Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/03efc2c4-f35c-4ff9-aefe-135c62760950.roa
File:                     03efc2c4-f35c-4ff9-aefe-135c62760950.roa (raw, json)
Hash identifier:          rzoiRzInRZGfRWU1/vCUWU8dlF1ZrK++3RcFe5m/+qU=
Subject key identifier:   B0:F7:FC:A7:D7:43:C4:14:2F:1C:93:BC:A3:E4:99:D2:4F:2A:25:A9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       545BFBD9472A5FD336A71BDDBF46C7BEC808CD97
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/03efc2c4-f35c-4ff9-aefe-135c62760950.roa
Signing time:             Fri 25 Apr 2025 15:41:20 +0000
ROA not before:           Fri 25 Apr 2025 15:41:20 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 10 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:5b:fb:d9:47:2a:5f:d3:36:a7:1b:dd:bf:46:c7:be:c8:08:cd:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 15:41:20 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=b157f74a650ea4f1d4ae7ec69401172c3742ac2f98f2c16065f1a9430cc41be1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ff:d6:5d:1c:c0:c5:f9:8e:d5:6e:ba:ef:cb:
                    b6:2a:f3:68:31:b1:ac:96:cb:35:58:b3:33:6f:28:
                    65:1c:74:d3:7f:f7:3d:78:44:dc:17:cf:9c:c3:ef:
                    b7:fd:c6:54:69:e1:15:06:80:f3:2e:cc:20:db:9a:
                    50:e5:c6:3a:e3:98:c9:e1:82:5b:ca:6e:8f:b3:15:
                    d5:68:cc:51:70:47:9a:30:49:37:f9:0a:82:e9:d6:
                    1b:8d:e1:e9:fd:ad:47:0d:97:1b:f5:f3:31:2c:d2:
                    e6:aa:a2:f8:24:8e:d0:17:b1:97:d2:f3:56:a4:c4:
                    a0:57:ce:6d:72:c3:09:04:d1:8e:0c:b6:4b:44:fe:
                    54:18:c8:89:64:0b:34:3a:65:e5:e9:02:34:20:8e:
                    b5:8b:b6:34:20:49:c6:f5:b0:3a:80:01:28:cd:da:
                    5b:2a:c3:08:5e:5e:6f:91:28:6b:f6:16:0c:04:33:
                    d6:93:40:94:ae:ac:39:6e:d2:91:f7:f3:59:93:4f:
                    87:6b:d6:6e:de:5f:4f:2f:64:1b:c1:ff:3a:c7:19:
                    8e:cd:f1:4a:5e:9f:45:32:a4:ac:59:b4:61:d9:94:
                    c1:da:8f:7d:5f:97:0b:3c:4f:8a:24:b7:a0:f3:bb:
                    29:0d:87:39:30:86:32:ef:3b:39:9c:c0:3c:03:04:
                    28:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F7:FC:A7:D7:43:C4:14:2F:1C:93:BC:A3:E4:99:D2:4F:2A:25:A9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/03efc2c4-f35c-4ff9-aefe-135c62760950.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:d8:cc:fa:ee:6f:82:68:9b:72:1d:1c:54:85:04:fe:d4:3b:
         39:96:34:ba:81:a3:f9:cd:39:6a:03:e7:5a:cc:ee:7a:b1:23:
         be:24:c7:00:07:0a:fb:53:fa:3f:4c:47:d9:33:00:e4:c9:7b:
         20:a5:41:80:d7:20:d5:f2:0d:6e:f1:61:e3:28:dc:d0:5a:ed:
         d6:c0:11:1a:12:5b:e0:f8:47:5e:c8:91:c9:0e:9a:97:2c:69:
         91:ea:1c:1a:80:94:fc:12:a8:57:64:0b:f1:f7:87:14:70:cb:
         3d:e4:10:7a:a3:6c:9c:60:56:dc:b0:d0:04:34:06:4c:eb:ce:
         25:a1:83:a2:ba:b7:74:40:c6:00:b5:c8:ca:68:05:2c:19:b0:
         ee:5c:a4:b2:aa:f0:99:9b:08:1e:c9:89:fe:76:bb:32:02:d5:
         ac:3d:3e:46:9a:eb:16:51:03:37:40:b2:ab:6f:09:28:e4:16:
         e4:b1:8b:ff:af:40:b6:af:3c:20:fd:84:77:6c:87:fa:86:06:
         b7:42:95:18:90:a9:fe:66:6a:d8:10:b1:cb:7a:35:67:d8:ad:
         3c:72:7c:59:02:e8:55:8b:63:83:91:d9:d7:ac:41:52:59:15:
         58:dc:48:b0:b7:11:c5:88:a8:2b:48:53:6a:60:3e:1c:bf:d2:
         30:14:63:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVFv72UcqX9M2pxvdv0bHvsgIzZcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTU0MTIwWhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMTU3Zjc0YTY1MGVhNGYxZDRhZTdlYzY5NDAxMTcyYzM3
NDJhYzJmOThmMmMxNjA2NWYxYTk0MzBjYzQxYmUxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDC/9ZdHMDF+Y7Vbrrvy7Yq82gxsayWyzVYszNvKGUcdNN/
9z14RNwXz5zD77f9xlRp4RUGgPMuzCDbmlDlxjrjmMnhglvKbo+zFdVozFFwR5ow
STf5CoLp1huN4en9rUcNlxv18zEs0uaqovgkjtAXsZfS81akxKBXzm1ywwkE0Y4M
tktE/lQYyIlkCzQ6ZeXpAjQgjrWLtjQgScb1sDqAASjN2lsqwwheXm+RKGv2FgwE
M9aTQJSurDlu0pH381mTT4dr1m7eX08vZBvB/zrHGY7N8Upen0UypKxZtGHZlMHa
j31flws8T4okt6DzuykNhzkwhjLvOzmcwDwDBChFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsPf8p9dDxBQvHJO8o+SZ0k8qJakwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAzZWZjMmM0LWYzNWMtNGZmOS1hZWZlLTEzNWM2Mjc2MDk1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP3M0wDQYJKoZIhvcNAQELBQADggEBAILYzPrub4Jom3IdHFSFBP7UOzmW
NLqBo/nNOWoD51rM7nqxI74kxwAHCvtT+j9MR9kzAOTJeyClQYDXINXyDW7xYeMo
3NBa7dbAERoSW+D4R17IkckOmpcsaZHqHBqAlPwSqFdkC/H3hxRwyz3kEHqjbJxg
Vtyw0AQ0BkzrziWhg6K6t3RAxgC1yMpoBSwZsO5cpLKq8JmbCB7Jif52uzIC1aw9
Pkaa6xZRAzdAsqtvCSjkFuSxi/+vQLavPCD9hHdsh/qGBrdClRiQqf5matgQsct6
NWfYrTxyfFkC6FWLY4OR2desQVJZFVjcSLC3EcWIqCtIU2pgPhy/0jAUY+c=
-----END CERTIFICATE-----