Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/025bca09-86b7-48bd-a586-a44ce744234f.roa
File:                     025bca09-86b7-48bd-a586-a44ce744234f.roa (raw, json)
Hash identifier:          o+fqP3Lu9dmL7seXSyHEXh7D3/Aa4xBCBQsD0gpjjxE=
Subject key identifier:   42:D0:E4:F0:AD:05:05:36:66:BD:D2:7E:35:39:51:C5:99:AC:98:7D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       041BCB9F4B74115587BF52F3AE06E330879A2200
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/025bca09-86b7-48bd-a586-a44ce744234f.roa
Signing time:             Mon 12 May 2025 15:41:03 +0000
ROA not before:           Mon 12 May 2025 15:41:03 +0000
ROA not after:            Mon 16 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.168.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Jun 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:1b:cb:9f:4b:74:11:55:87:bf:52:f3:ae:06:e3:30:87:9a:22:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 12 15:41:03 2025 GMT
            Not After : Jun 16 23:59:59 2025 GMT
        Subject: serialNumber=34533def8008155b6b4ae7f5b3f353c77944b0e3bba732a475619776069c3d94, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:df:4a:d7:48:e8:2f:02:45:f7:c7:04:7f:61:
                    5e:33:89:cb:71:cf:70:b1:94:49:54:2f:ee:7f:c0:
                    b3:e2:c7:c9:bd:88:0f:cb:85:2d:c3:8b:4d:8f:6d:
                    c5:fb:e7:ed:f3:f3:b6:81:0a:38:5e:c4:a9:c8:6a:
                    33:74:fd:5e:24:d1:bc:5d:36:9b:39:4e:cc:6b:72:
                    09:87:be:22:5e:4f:14:35:9d:6e:4f:67:ba:ca:c0:
                    e5:f6:20:8b:49:8f:71:53:21:c8:f4:a8:fd:a4:38:
                    27:2b:d5:77:d7:ce:ad:04:18:6f:b4:8b:0b:6a:b9:
                    06:67:78:17:d4:9e:4c:ed:30:09:60:39:81:4e:04:
                    15:55:32:d9:00:d0:c1:34:c8:5e:ee:09:97:03:33:
                    5f:90:d8:1f:1b:de:df:23:6e:66:b1:5e:c4:26:6d:
                    7c:1f:3d:d1:d0:de:fc:e1:8f:41:03:46:19:1c:4a:
                    f4:2a:6d:bf:c7:cd:69:a2:ec:80:69:f5:22:2f:53:
                    df:f9:05:f7:32:49:ad:96:a7:79:c5:35:fe:c1:49:
                    d9:30:61:22:47:8a:da:63:70:e5:6c:08:96:f2:eb:
                    a4:a9:d6:2c:f8:d4:7f:04:e3:d2:e6:48:2a:cd:60:
                    73:b1:0c:8b:a0:4d:e2:91:8d:be:0b:30:fa:8f:d5:
                    c8:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:D0:E4:F0:AD:05:05:36:66:BD:D2:7E:35:39:51:C5:99:AC:98:7D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/025bca09-86b7-48bd-a586-a44ce744234f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5a:8f:61:a6:8c:f8:6e:a9:b1:56:02:14:7f:51:72:6d:ab:3a:
         59:e0:6b:bb:f0:8b:86:cb:83:12:d0:3e:16:44:9c:5c:09:fa:
         bf:6e:cc:20:f9:bd:23:5e:76:a2:6a:1f:dd:8e:0a:eb:3e:ae:
         6c:40:cb:44:ef:00:78:11:b8:09:01:89:57:3f:5e:c7:24:a8:
         c9:0f:0b:48:05:1b:88:a8:9e:bb:4e:2a:6c:f1:bc:3c:39:02:
         24:b1:3f:1c:25:8d:52:21:9a:c2:51:ef:4c:68:1b:ad:c0:27:
         bc:42:ab:ad:1c:2b:42:ca:2a:60:7a:d1:32:b2:01:b9:8f:ec:
         a3:de:5c:58:4d:c2:81:cd:ca:9b:8b:e1:1c:1f:35:b5:8e:0a:
         3e:01:99:ab:52:cc:0d:c6:5d:7f:48:25:00:f0:35:0d:31:bd:
         f8:df:ed:b2:46:fd:9a:b9:2a:02:e8:f2:b4:e1:2d:c5:39:7d:
         91:c1:5c:c3:cd:85:1e:2e:5d:3b:30:0c:7d:82:a7:22:fa:69:
         5f:bc:e3:e7:f8:d2:99:05:68:ed:3e:38:23:81:9c:f7:43:0e:
         00:e0:29:60:1c:ad:27:08:80:cb:6e:ef:54:30:91:d0:32:1c:
         ea:9b:9e:d3:9f:4b:e5:d8:cd:19:76:9a:ba:c1:93:3d:ee:50:
         23:2a:3c:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBBvLn0t0EVWHv1LzrgbjMIeaIgAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTEyMTU0MTAzWhcNMjUwNjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDUzM2RlZjgwMDgxNTViNmI0YWU3ZjViM2YzNTNjNzc5
NDRiMGUzYmJhNzMyYTQ3NTYxOTc3NjA2OWMzZDk0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCR30rXSOgvAkX3xwR/YV4zictxz3CxlElUL+5/wLPix8m9
iA/LhS3Di02PbcX75+3z87aBCjhexKnIajN0/V4k0bxdNps5TsxrcgmHviJeTxQ1
nW5PZ7rKwOX2IItJj3FTIcj0qP2kOCcr1XfXzq0EGG+0iwtquQZneBfUnkztMAlg
OYFOBBVVMtkA0ME0yF7uCZcDM1+Q2B8b3t8jbmaxXsQmbXwfPdHQ3vzhj0EDRhkc
SvQqbb/HzWmi7IBp9SIvU9/5BfcySa2Wp3nFNf7BSdkwYSJHitpjcOVsCJby66Sp
1iz41H8E49LmSCrNYHOxDIugTeKRjb4LMPqP1cj3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQtDk8K0FBTZmvdJ+NTlRxZmsmH0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAyNWJjYTA5LTg2YjctNDhiZC1hNTg2LWE0NGNlNzQ0MjM0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3KgwDQYJKoZIhvcNAQELBQADggEBAFqPYaaM+G6psVYCFH9Rcm2rOlng
a7vwi4bLgxLQPhZEnFwJ+r9uzCD5vSNedqJqH92OCus+rmxAy0TvAHgRuAkBiVc/
XsckqMkPC0gFG4ionrtOKmzxvDw5AiSxPxwljVIhmsJR70xoG63AJ7xCq60cK0LK
KmB60TKyAbmP7KPeXFhNwoHNypuL4RwfNbWOCj4BmatSzA3GXX9IJQDwNQ0xvfjf
7bJG/Zq5KgLo8rThLcU5fZHBXMPNhR4uXTswDH2CpyL6aV+84+f40pkFaO0+OCOB
nPdDDgDgKWAcrScIgMtu71QwkdAyHOqbntOfS+XYzRl2mrrBkz3uUCMqPHk=
-----END CERTIFICATE-----
Generated at Mon Jun 2 16:29:14 2025 by rpki-client