Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5c29d1b0-9b78-41a3-a325-9ab524789915.roa
File:                     5c29d1b0-9b78-41a3-a325-9ab524789915.roa (raw, json)
Hash identifier:          oOwtGa8D9RLa3cCDdVcEpyvoEakNxrGQmWoNwiUihng=
Subject key identifier:   79:C5:5C:88:82:F2:00:F4:2B:41:B3:D1:75:2E:65:A5:BC:67:7C:DF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4F67DFDF85D569F932D8B34BB6F13263DF0822D2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5c29d1b0-9b78-41a3-a325-9ab524789915.roa
Signing time:             Thu 18 Sep 2025 23:57:49 +0000
ROA not before:           Thu 18 Sep 2025 23:57:49 +0000
ROA not after:            Thu 23 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.158.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 21 Sep 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:67:df:df:85:d5:69:f9:32:d8:b3:4b:b6:f1:32:63:df:08:22:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 18 23:57:49 2025 GMT
            Not After : Oct 23 23:59:59 2025 GMT
        Subject: serialNumber=57975bcab63b61c2fe2dd4354bcf438d8b39d762edd232eab265e7179ad5ed0b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b1:e5:99:93:41:bf:e6:da:33:6c:b1:b1:e7:
                    87:a9:f6:07:ca:4a:8d:58:50:ae:9d:5b:1a:eb:81:
                    eb:b7:fe:b1:66:1f:4f:43:53:b5:2e:d7:b4:ff:d7:
                    74:5a:c6:84:bf:0e:5b:32:c1:8b:e3:46:cf:20:62:
                    3d:59:af:a0:a5:68:26:f2:e7:07:d2:45:b7:81:3e:
                    88:72:03:44:c3:08:c2:e7:30:84:23:a6:52:af:f2:
                    0a:e0:96:14:d1:0e:df:26:53:d0:04:0b:70:43:25:
                    36:4e:5c:13:ed:9e:5d:56:b3:bb:86:b3:58:ed:48:
                    eb:d6:12:0c:7b:f4:12:a4:ac:c8:e1:f3:03:1f:92:
                    61:12:94:e9:51:a3:86:64:43:e6:62:3e:74:3e:10:
                    04:81:80:18:d4:84:29:30:1e:e8:02:d6:aa:5e:80:
                    70:72:bf:70:e6:9d:5e:c7:0d:89:ec:47:75:f7:1a:
                    fe:ef:1e:f7:20:79:94:29:4e:16:4f:32:18:dc:d6:
                    fb:9c:51:f6:b3:66:16:aa:c8:d9:cc:40:2d:8c:d2:
                    1f:9b:24:39:2b:e8:bb:88:77:e5:98:c8:e8:ca:23:
                    fd:ed:59:73:37:31:94:f0:54:5c:c8:ba:6f:28:dc:
                    7b:3b:e1:19:b2:d4:51:af:d5:51:32:7d:d0:78:0a:
                    99:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:C5:5C:88:82:F2:00:F4:2B:41:B3:D1:75:2E:65:A5:BC:67:7C:DF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5c29d1b0-9b78-41a3-a325-9ab524789915.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.158.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:eb:88:ee:70:cf:3c:e1:32:6f:08:7f:a2:d1:f3:b0:4e:bf:
         b7:31:2a:d1:b7:03:52:01:83:d9:7a:21:2c:fb:6e:ee:ce:40:
         41:a0:bc:cb:46:18:f6:a5:73:0b:ac:1f:11:a8:e0:76:7e:ea:
         88:39:f2:70:25:da:1c:db:5b:d9:0f:26:b9:6d:60:5b:99:fc:
         0b:6b:70:bf:a5:f2:45:43:30:83:2a:4f:ae:e1:83:01:fc:93:
         cd:92:a3:1b:94:fe:82:bd:64:f3:d1:6b:5f:dd:c3:51:2b:cc:
         f1:cb:c8:8f:de:1d:f5:21:9d:a1:5b:95:7d:74:d3:ae:32:71:
         07:a0:0b:7a:cf:85:7f:cc:ed:0b:b4:0b:b8:7c:e4:2e:33:2c:
         ef:1e:1d:46:6d:8c:6f:ca:ca:79:44:38:d3:69:ab:f0:b3:28:
         de:a4:5a:75:09:f3:33:4a:f4:06:cd:75:d1:68:35:bb:05:91:
         d8:ca:d8:27:ff:01:9f:9a:ac:8b:ea:61:5b:fe:a3:d7:ac:f5:
         09:18:b2:f6:8a:10:01:37:dc:f8:c0:62:aa:c7:b0:00:62:be:
         48:71:e9:a1:bb:f7:b4:23:76:2d:5a:ae:3d:c4:a4:7d:18:d9:
         9b:b9:c9:a0:c8:d3:8b:b7:c1:bc:a7:1b:f2:08:5c:27:d1:cd:
         c8:87:f9:57
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT2ff34XVafky2LNLtvEyY98IItIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTE4MjM1NzQ5WhcNMjUxMDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1Nzk3NWJjYWI2M2I2MWMyZmUyZGQ0MzU0YmNmNDM4ZDhi
MzlkNzYyZWRkMjMyZWFiMjY1ZTcxNzlhZDVlZDBiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkseWZk0G/5tozbLGx54ep9gfKSo1YUK6dWxrrgeu3/rFm
H09DU7Uu17T/13RaxoS/DlsywYvjRs8gYj1Zr6ClaCby5wfSRbeBPohyA0TDCMLn
MIQjplKv8grglhTRDt8mU9AEC3BDJTZOXBPtnl1Ws7uGs1jtSOvWEgx79BKkrMjh
8wMfkmESlOlRo4ZkQ+ZiPnQ+EASBgBjUhCkwHugC1qpegHByv3DmnV7HDYnsR3X3
Gv7vHvcgeZQpThZPMhjc1vucUfazZhaqyNnMQC2M0h+bJDkr6LuId+WYyOjKI/3t
WXM3MZTwVFzIum8o3Hs74Rmy1FGv1VEyfdB4CplfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUecVciILyAPQrQbPRdS5lpbxnfN8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVjMjlkMWIwLTliNzgtNDFhMy1hMzI1LTlhYjUyNDc4OTkxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPnuIwDQYJKoZIhvcNAQELBQADggEBAJfriO5wzzzhMm8If6LR87BOv7cx
KtG3A1IBg9l6ISz7bu7OQEGgvMtGGPalcwusHxGo4HZ+6og58nAl2hzbW9kPJrlt
YFuZ/AtrcL+l8kVDMIMqT67hgwH8k82SoxuU/oK9ZPPRa1/dw1ErzPHLyI/eHfUh
naFblX10064ycQegC3rPhX/M7Qu0C7h85C4zLO8eHUZtjG/KynlEONNpq/CzKN6k
WnUJ8zNK9AbNddFoNbsFkdjK2Cf/AZ+arIvqYVv+o9es9QkYsvaKEAE33PjAYqrH
sABivkhx6aG797Qjdi1arj3EpH0Y2Zu5yaDI04u3wbynG/IIXCfRzciH+Vc=
-----END CERTIFICATE-----