Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ba9dfe59-e2a2-4074-b3a7-998fd9738bd9.roa
File:                     ba9dfe59-e2a2-4074-b3a7-998fd9738bd9.roa (raw, json)
Hash identifier:          sqvQXd36R8cj0A/GWSeJXXBuOewcsoJzJ3UIZdq6RCo=
Subject key identifier:   4A:83:22:D1:99:2A:B8:98:7B:F3:16:72:91:D2:6F:C0:59:F8:E4:FB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2C77B5F98E99FA29A00D118B018BECFCCFCE752C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ba9dfe59-e2a2-4074-b3a7-998fd9738bd9.roa
Signing time:             Fri 06 Jun 2025 00:31:27 +0000
ROA not before:           Fri 06 Jun 2025 00:31:27 +0000
ROA not after:            Fri 11 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.146.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 17 Jun 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:77:b5:f9:8e:99:fa:29:a0:0d:11:8b:01:8b:ec:fc:cf:ce:75:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  6 00:31:27 2025 GMT
            Not After : Jul 11 23:59:59 2025 GMT
        Subject: serialNumber=94a2188ecfa9ea06dc7f322127becce511fb997b6e5fcaef08b5bc0f485fdd0b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:fd:aa:a6:9e:d2:d7:1f:19:49:8d:b6:9d:c7:
                    4b:3f:e6:4d:b2:ce:77:66:81:cc:2a:99:ac:39:e6:
                    d2:ad:4c:fb:bf:4a:1e:7e:91:63:7c:85:cd:f5:8f:
                    63:79:13:ab:a2:ad:48:7a:ed:dd:4c:4b:46:3f:c9:
                    a4:33:e3:b4:62:b5:bb:5c:82:82:06:eb:c5:b3:8b:
                    7f:57:6f:ac:0e:39:a2:80:64:ed:b2:bf:ac:12:40:
                    7f:09:b7:e4:dc:eb:99:ab:be:72:92:76:79:02:97:
                    62:ed:04:7a:36:4f:59:db:c1:8f:27:29:44:65:e8:
                    a3:74:71:76:fe:73:f0:c7:26:45:be:86:36:2a:b1:
                    9c:49:28:ef:9e:da:5e:3a:a4:45:d0:8d:03:b9:ee:
                    3a:e1:63:c0:96:eb:fd:93:ca:78:27:5d:c5:74:db:
                    03:77:bf:7b:26:a1:59:80:7a:12:be:e5:aa:7a:dc:
                    c6:b9:c6:54:c2:4c:e5:31:15:ba:be:de:f9:05:3e:
                    a9:be:33:8b:51:4c:7d:e0:62:56:27:f0:1d:32:1d:
                    18:87:0f:73:87:1f:a7:f0:f5:6a:29:21:66:2a:f4:
                    30:a3:aa:2d:c2:ba:5e:33:81:a4:9a:07:18:b7:05:
                    12:d2:65:73:e5:e1:54:f5:f4:61:a3:9d:59:9b:cf:
                    97:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:83:22:D1:99:2A:B8:98:7B:F3:16:72:91:D2:6F:C0:59:F8:E4:FB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ba9dfe59-e2a2-4074-b3a7-998fd9738bd9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:83:76:47:7f:7e:f5:0b:ef:b0:82:ad:70:53:7d:91:ae:79:
         77:1e:5c:e6:69:21:81:99:20:f9:cf:e6:e2:a7:4d:a7:28:02:
         ad:be:f0:50:12:b0:8c:a3:19:6f:30:aa:c6:b3:e1:49:25:99:
         ee:d4:e5:c6:3c:c1:d4:0f:ef:76:93:43:8a:1c:46:9f:c4:0c:
         b6:97:27:22:62:94:ca:80:bc:b8:57:20:5e:b7:89:86:05:01:
         a1:44:15:4f:39:1b:7b:5a:1f:da:fc:80:3b:d9:76:26:3a:a9:
         bb:07:78:51:d5:c2:a9:c5:ec:61:fd:cd:a1:09:7a:2a:c3:2b:
         ae:93:ac:cf:9b:63:29:3a:bd:94:91:1d:9a:52:c4:aa:89:5c:
         6a:2c:b3:78:d1:76:35:49:e4:5a:ae:79:5d:68:2a:06:82:08:
         2c:4c:86:c7:d2:f0:e8:9b:df:53:38:fd:94:a1:b8:7b:e9:4b:
         c8:97:e5:94:49:e2:30:3e:65:85:d3:db:6a:72:0b:18:c9:ad:
         8a:fc:8d:93:e7:3d:2c:6d:0f:f1:8b:b6:8e:9f:c9:64:ff:66:
         d8:ae:02:16:f0:60:a2:2e:23:dd:d1:ad:00:e0:ac:63:37:57:
         40:5b:b4:c6:b2:bb:11:af:6c:4e:3c:c3:b3:02:f6:7c:d6:59:
         c4:64:85:fb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULHe1+Y6Z+imgDRGLAYvs/M/OdSwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA2MDAzMTI3WhcNMjUwNzExMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NGEyMTg4ZWNmYTllYTA2ZGM3ZjMyMjEyN2JlY2NlNTEx
ZmI5OTdiNmU1ZmNhZWYwOGI1YmMwZjQ4NWZkZDBiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5/aqmntLXHxlJjbadx0s/5k2yzndmgcwqmaw55tKtTPu/
Sh5+kWN8hc31j2N5E6uirUh67d1MS0Y/yaQz47RitbtcgoIG68Wzi39Xb6wOOaKA
ZO2yv6wSQH8Jt+Tc65mrvnKSdnkCl2LtBHo2T1nbwY8nKURl6KN0cXb+c/DHJkW+
hjYqsZxJKO+e2l46pEXQjQO57jrhY8CW6/2TyngnXcV02wN3v3smoVmAehK+5ap6
3Ma5xlTCTOUxFbq+3vkFPqm+M4tRTH3gYlYn8B0yHRiHD3OHH6fw9WopIWYq9DCj
qi3Cul4zgaSaBxi3BRLSZXPl4VT19GGjnVmbz5fVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSoMi0ZkquJh78xZykdJvwFn45PswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JhOWRmZTU5LWUyYTItNDA3NC1iM2E3LTk5OGZkOTczOGJkOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEP3JIwDQYJKoZIhvcNAQELBQADggEBAFaDdkd/fvUL77CCrXBTfZGueXce
XOZpIYGZIPnP5uKnTacoAq2+8FASsIyjGW8wqsaz4Uklme7U5cY8wdQP73aTQ4oc
Rp/EDLaXJyJilMqAvLhXIF63iYYFAaFEFU85G3taH9r8gDvZdiY6qbsHeFHVwqnF
7GH9zaEJeirDK66TrM+bYyk6vZSRHZpSxKqJXGoss3jRdjVJ5FqueV1oKgaCCCxM
hsfS8Oib31M4/ZShuHvpS8iX5ZRJ4jA+ZYXT22pyCxjJrYr8jZPnPSxtD/GLto6f
yWT/ZtiuAhbwYKIuI93RrQDgrGM3V0BbtMayuxGvbE48w7MC9nzWWcRkhfs=
-----END CERTIFICATE-----