Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e36dbc25-7f30-42c9-9655-13a4a2cc581c.roa
File:                     e36dbc25-7f30-42c9-9655-13a4a2cc581c.roa (raw, json)
Hash identifier:          F2EKotbX06wBXcQPgilIkneurABCHoAekxgyLqH8hc0=
Subject key identifier:   BF:03:5C:14:D1:3C:A9:27:ED:C7:06:CA:DD:24:F5:BA:1F:37:71:35
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       721A405E49079EED141C15D90F28BB9EF810CB63
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e36dbc25-7f30-42c9-9655-13a4a2cc581c.roa
Signing time:             Tue 20 May 2025 16:21:07 +0000
ROA not before:           Tue 20 May 2025 16:21:07 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.193.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:1a:40:5e:49:07:9e:ed:14:1c:15:d9:0f:28:bb:9e:f8:10:cb:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 20 16:21:07 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=bc8c3da712d8f8ea73108be6fcc45749e1be6d513393f6a83aef23cb9612e8c2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:87:04:93:97:3b:d8:4f:86:47:c1:78:d0:b8:
                    7c:6d:38:26:ec:0c:fb:5d:c2:95:12:6a:f2:37:db:
                    3e:24:2d:64:b2:3e:e4:77:71:d7:2b:5f:fa:ea:bb:
                    94:82:13:ee:03:0d:9d:89:b1:13:6b:fa:88:cc:2f:
                    0b:d1:32:64:5c:1b:5e:7e:c5:19:c4:72:76:92:7e:
                    fa:e9:18:d0:49:7c:dc:e3:64:b1:1a:77:af:95:dc:
                    0e:23:27:65:6b:e9:4b:86:48:87:98:d4:1a:47:a3:
                    e1:44:fe:0d:13:9a:dd:2c:3c:62:ae:cb:ce:b6:21:
                    17:22:eb:3a:97:48:a7:37:8d:82:83:13:38:6b:03:
                    e3:d0:84:a8:25:b1:40:98:44:b7:bc:26:43:4b:cb:
                    b8:f4:ab:1c:b2:fe:0e:d6:a9:4c:43:7a:e9:8e:af:
                    11:b3:95:4c:3f:c4:cf:05:92:52:93:5f:2c:b5:07:
                    d0:56:c0:a0:a7:95:e6:70:97:8d:f0:0e:ea:3a:f9:
                    9d:8b:4d:95:63:9c:ad:21:f4:9c:af:a8:9e:bc:bb:
                    02:45:35:36:49:9d:dd:16:17:d5:ed:70:75:1f:f5:
                    5e:75:21:cc:8f:a1:c9:ff:13:61:eb:1f:95:9d:47:
                    84:1f:b2:1b:be:de:a0:a3:62:b8:c8:1d:fc:de:18:
                    9c:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:03:5C:14:D1:3C:A9:27:ED:C7:06:CA:DD:24:F5:BA:1F:37:71:35
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e36dbc25-7f30-42c9-9655-13a4a2cc581c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.193.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:f8:62:f4:54:e3:18:ce:48:6c:4c:b8:33:0e:9e:06:81:42:
         aa:1d:a2:f3:86:67:85:67:37:36:0b:5f:91:73:a8:b1:35:88:
         fa:cd:fb:72:09:78:8c:f3:2a:eb:86:a4:c1:1f:95:48:86:06:
         01:64:6c:f9:f8:2c:1f:e3:83:b4:bb:02:4e:f6:39:57:85:52:
         09:d1:86:70:af:99:5c:77:f1:ad:76:90:fc:2f:18:b8:41:bf:
         0d:8f:29:db:73:49:8c:c0:9b:7c:08:be:a6:81:51:6e:31:07:
         db:77:cb:1f:eb:27:23:ac:17:11:63:ae:df:91:50:f2:86:5e:
         b8:d4:45:23:b4:77:95:87:05:7f:1c:af:71:d7:82:a8:18:77:
         67:45:fc:49:b9:44:d2:6d:e1:a1:13:84:8f:5a:2f:52:c4:71:
         8b:28:b8:bb:7b:50:99:6f:fc:d9:27:c7:11:80:9b:25:9a:82:
         7d:6b:2f:2a:54:95:8c:c9:d0:9c:61:59:16:ac:c2:48:a1:dd:
         32:72:07:db:55:7f:ea:2d:17:de:54:6b:01:80:a9:03:ab:48:
         87:87:24:0b:ef:14:78:59:cc:7c:ab:3a:c3:19:f8:a7:13:ea:
         4e:92:87:79:70:9e:3a:20:e6:4e:aa:b1:01:a4:d0:91:67:23:
         1e:89:ab:db
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUchpAXkkHnu0UHBXZDyi7nvgQy2MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTIwMTYyMTA3WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYzhjM2RhNzEyZDhmOGVhNzMxMDhiZTZmY2M0NTc0OWUx
YmU2ZDUxMzM5M2Y2YTgzYWVmMjNjYjk2MTJlOGMyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrhwSTlzvYT4ZHwXjQuHxtOCbsDPtdwpUSavI32z4kLWSy
PuR3cdcrX/rqu5SCE+4DDZ2JsRNr+ojMLwvRMmRcG15+xRnEcnaSfvrpGNBJfNzj
ZLEad6+V3A4jJ2Vr6UuGSIeY1BpHo+FE/g0Tmt0sPGKuy862IRci6zqXSKc3jYKD
EzhrA+PQhKglsUCYRLe8JkNLy7j0qxyy/g7WqUxDeumOrxGzlUw/xM8FklKTXyy1
B9BWwKCnleZwl43wDuo6+Z2LTZVjnK0h9JyvqJ68uwJFNTZJnd0WF9XtcHUf9V51
IcyPocn/E2HrH5WdR4Qfshu+3qCjYrjIHfzeGJyNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvwNcFNE8qSftxwbK3ST1uh83cTUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2UzNmRiYzI1LTdmMzAtNDJjOS05NjU1LTEzYTRhMmNjNTgxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPwQEwDQYJKoZIhvcNAQELBQADggEBAB74YvRU4xjOSGxMuDMOngaBQqod
ovOGZ4VnNzYLX5FzqLE1iPrN+3IJeIzzKuuGpMEflUiGBgFkbPn4LB/jg7S7Ak72
OVeFUgnRhnCvmVx38a12kPwvGLhBvw2PKdtzSYzAm3wIvqaBUW4xB9t3yx/rJyOs
FxFjrt+RUPKGXrjURSO0d5WHBX8cr3HXgqgYd2dF/Em5RNJt4aEThI9aL1LEcYso
uLt7UJlv/NknxxGAmyWagn1rLypUlYzJ0JxhWRaswkih3TJyB9tVf+otF95UawGA
qQOrSIeHJAvvFHhZzHyrOsMZ+KcT6k6Sh3lwnjog5k6qsQGk0JFnIx6Jq9s=
-----END CERTIFICATE-----