Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f62a22c2-14d3-43d5-baf7-ad2d1adb628e.roa
File:                     f62a22c2-14d3-43d5-baf7-ad2d1adb628e.roa (raw, json)
Hash identifier:          IVpjMf/eL60xw5NhjWju8jMyrgxQUaT1JzMu86BIQng=
Subject key identifier:   F2:86:61:B3:D0:18:F4:9D:66:ED:A1:52:27:70:82:44:21:4D:DC:E3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4E200D47E9841825254AAE385189569D759F2DDB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f62a22c2-14d3-43d5-baf7-ad2d1adb628e.roa
Signing time:             Fri 11 Jul 2025 15:41:54 +0000
ROA not before:           Fri 11 Jul 2025 15:41:54 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:20:0d:47:e9:84:18:25:25:4a:ae:38:51:89:56:9d:75:9f:2d:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 11 15:41:54 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=150655047aecb63c94c4092451e37007185d56a1ed469cf38c989fc8f5d58bdf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:f4:ba:0d:07:8a:17:83:29:88:5b:7c:e2:a2:
                    dc:5e:61:9a:55:ee:e8:65:3c:04:7d:06:e8:39:01:
                    76:15:bc:46:f5:83:6a:03:54:9a:e1:de:e2:7f:98:
                    77:42:13:c9:fd:fc:82:79:64:c9:2d:5c:dc:21:0d:
                    40:20:ea:dc:12:91:69:a3:85:25:63:2a:58:e5:bd:
                    a9:98:76:73:64:e6:50:d6:ee:52:a9:8c:48:ab:45:
                    cc:3e:f4:ed:96:20:95:fd:e9:22:a9:44:db:91:40:
                    cf:b4:fb:5d:c2:8f:ac:0c:e8:c6:0a:1d:ca:eb:47:
                    cc:29:7b:06:0c:ab:5c:e5:8b:8a:76:54:a5:d3:54:
                    90:23:cd:30:7e:c8:c3:ce:98:39:38:7d:95:c6:cb:
                    2d:2b:0d:2c:f3:bf:c9:f6:41:d0:e4:fb:a7:a8:d8:
                    b4:4b:78:1b:6a:1f:57:9a:96:9b:6d:ef:e0:7c:31:
                    b9:2b:a0:dc:f1:44:2a:ad:e0:f3:63:fc:dc:50:a7:
                    22:26:f0:86:92:db:45:3c:57:d4:6a:96:79:ec:c8:
                    94:8a:ab:14:6b:16:cb:d8:d7:37:b3:d1:66:b9:34:
                    68:25:3d:13:5f:9a:30:39:6f:74:35:88:a1:6f:87:
                    38:b9:9d:af:2c:7b:d7:c7:d2:a0:b7:de:58:b3:40:
                    16:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:86:61:B3:D0:18:F4:9D:66:ED:A1:52:27:70:82:44:21:4D:DC:E3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f62a22c2-14d3-43d5-baf7-ad2d1adb628e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:83:22:10:67:0b:08:56:92:36:1e:84:87:c6:c7:9d:33:44:
         87:d6:02:02:ee:7e:a8:65:14:e2:3b:b7:94:4f:08:6f:53:81:
         e0:4d:78:d1:71:b9:ef:44:82:7e:a7:8b:2d:13:81:62:69:ca:
         0a:36:f8:74:34:91:ae:1f:55:af:b1:55:8d:e1:80:41:3c:37:
         ef:f4:5b:15:af:cb:ce:57:ed:15:37:77:68:56:a7:bf:8a:58:
         3c:cb:fb:36:ea:cb:ad:42:a8:98:93:d6:53:c3:e7:6a:56:e9:
         ce:8c:4d:c0:7e:52:ec:2a:c0:ee:60:14:22:c9:f3:41:5e:4f:
         90:55:cc:b4:1a:f3:6e:fc:83:9e:49:e6:0d:4b:06:9c:75:b0:
         ef:1e:36:2b:1e:3b:ef:3f:c0:99:59:24:02:23:69:3f:b5:52:
         90:9e:94:97:33:5f:e8:bd:e2:1a:44:e6:38:be:60:3c:e7:8e:
         52:10:6e:84:a7:f2:c4:d2:3c:a5:6b:ac:24:22:b1:cb:3c:a0:
         d0:ca:c4:9f:b5:5c:0d:65:75:61:05:1b:ef:89:db:2d:cd:07:
         31:93:8a:92:32:06:06:84:65:a7:ee:3f:dc:51:0e:13:90:ba:
         3e:66:71:a6:34:df:01:b2:d4:87:41:8f:1e:80:83:e1:59:04:
         ea:f9:b2:39
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTiANR+mEGCUlSq44UYlWnXWfLdswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzExMTU0MTU0WhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTA2NTUwNDdhZWNiNjNjOTRjNDA5MjQ1MWUzNzAwNzE4
NWQ1NmExZWQ0NjljZjM4Yzk4OWZjOGY1ZDU4YmRmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDl9LoNB4oXgymIW3ziotxeYZpV7uhlPAR9Bug5AXYVvEb1
g2oDVJrh3uJ/mHdCE8n9/IJ5ZMktXNwhDUAg6twSkWmjhSVjKljlvamYdnNk5lDW
7lKpjEirRcw+9O2WIJX96SKpRNuRQM+0+13Cj6wM6MYKHcrrR8wpewYMq1zli4p2
VKXTVJAjzTB+yMPOmDk4fZXGyy0rDSzzv8n2QdDk+6eo2LRLeBtqH1ealptt7+B8
MbkroNzxRCqt4PNj/NxQpyIm8IaS20U8V9RqlnnsyJSKqxRrFsvY1zez0Wa5NGgl
PRNfmjA5b3Q1iKFvhzi5na8se9fH0qC33lizQBYnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8oZhs9AY9J1m7aFSJ3CCRCFN3OMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y2MmEyMmMyLTE0ZDMtNDNkNS1iYWY3LWFkMmQxYWRiNjI4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3s0wDQYJKoZIhvcNAQELBQADggEBACKDIhBnCwhWkjYehIfGx50zRIfW
AgLufqhlFOI7t5RPCG9TgeBNeNFxue9Egn6niy0TgWJpygo2+HQ0ka4fVa+xVY3h
gEE8N+/0WxWvy85X7RU3d2hWp7+KWDzL+zbqy61CqJiT1lPD52pW6c6MTcB+Uuwq
wO5gFCLJ80FeT5BVzLQa8278g55J5g1LBpx1sO8eNiseO+8/wJlZJAIjaT+1UpCe
lJczX+i94hpE5ji+YDznjlIQboSn8sTSPKVrrCQiscs8oNDKxJ+1XA1ldWEFG++J
2y3NBzGTipIyBgaEZafuP9xRDhOQuj5mcaY03wGy1IdBjx6Ag+FZBOr5sjk=
-----END CERTIFICATE-----