Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fe191473-02d8-4d24-90fb-35fe52305882.roa
File:                     fe191473-02d8-4d24-90fb-35fe52305882.roa (raw, json)
Hash identifier:          1thedJvQOF/N98t8DZ+XhNCX+hhOt0BhP3nu4h/Ik94=
Subject key identifier:   CE:6B:2B:A2:CC:4C:6B:59:E8:E9:BA:3E:49:A0:13:44:8A:D5:23:AB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       13E2B7BE957660A0E063CC119C78A626DE45C434
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fe191473-02d8-4d24-90fb-35fe52305882.roa
Signing time:             Sat 26 Jul 2025 00:30:55 +0000
ROA not before:           Sat 26 Jul 2025 00:30:55 +0000
ROA not after:            Sat 30 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.32.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:e2:b7:be:95:76:60:a0:e0:63:cc:11:9c:78:a6:26:de:45:c4:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 26 00:30:55 2025 GMT
            Not After : Aug 30 23:59:59 2025 GMT
        Subject: serialNumber=9363937d46c461e8f2363238ac940a657d56c086e2ab04861bb26b160cf29db9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c3:c8:da:f3:d0:2b:3c:72:ab:10:2b:be:9f:
                    84:e7:1a:75:ef:ae:74:56:78:fb:89:33:62:b5:d3:
                    65:3b:c0:31:d5:82:33:68:1a:ef:62:ec:d3:bc:a5:
                    14:a8:c8:a6:b0:4a:08:f9:c4:dd:02:95:52:d3:48:
                    22:22:2a:6f:71:a0:fb:b9:fb:91:2b:b2:93:4b:92:
                    ba:fc:26:90:9c:a7:6b:ca:c4:d0:8e:e6:dd:77:b0:
                    c7:06:4b:32:4b:71:62:09:08:ed:6b:e5:6b:f9:69:
                    fb:b3:30:d6:6b:a2:25:f2:97:6c:6d:74:90:56:8d:
                    b5:fb:69:ff:36:7e:16:9d:e5:52:c0:28:58:08:ab:
                    3f:5d:59:45:cd:22:f7:c0:a7:c7:45:30:9c:63:68:
                    b5:52:17:bb:83:82:47:14:21:7e:d7:77:f7:f2:7f:
                    6f:b1:56:e9:cf:1d:31:2d:f7:4f:4e:85:7f:04:df:
                    b2:29:00:48:9b:2a:ad:05:f7:c2:c6:be:6d:75:38:
                    f8:92:fb:88:05:17:4d:50:84:fe:6f:b7:73:b7:60:
                    1a:12:f5:33:05:c6:ed:e1:87:c4:8f:36:ec:5c:4e:
                    1f:06:c8:53:34:32:52:91:59:7f:2f:9d:1e:9f:9e:
                    64:fa:65:3e:63:47:5e:6e:34:cd:c5:76:0c:50:2a:
                    8e:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:6B:2B:A2:CC:4C:6B:59:E8:E9:BA:3E:49:A0:13:44:8A:D5:23:AB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fe191473-02d8-4d24-90fb-35fe52305882.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         37:b5:5a:b7:d8:29:78:62:40:f3:b1:96:84:4e:ed:fc:e2:3a:
         b6:3f:94:62:0c:e1:c2:74:05:49:52:b3:1d:23:7d:aa:4b:59:
         c7:1b:dd:2b:ff:6b:0c:9a:84:fe:4b:79:6f:f2:7f:a2:b5:ad:
         bd:58:21:6f:c7:ad:8d:98:07:65:41:80:b1:00:6c:7c:71:61:
         2b:49:94:df:cd:35:13:54:e4:8f:29:60:40:4b:23:a7:ed:e7:
         4c:b9:00:57:73:84:dd:47:df:8b:47:0c:cc:aa:03:8a:8a:43:
         b4:e0:64:06:d2:34:f3:c7:55:8d:8e:70:ad:c4:ba:8a:8d:40:
         4c:ab:04:3b:af:c1:c9:68:b4:93:60:38:63:c8:13:c4:ac:01:
         0c:88:e3:b8:26:6d:6e:08:e6:61:a3:06:e1:2f:07:d3:61:61:
         2a:33:65:36:c8:aa:1f:cc:79:6d:8b:9f:f0:60:79:77:ea:c0:
         1c:82:91:ee:72:7c:ed:fc:ad:34:6f:d3:1c:11:00:7e:12:0f:
         45:42:99:8d:72:39:d7:b1:e1:e3:d8:d4:b0:7c:97:d3:90:ef:
         50:a1:ab:33:37:bf:f7:8f:d4:dd:d9:c7:67:b6:8d:3e:4d:4f:
         7c:cf:2b:59:07:13:0e:0c:31:97:59:ce:19:9d:3d:f0:cd:66:
         dc:58:cf:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE+K3vpV2YKDgY8wRnHimJt5FxDQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI2MDAzMDU1WhcNMjUwODMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MzYzOTM3ZDQ2YzQ2MWU4ZjIzNjMyMzhhYzk0MGE2NTdk
NTZjMDg2ZTJhYjA0ODYxYmIyNmIxNjBjZjI5ZGI5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkw8ja89ArPHKrECu+n4TnGnXvrnRWePuJM2K102U7wDHV
gjNoGu9i7NO8pRSoyKawSgj5xN0ClVLTSCIiKm9xoPu5+5ErspNLkrr8JpCcp2vK
xNCO5t13sMcGSzJLcWIJCO1r5Wv5afuzMNZroiXyl2xtdJBWjbX7af82fhad5VLA
KFgIqz9dWUXNIvfAp8dFMJxjaLVSF7uDgkcUIX7Xd/fyf2+xVunPHTEt909OhX8E
37IpAEibKq0F98LGvm11OPiS+4gFF01QhP5vt3O3YBoS9TMFxu3hh8SPNuxcTh8G
yFM0MlKRWX8vnR6fnmT6ZT5jR15uNM3FdgxQKo6XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzmsrosxMa1no6bo+SaATRIrVI6swHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZlMTkxNDczLTAyZDgtNGQyNC05MGZiLTM1ZmU1MjMwNTg4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3CAwDQYJKoZIhvcNAQELBQADggEBADe1WrfYKXhiQPOxloRO7fziOrY/
lGIM4cJ0BUlSsx0jfapLWccb3Sv/awyahP5LeW/yf6K1rb1YIW/HrY2YB2VBgLEA
bHxxYStJlN/NNRNU5I8pYEBLI6ft50y5AFdzhN1H34tHDMyqA4qKQ7TgZAbSNPPH
VY2OcK3EuoqNQEyrBDuvwclotJNgOGPIE8SsAQyI47gmbW4I5mGjBuEvB9NhYSoz
ZTbIqh/MeW2Ln/BgeXfqwByCke5yfO38rTRv0xwRAH4SD0VCmY1yOdex4ePY1LB8
l9OQ71ChqzM3v/eP1N3Zx2e2jT5NT3zPK1kHEw4MMZdZzhmdPfDNZtxYz3k=
-----END CERTIFICATE-----