Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c8dda3aa-ae8b-41ad-874d-bb9d4adef8eb.roa
File:                     c8dda3aa-ae8b-41ad-874d-bb9d4adef8eb.roa (raw, json)
Hash identifier:          EZ4HF2TqdaxBS65gSBLSkDTTf5IO96YPnPKZfk/B/kE=
Subject key identifier:   AE:4C:65:A3:A4:F6:67:6D:81:56:C4:60:5D:AF:86:6E:8A:35:41:D0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6B70F8637320B914BC72B49D6888613A31B8F0DE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c8dda3aa-ae8b-41ad-874d-bb9d4adef8eb.roa
Signing time:             Fri 19 Sep 2025 00:10:23 +0000
ROA not before:           Fri 19 Sep 2025 00:10:23 +0000
ROA not after:            Fri 24 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.158.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 21 Sep 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:70:f8:63:73:20:b9:14:bc:72:b4:9d:68:88:61:3a:31:b8:f0:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 19 00:10:23 2025 GMT
            Not After : Oct 24 23:59:59 2025 GMT
        Subject: serialNumber=37cde3a2d1fa49c93c63ea2045388c2b33734f65423d0444503f4c9c1bdad001, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:15:f3:cc:01:64:99:db:80:4f:7e:c4:d4:66:
                    2a:28:af:f1:02:c2:b8:c3:ff:81:ba:3e:2c:5d:6f:
                    82:2a:d1:c4:fc:bf:dc:ff:9b:9b:79:6f:69:e0:67:
                    60:49:ca:18:e5:6f:b4:3f:e3:2b:d6:19:c9:b5:48:
                    9e:e5:a0:4e:a2:ed:46:0f:59:2e:1c:b6:01:68:c6:
                    08:33:2f:07:31:94:89:23:fd:70:3f:12:5c:fa:65:
                    0a:fe:57:cf:6e:d2:1f:24:8f:02:5d:de:46:2f:03:
                    43:d2:e4:a6:7a:90:ff:f7:50:a4:71:5b:26:95:0a:
                    4b:87:83:e3:2e:db:b1:1a:c6:7f:80:f6:e5:87:da:
                    39:27:71:57:14:20:82:55:1f:c0:dc:cc:02:f5:4b:
                    72:a7:c5:2a:f3:99:a6:aa:37:1a:25:41:90:de:9d:
                    e4:96:f2:fd:d1:20:ec:46:e8:9c:35:f0:e3:0f:d3:
                    0b:3c:7b:59:c9:bd:fb:75:19:7d:d4:7a:be:c8:33:
                    2b:53:3e:49:32:5d:4e:19:0a:94:d6:66:0f:24:8e:
                    0d:b4:30:f8:31:09:23:61:78:e5:ed:19:51:2a:fc:
                    7b:06:fc:d7:48:be:22:2a:f2:f1:d2:bd:52:1f:ea:
                    6b:33:1e:a0:c3:f9:2c:30:88:6f:99:be:e1:c9:ce:
                    b3:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:4C:65:A3:A4:F6:67:6D:81:56:C4:60:5D:AF:86:6E:8A:35:41:D0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c8dda3aa-ae8b-41ad-874d-bb9d4adef8eb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.158.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:4b:f5:0a:e8:a8:f0:63:e5:25:93:57:88:b2:42:dd:8d:b8:
         21:58:53:47:14:2b:4f:61:a2:65:0f:52:e2:43:36:ed:d5:21:
         93:46:17:03:68:5c:27:8e:e9:82:66:e9:f1:15:e6:b9:25:4b:
         c7:98:9d:bd:a2:60:cf:7f:87:87:0b:a7:cf:be:fc:4e:c8:40:
         b0:be:77:7a:83:75:4d:35:1f:06:5b:47:1e:d9:fc:78:dc:d2:
         56:d7:98:9a:8b:ec:5b:40:b3:99:ff:94:ba:ac:b3:81:f1:bc:
         ac:ca:a7:c6:58:f6:8c:bf:44:83:ab:d5:26:60:7c:2d:0a:c3:
         a3:f0:77:6f:3c:c3:14:07:22:3c:48:cf:01:18:2c:22:cd:71:
         f1:eb:40:d9:16:d0:b9:0a:70:73:2d:5e:17:f7:45:ac:a4:f0:
         84:bd:17:15:a5:7d:4e:2f:e3:6c:1f:b0:f9:11:c3:70:ac:55:
         a9:87:08:70:05:b9:32:e2:a1:0a:dc:c3:a7:17:d8:ee:74:08:
         41:28:af:10:21:6e:d8:8f:6e:68:55:e9:51:f8:a7:d8:0e:19:
         09:95:ad:4e:c5:f4:b0:a2:ca:91:e8:89:aa:16:9c:f2:cc:a1:
         67:6f:53:ef:bc:95:9c:20:ac:b0:ab:f0:e7:83:89:cb:18:c4:
         e9:76:f5:98
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa3D4Y3MguRS8crSdaIhhOjG48N4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTE5MDAxMDIzWhcNMjUxMDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2NkZTNhMmQxZmE0OWM5M2M2M2VhMjA0NTM4OGMyYjMz
NzM0ZjY1NDIzZDA0NDQ1MDNmNGM5YzFiZGFkMDAxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvFfPMAWSZ24BPfsTUZioor/ECwrjD/4G6Pixdb4Iq0cT8
v9z/m5t5b2ngZ2BJyhjlb7Q/4yvWGcm1SJ7loE6i7UYPWS4ctgFoxggzLwcxlIkj
/XA/Elz6ZQr+V89u0h8kjwJd3kYvA0PS5KZ6kP/3UKRxWyaVCkuHg+Mu27Eaxn+A
9uWH2jkncVcUIIJVH8DczAL1S3KnxSrzmaaqNxolQZDeneSW8v3RIOxG6Jw18OMP
0ws8e1nJvft1GX3Uer7IMytTPkkyXU4ZCpTWZg8kjg20MPgxCSNheOXtGVEq/HsG
/NdIviIq8vHSvVIf6mszHqDD+SwwiG+ZvuHJzrNVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrkxlo6T2Z22BVsRgXa+Gboo1QdAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2M4ZGRhM2FhLWFlOGItNDFhZC04NzRkLWJiOWQ0YWRlZjhlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPnl8wDQYJKoZIhvcNAQELBQADggEBABdL9QroqPBj5SWTV4iyQt2NuCFY
U0cUK09homUPUuJDNu3VIZNGFwNoXCeO6YJm6fEV5rklS8eYnb2iYM9/h4cLp8++
/E7IQLC+d3qDdU01HwZbRx7Z/Hjc0lbXmJqL7FtAs5n/lLqss4HxvKzKp8ZY9oy/
RIOr1SZgfC0Kw6Pwd288wxQHIjxIzwEYLCLNcfHrQNkW0LkKcHMtXhf3Rayk8IS9
FxWlfU4v42wfsPkRw3CsVamHCHAFuTLioQrcw6cX2O50CEEorxAhbtiPbmhV6VH4
p9gOGQmVrU7F9LCiypHoiaoWnPLMoWdvU++8lZwgrLCr8OeDicsYxOl29Zg=
-----END CERTIFICATE-----