Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f9a5fdd9-16e0-4857-ac0d-d63c9a98eac4.roa
File:                     f9a5fdd9-16e0-4857-ac0d-d63c9a98eac4.roa (raw, json)
Hash identifier:          Rw0RgmoHdOJGq1ZA7N55g0T5HWyuIqI48amSHcT4IA8=
Subject key identifier:   7E:D8:DF:33:32:39:A6:3A:52:B1:4B:67:A3:FF:7F:B1:56:D2:40:73
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0328A4F60A7213F922A0123DDE470D570C7A137F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f9a5fdd9-16e0-4857-ac0d-d63c9a98eac4.roa
Signing time:             Fri 31 Oct 2025 20:36:52 +0000
ROA not before:           Fri 31 Oct 2025 20:36:52 +0000
ROA not after:            Fri 05 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.197.28.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:28:a4:f6:0a:72:13:f9:22:a0:12:3d:de:47:0d:57:0c:7a:13:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 31 20:36:52 2025 GMT
            Not After : Dec  5 23:59:59 2025 GMT
        Subject: serialNumber=cbcb452e11a08d50894b70ca2063e173f1114fdbdeadb413ce1e119d165f6c13, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:8d:12:32:59:0c:49:5e:ff:c2:ab:f0:a7:f0:
                    a0:95:7f:93:d9:f7:af:a2:c1:de:06:6a:26:c6:60:
                    5d:49:30:75:ad:02:10:8d:1a:03:fb:aa:7c:41:b9:
                    d8:e8:58:47:8b:61:07:74:29:b1:61:8d:18:fc:07:
                    26:52:5f:ba:b7:3f:ac:68:0d:29:cf:26:23:bf:e1:
                    3c:66:15:c2:ae:4d:73:fb:2a:fb:65:56:0d:7a:86:
                    36:ca:54:bf:a8:cb:7b:40:18:7f:98:9a:41:95:f3:
                    8c:e1:a5:60:f7:37:0c:eb:71:a6:e2:0b:88:5b:01:
                    4c:ea:02:1c:57:dc:d3:30:ce:5c:c2:67:20:b6:e9:
                    19:9f:60:42:81:2f:16:82:3a:da:c4:3e:44:a7:33:
                    6a:e8:48:b6:38:f0:38:98:1e:bc:99:e1:d1:d7:60:
                    05:bd:c6:8b:e4:ba:28:e1:8e:68:3e:13:12:5d:80:
                    d2:3b:c6:8e:db:25:93:f3:f0:02:6c:1f:e4:45:7c:
                    49:fc:8e:00:1c:07:90:e5:aa:70:ed:0b:41:94:7d:
                    35:c1:8d:eb:c1:bb:cd:d2:78:85:b3:b1:b3:42:26:
                    7d:e4:68:da:b1:85:f6:22:3b:9a:ac:62:b7:b7:38:
                    48:21:78:f2:aa:fc:c3:f2:48:f4:e7:47:d2:a9:fd:
                    82:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:D8:DF:33:32:39:A6:3A:52:B1:4B:67:A3:FF:7F:B1:56:D2:40:73
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f9a5fdd9-16e0-4857-ac0d-d63c9a98eac4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.197.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:5d:03:83:7d:20:ca:38:08:66:45:27:60:57:c1:4f:bb:b3:
         88:59:10:2b:b9:85:00:9d:ef:6e:9e:9e:97:27:a3:19:1e:2a:
         45:c6:0c:af:ce:84:d1:b3:8d:cd:44:61:22:1b:4d:78:9a:8b:
         d1:e4:ce:fd:aa:ee:ce:eb:f1:48:ff:63:78:b7:0f:08:ec:a6:
         bb:de:51:39:29:99:ac:c7:0c:50:1a:5d:96:92:72:19:16:ef:
         ef:23:bc:0b:ed:d4:b5:a2:23:48:92:af:c6:fb:58:10:0a:5e:
         f4:31:aa:0e:63:15:83:82:0e:38:22:ce:2a:b5:48:ec:3a:72:
         55:49:8d:2b:78:2f:a6:52:54:d3:ac:56:99:cb:52:a8:47:4f:
         72:5a:e4:5e:0b:95:5d:82:80:a8:3e:0b:c7:0e:b7:2c:29:c0:
         cc:bd:55:9d:d2:35:d4:da:58:62:ea:ec:27:57:55:a3:f6:40:
         6d:7e:85:93:56:35:08:4d:67:59:7a:f7:c6:d3:df:b6:23:c8:
         10:44:47:31:6a:de:39:f6:f5:ee:e8:5d:5c:12:d8:e9:49:8f:
         4a:6d:4a:75:37:23:3e:c2:01:b1:e2:23:0b:5f:7a:38:3d:2b:
         88:e5:34:9a:c0:34:2e:ec:12:73:b2:c5:52:a5:ea:8b:9d:0d:
         fe:86:9c:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAyik9gpyE/kioBI93kcNVwx6E38wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDMxMjAzNjUyWhcNMjUxMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYmNiNDUyZTExYTA4ZDUwODk0YjcwY2EyMDYzZTE3M2Yx
MTE0ZmRiZGVhZGI0MTNjZTFlMTE5ZDE2NWY2YzEzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDojRIyWQxJXv/Cq/Cn8KCVf5PZ96+iwd4GaibGYF1JMHWt
AhCNGgP7qnxBudjoWEeLYQd0KbFhjRj8ByZSX7q3P6xoDSnPJiO/4TxmFcKuTXP7
KvtlVg16hjbKVL+oy3tAGH+YmkGV84zhpWD3NwzrcabiC4hbAUzqAhxX3NMwzlzC
ZyC26RmfYEKBLxaCOtrEPkSnM2roSLY48DiYHryZ4dHXYAW9xovkuijhjmg+ExJd
gNI7xo7bJZPz8AJsH+RFfEn8jgAcB5DlqnDtC0GUfTXBjevBu83SeIWzsbNCJn3k
aNqxhfYiO5qsYre3OEghePKq/MPySPTnR9Kp/YIdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUftjfMzI5pjpSsUtno/9/sVbSQHMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y5YTVmZGQ5LTE2ZTAtNDg1Ny1hYzBkLWQ2M2M5YTk4ZWFjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEPxRwwDQYJKoZIhvcNAQELBQADggEBADtdA4N9IMo4CGZFJ2BXwU+7s4hZ
ECu5hQCd726enpcnoxkeKkXGDK/OhNGzjc1EYSIbTXiai9Hkzv2q7s7r8Uj/Y3i3
DwjsprveUTkpmazHDFAaXZaSchkW7+8jvAvt1LWiI0iSr8b7WBAKXvQxqg5jFYOC
Djgiziq1SOw6clVJjSt4L6ZSVNOsVpnLUqhHT3Ja5F4LlV2CgKg+C8cOtywpwMy9
VZ3SNdTaWGLq7CdXVaP2QG1+hZNWNQhNZ1l698bT37YjyBBERzFq3jn29e7oXVwS
2OlJj0ptSnU3Iz7CAbHiIwtfejg9K4jlNJrANC7sEnOyxVKl6oudDf6GnGs=
-----END CERTIFICATE-----