Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5a885b28-9bb7-4be5-a945-f90048046452.roa
File:                     5a885b28-9bb7-4be5-a945-f90048046452.roa (raw, json)
Hash identifier:          rhsa+ulyEM3Fd2MGdFbbymORN1rmyeKZ8ZdW/RnQ+Io=
Subject key identifier:   FD:EE:FC:0D:97:5B:76:9D:67:44:DD:73:21:2F:98:A8:F9:C9:16:76
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       10E22FFE221D64731017FDD3D7F5C70576780B3D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5a885b28-9bb7-4be5-a945-f90048046452.roa
Signing time:             Mon 15 Sep 2025 16:10:25 +0000
ROA not before:           Mon 15 Sep 2025 16:10:25 +0000
ROA not after:            Mon 20 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.220.176.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 11 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:e2:2f:fe:22:1d:64:73:10:17:fd:d3:d7:f5:c7:05:76:78:0b:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 15 16:10:25 2025 GMT
            Not After : Oct 20 23:59:59 2025 GMT
        Subject: serialNumber=9134d01d6621189f2cabccd164eadf2fd01e17735d4112f728b01fa7b56a78bc, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c3:a1:64:e9:55:6f:4b:13:e2:63:b8:d8:31:
                    ae:d5:35:63:63:0a:df:1f:26:7c:cf:e6:d2:2c:11:
                    f5:2d:7d:9b:0f:16:d2:40:63:7d:17:40:4d:bf:4b:
                    7b:1f:de:d3:f0:29:5c:6b:d3:68:0e:22:fd:fd:c5:
                    7f:4f:c6:db:bc:ad:11:47:0c:66:5e:1b:0b:96:3d:
                    e3:75:43:2c:b6:78:df:ae:d8:b7:78:b5:b3:e6:c7:
                    72:23:14:d4:69:1f:c7:00:94:47:d6:6a:c2:8a:2b:
                    ca:a9:3f:14:20:76:4e:e6:50:aa:b6:af:d7:ca:1e:
                    c0:ef:02:a7:ae:35:14:f9:0f:67:82:fa:f9:87:c3:
                    71:e4:e2:ef:b6:a2:42:ee:27:e6:fb:f9:f4:40:9d:
                    ec:1c:63:3e:bd:35:b0:69:17:1d:41:58:b5:3d:0a:
                    ee:1f:b1:3d:54:ba:9d:4f:71:40:a4:16:80:8c:df:
                    b1:c2:52:1f:a2:80:a1:fc:ba:25:5e:d5:b2:5b:7a:
                    65:8a:93:eb:71:b2:db:62:57:c1:7f:9b:e6:a0:ad:
                    d7:27:2e:03:e8:1a:98:a9:da:c5:b4:8f:9e:bb:3e:
                    4e:4e:de:93:46:6d:11:d1:c4:f2:6c:a3:82:be:81:
                    ac:2b:f8:b7:4a:9a:97:e6:7d:52:d2:09:68:aa:13:
                    94:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:EE:FC:0D:97:5B:76:9D:67:44:DD:73:21:2F:98:A8:F9:C9:16:76
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5a885b28-9bb7-4be5-a945-f90048046452.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2e:9e:ff:ee:3e:73:df:d3:1f:d9:ae:b2:88:0f:de:3c:89:6c:
         83:aa:de:f4:0c:53:69:38:bb:e2:75:d7:a7:63:d3:0d:85:28:
         c9:ce:78:cf:02:f2:b3:1e:c9:06:9d:57:0d:e5:41:b3:29:79:
         5d:d8:16:31:23:24:24:11:6c:34:19:97:b3:f5:5b:83:50:4a:
         bb:6b:e9:7c:47:b4:9d:b1:79:f0:33:12:da:24:dc:8f:9f:31:
         8f:34:e7:1e:3d:2f:1f:d0:36:7b:a1:0e:d1:20:05:24:b8:cd:
         a6:92:2c:dc:20:a3:91:18:5b:b8:2b:da:9f:f0:15:af:69:7c:
         4f:ec:f8:48:e1:31:b1:2c:fa:dc:90:f8:bd:47:73:1d:ad:73:
         20:7e:48:67:23:73:a3:90:64:67:bc:e6:a1:6d:83:d0:b6:ef:
         95:55:af:41:e7:9f:b2:48:ac:1b:b0:59:bd:8b:8f:31:73:cd:
         55:8d:48:59:1a:94:cc:d2:d2:38:62:8b:d8:fd:fc:8b:fc:47:
         7c:63:fc:22:dd:30:89:d8:c3:7b:8d:d4:52:65:74:92:67:36:
         b4:af:d5:9a:83:97:4b:6a:76:c9:89:37:0a:6b:65:6e:a8:55:
         4f:9d:1a:85:1e:fd:44:25:00:02:19:52:d8:32:2d:23:cc:1d:
         d8:b8:1b:3a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEOIv/iIdZHMQF/3T1/XHBXZ4Cz0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTE1MTYxMDI1WhcNMjUxMDIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MTM0ZDAxZDY2MjExODlmMmNhYmNjZDE2NGVhZGYyZmQw
MWUxNzczNWQ0MTEyZjcyOGIwMWZhN2I1NmE3OGJjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5w6Fk6VVvSxPiY7jYMa7VNWNjCt8fJnzP5tIsEfUtfZsP
FtJAY30XQE2/S3sf3tPwKVxr02gOIv39xX9Pxtu8rRFHDGZeGwuWPeN1Qyy2eN+u
2Ld4tbPmx3IjFNRpH8cAlEfWasKKK8qpPxQgdk7mUKq2r9fKHsDvAqeuNRT5D2eC
+vmHw3Hk4u+2okLuJ+b7+fRAnewcYz69NbBpFx1BWLU9Cu4fsT1Uup1PcUCkFoCM
37HCUh+igKH8uiVe1bJbemWKk+txsttiV8F/m+agrdcnLgPoGpip2sW0j567Pk5O
3pNGbRHRxPJso4K+gawr+LdKmpfmfVLSCWiqE5QPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/e78DZdbdp1nRN1zIS+YqPnJFnYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVhODg1YjI4LTliYjctNGJlNS1hOTQ1LWY5MDA0ODA0NjQ1Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3LAwDQYJKoZIhvcNAQELBQADggEBAC6e/+4+c9/TH9musogP3jyJbIOq
3vQMU2k4u+J116dj0w2FKMnOeM8C8rMeyQadVw3lQbMpeV3YFjEjJCQRbDQZl7P1
W4NQSrtr6XxHtJ2xefAzEtok3I+fMY805x49Lx/QNnuhDtEgBSS4zaaSLNwgo5EY
W7gr2p/wFa9pfE/s+EjhMbEs+tyQ+L1Hcx2tcyB+SGcjc6OQZGe85qFtg9C275VV
r0Hnn7JIrBuwWb2LjzFzzVWNSFkalMzS0jhii9j9/Iv8R3xj/CLdMInYw3uN1FJl
dJJnNrSv1ZqDl0tqdsmJNwprZW6oVU+dGoUe/UQlAAIZUtgyLSPMHdi4Gzo=
-----END CERTIFICATE-----