Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/025bca09-86b7-48bd-a586-a44ce744234f.roa
File:                     025bca09-86b7-48bd-a586-a44ce744234f.roa (raw, json)
Hash identifier:          93NuaWbHQ//kPTtaG5DEmfnebYCNNvcgVVCkWt5b10E=
Subject key identifier:   05:A8:4C:DA:2A:77:28:8C:2C:1A:CC:FF:B8:C7:22:E6:07:3B:34:28
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0AE47A014581B1EC3C567D4BBB28C29CBF3EEC0D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/025bca09-86b7-48bd-a586-a44ce744234f.roa
Signing time:             Tue 01 Jul 2025 00:31:06 +0000
ROA not before:           Tue 01 Jul 2025 00:31:06 +0000
ROA not after:            Tue 05 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.168.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 05 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:e4:7a:01:45:81:b1:ec:3c:56:7d:4b:bb:28:c2:9c:bf:3e:ec:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul  1 00:31:06 2025 GMT
            Not After : Aug  5 23:59:59 2025 GMT
        Subject: serialNumber=e6e841d657a9c9a406604e8ab732119fce7eeac09f2fbdf4ac4dc5e3258d7ea7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:96:17:96:40:bc:2d:ea:64:1b:f0:01:4f:63:
                    60:c4:c7:a5:10:1d:a4:56:9a:1c:a1:68:20:20:52:
                    f2:e8:d2:3a:c5:eb:72:f0:e5:ac:c8:18:4d:ce:a5:
                    29:db:0d:a6:16:f5:f5:5e:c3:32:16:76:f0:95:66:
                    ff:f2:19:2a:c3:56:21:47:ea:19:6d:8e:34:15:ad:
                    67:d9:b4:59:db:49:58:5c:98:48:f7:c5:8c:5f:d9:
                    da:3b:96:08:c2:95:81:d6:25:23:c6:62:07:6f:c0:
                    b9:23:b0:79:8e:f6:1b:ba:8d:59:d3:bd:4d:51:c5:
                    74:8a:84:9b:e3:2e:9d:f4:10:92:a0:70:ef:e7:d9:
                    54:fd:c5:19:c3:b9:39:fe:56:a7:3a:ff:d2:c5:f5:
                    3e:64:a9:d9:0f:84:1e:4a:2a:f2:44:7e:06:25:4c:
                    26:4a:33:c8:fc:de:6e:c2:da:59:81:7e:80:a4:8e:
                    75:bb:18:74:0a:ba:7b:6d:2f:11:f0:69:ca:b4:ca:
                    9f:7f:42:70:f8:1c:6b:24:fc:4e:fd:f1:ba:95:2b:
                    11:a1:22:fb:ba:2a:5e:4a:d0:02:59:40:e4:6e:0c:
                    49:20:a2:b1:e9:48:51:5e:73:ea:0c:b2:0d:18:4e:
                    19:1d:ff:7b:27:d0:03:91:a8:a4:cf:53:02:36:b0:
                    fb:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A8:4C:DA:2A:77:28:8C:2C:1A:CC:FF:B8:C7:22:E6:07:3B:34:28
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/025bca09-86b7-48bd-a586-a44ce744234f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7a:95:18:ce:a8:95:97:72:58:2f:d1:4c:19:53:9d:f3:11:07:
         59:16:fc:d0:6f:34:9b:73:aa:1a:88:03:ce:c8:72:2e:40:cb:
         d7:82:2e:bb:01:3d:e6:2a:9c:af:71:80:16:fc:4c:0d:40:0d:
         79:95:e4:09:6f:23:08:ec:e3:48:8f:d1:f5:6d:df:7c:50:4d:
         08:1c:18:5f:b4:06:77:19:74:8c:e1:6d:b9:46:c1:be:30:6a:
         a9:ed:d6:98:9b:9b:1d:c3:3f:20:a8:c7:80:85:d8:66:65:85:
         c7:08:2d:36:ff:a3:3e:2f:e2:1e:2d:4a:20:ad:0d:3d:c4:e8:
         ea:d3:e5:bc:1c:f3:b5:eb:10:12:82:56:97:43:63:a6:27:af:
         01:81:d8:29:fb:a6:ba:4b:74:aa:e2:c4:29:40:48:2b:c5:63:
         10:da:b1:7b:d0:31:ab:d1:e2:a3:fd:e7:a2:4b:d8:b9:bd:52:
         5e:ff:5d:02:70:ff:44:ae:d7:a7:57:a6:65:34:74:a9:3c:bc:
         31:63:9f:39:83:2b:27:03:0b:5a:40:e6:b0:9a:8e:26:39:d7:
         77:8b:6c:5f:0f:db:f2:95:16:0a:17:47:7f:66:cb:de:91:94:
         d1:05:55:8f:57:85:63:00:e1:9e:c8:68:ca:27:94:01:87:b4:
         f3:66:64:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCuR6AUWBsew8Vn1LuyjCnL8+7A0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzAxMDAzMTA2WhcNMjUwODA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNmU4NDFkNjU3YTljOWE0MDY2MDRlOGFiNzMyMTE5ZmNl
N2VlYWMwOWYyZmJkZjRhYzRkYzVlMzI1OGQ3ZWE3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWlheWQLwt6mQb8AFPY2DEx6UQHaRWmhyhaCAgUvLo0jrF
63Lw5azIGE3OpSnbDaYW9fVewzIWdvCVZv/yGSrDViFH6hltjjQVrWfZtFnbSVhc
mEj3xYxf2do7lgjClYHWJSPGYgdvwLkjsHmO9hu6jVnTvU1RxXSKhJvjLp30EJKg
cO/n2VT9xRnDuTn+Vqc6/9LF9T5kqdkPhB5KKvJEfgYlTCZKM8j83m7C2lmBfoCk
jnW7GHQKunttLxHwacq0yp9/QnD4HGsk/E798bqVKxGhIvu6Kl5K0AJZQORuDEkg
orHpSFFec+oMsg0YThkd/3sn0AORqKTPUwI2sPvVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBahM2ip3KIwsGsz/uMci5gc7NCgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAyNWJjYTA5LTg2YjctNDhiZC1hNTg2LWE0NGNlNzQ0MjM0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3KgwDQYJKoZIhvcNAQELBQADggEBAHqVGM6olZdyWC/RTBlTnfMRB1kW
/NBvNJtzqhqIA87Ici5Ay9eCLrsBPeYqnK9xgBb8TA1ADXmV5AlvIwjs40iP0fVt
33xQTQgcGF+0BncZdIzhbblGwb4waqnt1pibmx3DPyCox4CF2GZlhccILTb/oz4v
4h4tSiCtDT3E6OrT5bwc87XrEBKCVpdDY6YnrwGB2Cn7prpLdKrixClASCvFYxDa
sXvQMavR4qP956JL2Lm9Ul7/XQJw/0Su16dXpmU0dKk8vDFjnzmDKycDC1pA5rCa
jiY513eLbF8P2/KVFgoXR39my96RlNEFVY9XhWMA4Z7IaMonlAGHtPNmZKE=
-----END CERTIFICATE-----
Generated at Fri Jul 4 01:40:59 2025 by rpki-client