWU1ZDRhNGNhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIP3MAwDQYJKoZIhvcNAQELBQADggEBAFPeIglfHq87oT/nNK+CHLQuOZz/
rdUlvKaxIKf4i58UNdcMSBoC53ylmA4iwBO+uW+Lek5AU01+Xu2k8PEFu3fGYAvE
FZpR1Sv2tC2l/BtnyQD2dmOmJFSG5ozO3m9N+b3UPb4uavaOx+ohxpMfmFmtyofi
oER9uc+FQCWpiJkJtilDFqRJkGD+VhvpJoajwfXgDBqpbCsZ7QlgwoUn5ihuWxV+
V4aDKkU8GhWnZkAdOD1gWp5vVc8APR4xbz/czA16cuRISFkSuH71V0sUJUnMmiNL
pXHkZX8co7UX2C6IuF1EPASTu6H3rLDkWcIURySQ6aOWGwkVi3VJKblS5xQ=
-----END CERTIFICATE-----