Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0fb5e281-d545-4001-97fa-007bbac7fd98.roa
File:                     0fb5e281-d545-4001-97fa-007bbac7fd98.roa (raw, json)
Hash identifier:          c0z6k+wle8G18alhohUxeEEN8hKkVjVfiVAL66PwlTQ=
Subject key identifier:   03:4A:98:30:D9:97:F9:F1:C0:23:38:35:5F:81:D4:E8:A7:98:3D:B3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       22D772EACED891BB6E2EA9AA6ED283DDBB2D103D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0fb5e281-d545-4001-97fa-007bbac7fd98.roa
Signing time:             Mon 01 Sep 2025 17:31:30 +0000
ROA not before:           Mon 01 Sep 2025 17:31:30 +0000
ROA not after:            Mon 06 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        152.25.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 19 Sep 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:d7:72:ea:ce:d8:91:bb:6e:2e:a9:aa:6e:d2:83:dd:bb:2d:10:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep  1 17:31:30 2025 GMT
            Not After : Oct  6 23:59:59 2025 GMT
        Subject: serialNumber=a8232a9c7178e42313e03b4a9615e659f516d60cd1aa86575a1a71fb0a2d375a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1a:11:54:93:75:21:49:54:01:4f:92:1c:9d:
                    00:7d:71:35:3e:18:a8:6d:23:d8:6b:71:b6:84:a5:
                    2c:46:07:0b:06:d0:8d:22:d2:85:ad:e7:0d:5a:6c:
                    b4:a9:2d:8e:f0:4d:5f:14:06:0c:d7:02:95:8f:7f:
                    47:1d:3c:79:d8:6f:e2:0f:6e:16:7b:ba:8c:96:e3:
                    c8:c9:9c:8b:e7:40:23:e6:af:bc:30:37:df:ad:01:
                    80:38:00:2f:ba:1a:26:bd:94:b0:51:f0:16:27:87:
                    9d:d9:89:9d:47:de:e2:b9:92:ef:f4:b7:57:e4:00:
                    c7:e2:6d:8d:b9:46:5d:fe:59:70:61:ad:f6:4d:eb:
                    96:98:fc:09:bc:a6:8d:11:b6:57:ee:08:55:f7:b7:
                    e6:c4:32:65:30:6e:1c:36:4a:88:d6:bf:cd:24:f0:
                    68:d3:bb:86:0e:cd:f7:ee:df:df:d6:14:ff:d5:41:
                    df:41:63:50:4b:37:55:d7:dc:d9:c1:4e:4c:db:1e:
                    6e:f6:60:19:16:f9:a0:c1:d0:0e:c5:69:d7:98:af:
                    f1:66:15:02:18:53:80:f5:d5:d3:bc:17:94:3b:7b:
                    5b:11:08:9a:d7:af:50:44:42:e0:10:57:b1:c1:56:
                    02:e7:b2:b0:9d:7a:ed:0e:37:1c:3d:4d:7e:02:15:
                    d6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:4A:98:30:D9:97:F9:F1:C0:23:38:35:5F:81:D4:E8:A7:98:3D:B3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0fb5e281-d545-4001-97fa-007bbac7fd98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.25.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         af:4d:c4:60:da:ab:7a:c5:b2:05:0a:eb:12:59:65:ab:2a:b4:
         47:03:26:9f:be:52:9d:5e:87:2a:8b:08:70:d8:0c:51:c4:9c:
         1d:79:69:bf:85:fd:de:da:0d:c6:4a:58:bd:39:09:dc:cb:ce:
         7d:21:06:fa:24:30:77:94:e2:94:ec:05:ca:60:64:1e:26:d4:
         e8:b6:be:ac:0f:f5:99:a3:05:18:77:23:76:f0:0d:a2:09:bc:
         7f:bd:d7:d7:41:b4:cd:e3:c9:0f:29:b6:c1:4a:6e:c7:84:39:
         e1:24:59:66:d9:8e:49:83:61:2e:a1:e4:1e:fe:f7:bb:66:75:
         42:2d:38:a7:39:22:5c:95:c4:2c:86:44:f2:77:17:ea:85:be:
         45:c8:7b:a9:a6:f0:cc:49:3d:31:0c:d7:9c:40:a5:fe:af:42:
         c7:03:b4:30:d0:4e:df:68:98:9d:57:3b:d5:8b:4f:53:3a:29:
         1b:62:67:7a:fe:f5:aa:fa:8d:ef:72:b1:0a:31:9f:3f:66:f2:
         39:49:bd:00:f0:e5:df:10:cb:25:5b:79:20:68:4f:03:e6:65:
         82:51:16:ef:87:47:aa:fc:f9:c5:7e:18:7b:4c:58:b6:c8:30:
         75:be:3b:3d:fb:2b:7a:ad:39:78:ab:d2:87:3d:a7:1f:36:e2:
         3c:76:ba:6f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUItdy6s7YkbtuLqmqbtKD3bstED0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTAxMTczMTMwWhcNMjUxMDA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhODIzMmE5YzcxNzhlNDIzMTNlMDNiNGE5NjE1ZTY1OWY1
MTZkNjBjZDFhYTg2NTc1YTFhNzFmYjBhMmQzNzVhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5GhFUk3UhSVQBT5IcnQB9cTU+GKhtI9hrcbaEpSxGBwsG
0I0i0oWt5w1abLSpLY7wTV8UBgzXApWPf0cdPHnYb+IPbhZ7uoyW48jJnIvnQCPm
r7wwN9+tAYA4AC+6Gia9lLBR8BYnh53ZiZ1H3uK5ku/0t1fkAMfibY25Rl3+WXBh
rfZN65aY/Am8po0RtlfuCFX3t+bEMmUwbhw2SojWv80k8GjTu4YOzffu39/WFP/V
Qd9BY1BLN1XX3NnBTkzbHm72YBkW+aDB0A7FadeYr/FmFQIYU4D11dO8F5Q7e1sR
CJrXr1BEQuAQV7HBVgLnsrCdeu0ONxw9TX4CFdYFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUA0qYMNmX+fHAIzg1X4HU6KeYPbMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBmYjVlMjgxLWQ1NDUtNDAwMS05N2ZhLTAwN2JiYWM3ZmQ5OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCYGTANBgkqhkiG9w0BAQsFAAOCAQEAr03EYNqresWyBQrrElllqyq0RwMm
n75SnV6HKosIcNgMUcScHXlpv4X93toNxkpYvTkJ3MvOfSEG+iQwd5TilOwFymBk
HibU6La+rA/1maMFGHcjdvANogm8f73X10G0zePJDym2wUpux4Q54SRZZtmOSYNh
LqHkHv73u2Z1Qi04pzkiXJXELIZE8ncX6oW+Rch7qabwzEk9MQzXnECl/q9CxwO0
MNBO32iYnVc71YtPUzopG2Jnev71qvqN73KxCjGfP2byOUm9APDl3xDLJVt5IGhP
A+ZlglEW74dHqvz5xX4Ye0xYtsgwdb47Pfsreq05eKvShz2nHzbiPHa6bw==
-----END CERTIFICATE-----