Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d071a541-4360-466f-b8a3-9329b3a7af5c.roa
File:                     d071a541-4360-466f-b8a3-9329b3a7af5c.roa (raw, json)
Hash identifier:          VU3I8dVmlMBjrdaOkfAqEDMilCAIgVie8GD/h9w8rDQ=
Subject key identifier:   16:F1:93:05:17:EC:D0:DF:ED:44:BE:BB:ED:64:04:E4:8E:EE:D8:8D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       528D84F24F4D81D9BC3B1038EDBB9F47993E821E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d071a541-4360-466f-b8a3-9329b3a7af5c.roa
Signing time:             Mon 14 Apr 2025 15:31:41 +0000
ROA not before:           Mon 14 Apr 2025 15:31:41 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.220.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:8d:84:f2:4f:4d:81:d9:bc:3b:10:38:ed:bb:9f:47:99:3e:82:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 14 15:31:41 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=ecaca9f1be7c37a14c2d706e8c2493f78ce1a3b3db80e58521fed7f56488cbb7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b2:08:64:69:a6:84:fd:ab:f4:0b:ef:09:35:
                    1f:af:34:4f:be:52:8f:c8:83:88:aa:b2:41:07:51:
                    e0:47:8b:96:93:1c:87:73:84:25:6c:85:c9:9d:84:
                    d3:b5:5b:0e:d3:c1:eb:e2:98:09:f6:ba:78:99:73:
                    72:40:3e:a4:20:1a:b6:ff:5e:86:06:94:1b:79:03:
                    40:bf:f8:eb:f7:b7:c4:9e:7d:8a:dc:dc:1d:50:7b:
                    47:a6:71:b6:d5:ef:26:da:41:bc:fb:3f:9b:55:c9:
                    3f:85:a4:22:ed:e8:2d:22:71:db:43:dc:29:51:dd:
                    ba:b8:84:39:5e:30:7c:ec:51:3a:1d:09:58:49:30:
                    ee:81:cf:4f:52:4d:ba:ec:bc:14:66:4b:39:4a:b5:
                    8f:f8:1f:42:dc:3b:a7:66:83:11:eb:1d:6b:96:63:
                    25:ac:3a:fb:b2:b8:bb:3d:07:eb:85:84:6b:9d:2b:
                    a6:9a:9e:83:d2:c2:f2:df:12:d6:5f:71:fb:c4:bd:
                    62:84:2e:73:d7:d2:83:7e:d4:ea:84:13:77:5c:18:
                    53:58:05:48:3b:3c:35:77:8f:74:0c:38:d0:0a:c8:
                    97:a7:b7:af:fb:23:cb:48:85:e9:8b:bb:4e:fb:67:
                    aa:8f:07:0d:74:06:f1:9a:3d:a9:b6:18:f4:ef:72:
                    57:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:F1:93:05:17:EC:D0:DF:ED:44:BE:BB:ED:64:04:E4:8E:EE:D8:8D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d071a541-4360-466f-b8a3-9329b3a7af5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:5c:f1:8e:40:77:16:e0:29:3f:d6:f3:05:53:76:4c:ee:6d:
         7f:7b:f4:e8:5c:41:43:4a:69:dd:0e:a3:f9:82:ad:c4:34:09:
         2c:8b:5f:9c:01:b9:c5:ca:73:5e:a4:07:f7:36:43:a6:aa:e4:
         0d:2e:6e:46:0a:b4:11:1f:8e:d0:9c:24:ce:0b:4e:80:80:88:
         23:28:08:5a:24:f9:46:f6:02:2c:c5:32:1c:95:be:be:11:b5:
         8f:75:0c:2f:2e:8d:52:bb:39:78:f4:84:f4:06:47:8c:1b:59:
         8b:f5:31:d6:f8:e7:16:e5:04:02:64:97:23:68:fb:c7:4c:4c:
         e5:29:b5:b2:80:02:1f:ac:61:24:a9:04:a3:f3:91:f9:62:88:
         23:95:cb:85:8a:b9:d0:cb:b9:7b:a9:a7:8d:9f:05:30:96:c6:
         09:16:4f:dd:e5:4a:6e:06:28:e9:fd:cc:be:f1:d1:68:87:5a:
         99:66:e2:26:47:31:07:b6:3d:d5:ea:7e:67:f7:3d:5c:c4:92:
         e3:f8:af:a6:eb:44:32:aa:84:7b:95:09:5b:86:4d:7c:59:e1:
         2f:af:90:5a:8d:b3:a9:4b:d2:e7:b0:a1:c1:b1:a3:14:91:ef:
         d8:a1:89:93:fc:1f:4f:d1:98:8b:88:f4:f4:b3:83:29:01:66:
         84:6b:9c:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUo2E8k9Ngdm8OxA47bufR5k+gh4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDE0MTUzMTQxWhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlY2FjYTlmMWJlN2MzN2ExNGMyZDcwNmU4YzI0OTNmNzhj
ZTFhM2IzZGI4MGU1ODUyMWZlZDdmNTY0ODhjYmI3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCosghkaaaE/av0C+8JNR+vNE++Uo/Ig4iqskEHUeBHi5aT
HIdzhCVshcmdhNO1Ww7TwevimAn2uniZc3JAPqQgGrb/XoYGlBt5A0C/+Ov3t8Se
fYrc3B1Qe0emcbbV7ybaQbz7P5tVyT+FpCLt6C0icdtD3ClR3bq4hDleMHzsUTod
CVhJMO6Bz09STbrsvBRmSzlKtY/4H0LcO6dmgxHrHWuWYyWsOvuyuLs9B+uFhGud
K6aanoPSwvLfEtZfcfvEvWKELnPX0oN+1OqEE3dcGFNYBUg7PDV3j3QMONAKyJen
t6/7I8tIhemLu077Z6qPBw10BvGaPam2GPTvcleFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFvGTBRfs0N/tRL677WQE5I7u2I0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QwNzFhNTQxLTQzNjAtNDY2Zi1iOGEzLTkzMjliM2E3YWY1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIP3OwwDQYJKoZIhvcNAQELBQADggEBAIZc8Y5AdxbgKT/W8wVTdkzubX97
9OhcQUNKad0Oo/mCrcQ0CSyLX5wBucXKc16kB/c2Q6aq5A0ubkYKtBEfjtCcJM4L
ToCAiCMoCFok+Ub2AizFMhyVvr4RtY91DC8ujVK7OXj0hPQGR4wbWYv1Mdb45xbl
BAJklyNo+8dMTOUptbKAAh+sYSSpBKPzkfliiCOVy4WKudDLuXupp42fBTCWxgkW
T93lSm4GKOn9zL7x0WiHWplm4iZHMQe2PdXqfmf3PVzEkuP4r6brRDKqhHuVCVuG
TXxZ4S+vkFqNs6lL0uewocGxoxSR79ihiZP8H0/RmIuI9PSzgykBZoRrnL4=
-----END CERTIFICATE-----