Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d071a541-4360-466f-b8a3-9329b3a7af5c.roa
File:                     d071a541-4360-466f-b8a3-9329b3a7af5c.roa (raw, json)
Hash identifier:          IVzVfWE9sZjyPZizgoXjB0BawBcTTaMEeohTbE1Ac0A=
Subject key identifier:   71:20:D6:56:55:94:CB:B2:6E:52:0E:76:85:98:3E:24:A9:C9:B7:64
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       682FA70ED3C9321E99BADEC1AF2DCA5E682C541C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d071a541-4360-466f-b8a3-9329b3a7af5c.roa
Signing time:             Sat 01 Nov 2025 01:00:12 +0000
ROA not before:           Sat 01 Nov 2025 01:00:12 +0000
ROA not after:            Sat 06 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.220.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:2f:a7:0e:d3:c9:32:1e:99:ba:de:c1:af:2d:ca:5e:68:2c:54:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  1 01:00:12 2025 GMT
            Not After : Dec  6 23:59:59 2025 GMT
        Subject: serialNumber=f24175ff9276ef213cf2c234c8f34bbd6e6f01c0bd4148a78eb14b760e11add1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:cf:5f:d2:9e:0d:a3:5c:1c:51:6e:a9:e2:36:
                    e8:68:0e:52:9b:33:46:d0:25:6e:14:a7:ec:6e:1b:
                    05:50:96:72:53:bc:97:bc:e7:d5:7c:2a:e9:93:4a:
                    b0:fc:f0:3d:c9:f3:39:7f:98:07:ec:59:a2:50:38:
                    f0:d0:2f:47:bf:c2:5e:2d:c8:aa:99:65:d8:f6:89:
                    2d:58:f3:f5:05:75:fc:9d:35:8f:3f:99:15:14:53:
                    38:da:24:fd:c9:d3:c3:25:f7:cc:ec:e3:0e:eb:d3:
                    98:cd:0d:f3:4d:04:35:f7:7b:3d:cd:da:f5:a7:64:
                    0d:5a:8f:01:f0:83:d0:54:e0:e1:65:6e:90:54:de:
                    c4:fe:e9:2c:3b:2c:61:c0:66:72:57:03:eb:6d:d4:
                    6c:4b:b5:26:ce:df:c1:72:43:84:10:d3:f6:27:8c:
                    79:67:3f:dd:ed:7c:5a:14:b4:41:0d:02:77:1e:e2:
                    76:b8:d4:65:8f:52:4c:f4:04:bc:52:2e:86:cd:e2:
                    4a:c6:6e:8a:ec:9d:cf:3f:6a:f1:e0:b3:91:72:87:
                    dd:e1:29:a6:8f:b6:54:3e:2c:8c:ba:8c:6e:38:42:
                    15:6e:6e:b8:2d:e3:8b:60:a7:a2:e5:2c:90:51:1c:
                    d2:b9:b3:c6:07:c4:40:1b:58:c0:7f:d9:8c:21:b8:
                    dc:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:20:D6:56:55:94:CB:B2:6E:52:0E:76:85:98:3E:24:A9:C9:B7:64
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d071a541-4360-466f-b8a3-9329b3a7af5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:3d:d3:2a:7a:26:08:ba:48:85:84:db:cc:c1:47:39:76:24:
         ce:40:6a:32:55:df:db:4f:47:38:44:42:a2:8b:39:f7:30:ec:
         51:da:2a:b9:59:35:fe:ea:e8:db:a3:3e:7e:59:4f:db:56:62:
         85:bb:04:db:87:c0:99:63:9c:58:4f:c8:43:dc:04:ad:9f:83:
         6c:f4:f6:e9:d3:94:d7:62:ef:f8:8d:9b:31:65:6f:37:ac:68:
         4f:1f:65:41:6c:14:8d:0d:56:86:01:ca:40:b3:81:68:28:2d:
         84:27:a1:da:f8:7d:38:47:08:5c:99:22:e4:91:4f:db:6b:91:
         de:74:f3:94:a5:a3:17:dd:6c:c9:89:48:9f:2c:84:7a:ae:82:
         0b:2f:21:f5:b9:47:93:e4:07:d2:3d:2a:89:ad:e9:28:ef:ad:
         cc:e3:66:0b:48:7b:97:a5:1b:10:ec:ec:ad:90:3a:4e:f8:24:
         74:fb:82:d6:2f:62:62:31:db:d7:cb:34:f0:f2:7d:61:b0:16:
         e8:e0:15:b5:6a:bf:ea:45:64:e5:99:b7:c5:bc:bf:e5:8f:67:
         68:52:57:3f:69:e2:d0:52:79:74:62:f9:2c:a9:d7:5d:2b:f8:
         e5:77:df:05:e5:7c:dd:90:ca:f3:9b:7d:df:07:86:6c:52:59:
         3c:b0:e1:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaC+nDtPJMh6Zut7Bry3KXmgsVBwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTAxMDEwMDEyWhcNMjUxMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMjQxNzVmZjkyNzZlZjIxM2NmMmMyMzRjOGYzNGJiZDZl
NmYwMWMwYmQ0MTQ4YTc4ZWIxNGI3NjBlMTFhZGQxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAz1/Sng2jXBxRbqniNuhoDlKbM0bQJW4Up+xuGwVQlnJT
vJe859V8KumTSrD88D3J8zl/mAfsWaJQOPDQL0e/wl4tyKqZZdj2iS1Y8/UFdfyd
NY8/mRUUUzjaJP3J08Ml98zs4w7r05jNDfNNBDX3ez3N2vWnZA1ajwHwg9BU4OFl
bpBU3sT+6Sw7LGHAZnJXA+tt1GxLtSbO38FyQ4QQ0/YnjHlnP93tfFoUtEENAnce
4na41GWPUkz0BLxSLobN4krGborsnc8/avHgs5Fyh93hKaaPtlQ+LIy6jG44QhVu
brgt44tgp6LlLJBRHNK5s8YHxEAbWMB/2YwhuNxjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcSDWVlWUy7JuUg52hZg+JKnJt2QwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QwNzFhNTQxLTQzNjAtNDY2Zi1iOGEzLTkzMjliM2E3YWY1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIP3OwwDQYJKoZIhvcNAQELBQADggEBAAY90yp6Jgi6SIWE28zBRzl2JM5A
ajJV39tPRzhEQqKLOfcw7FHaKrlZNf7q6NujPn5ZT9tWYoW7BNuHwJljnFhPyEPc
BK2fg2z09unTlNdi7/iNmzFlbzesaE8fZUFsFI0NVoYBykCzgWgoLYQnodr4fThH
CFyZIuSRT9trkd5085SloxfdbMmJSJ8shHquggsvIfW5R5PkB9I9Komt6Sjvrczj
ZgtIe5elGxDs7K2QOk74JHT7gtYvYmIx29fLNPDyfWGwFujgFbVqv+pFZOWZt8W8
v+WPZ2hSVz9p4tBSeXRi+Syp110r+OV33wXlfN2QyvObfd8HhmxSWTyw4RQ=
-----END CERTIFICATE-----