Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/142ce907-aedc-4605-8862-c3d7f5104b02.roa
File:                     142ce907-aedc-4605-8862-c3d7f5104b02.roa (raw, json)
Hash identifier:          bxNLk3YBHazD8m5fq6yJpOv8axhwSTKfAxStgXq7emI=
Subject key identifier:   E4:FA:44:22:DA:E7:BC:31:B7:D4:BE:83:D0:18:10:2B:DA:E1:1D:78
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       32E8908E9A121F4D47FEBAC1A93EA83B52B1BF6E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/142ce907-aedc-4605-8862-c3d7f5104b02.roa
Signing time:             Wed 13 Aug 2025 00:50:15 +0000
ROA not before:           Wed 13 Aug 2025 00:50:15 +0000
ROA not after:            Wed 17 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.177.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:e8:90:8e:9a:12:1f:4d:47:fe:ba:c1:a9:3e:a8:3b:52:b1:bf:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 13 00:50:15 2025 GMT
            Not After : Sep 17 23:59:59 2025 GMT
        Subject: serialNumber=f848f47caec35070ccc824d61dffd10903a8dd753ae559ecce2a497850c791ae, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:cf:c6:c9:37:45:1c:e1:98:2e:46:41:dd:d8:
                    4e:fb:f7:1b:a7:02:18:98:a2:87:dc:a7:da:9c:83:
                    54:23:4b:aa:4c:f1:09:b8:fb:8f:da:78:93:a2:d2:
                    65:81:6b:72:c7:cf:e1:69:12:27:72:6b:a9:f6:07:
                    5f:d8:f9:a6:8a:06:9f:5d:33:2f:38:91:4c:d9:83:
                    f4:a1:96:7e:28:6d:88:d8:14:82:36:24:f5:76:35:
                    d2:8d:50:54:01:a5:7c:c5:51:0c:7d:8c:f5:af:6b:
                    93:be:b5:e2:63:dd:1e:14:9f:73:11:14:a1:77:99:
                    b3:d7:b2:8f:fc:53:d6:0f:c6:9d:bd:f1:23:30:f8:
                    18:95:b9:13:ef:6b:cc:01:9e:f1:c6:06:84:1a:ec:
                    b7:cd:5c:fa:4b:2b:81:89:81:25:7f:9c:b8:d4:29:
                    0b:a2:0f:61:36:eb:b5:2c:05:96:03:25:6e:df:e4:
                    5f:0f:46:f4:1e:47:57:31:c4:9f:36:78:6e:2a:24:
                    9d:d9:2c:31:ba:e9:c5:2f:09:db:41:e0:d6:c2:a1:
                    4a:e7:25:9a:b2:00:f3:92:84:63:e4:4d:11:eb:0e:
                    34:f3:04:1a:72:56:fd:8f:33:84:85:ac:65:47:9d:
                    99:e7:3c:c0:8e:1d:11:4a:b3:9c:c4:50:f3:b8:d9:
                    26:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:FA:44:22:DA:E7:BC:31:B7:D4:BE:83:D0:18:10:2B:DA:E1:1D:78
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/142ce907-aedc-4605-8862-c3d7f5104b02.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.177.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:e9:ba:bd:9d:9c:cc:c3:51:4f:bd:de:83:90:18:cb:eb:cb:
         b1:2b:e9:bd:a9:c0:77:23:76:10:ee:01:61:2b:4e:37:a7:6b:
         c7:99:90:64:9b:3e:08:72:15:d5:e0:17:20:e4:b7:de:d5:86:
         dd:14:13:ae:49:12:a9:da:c2:f3:19:98:33:a0:cb:ad:38:a6:
         e9:cf:d2:07:be:6b:c4:45:98:bf:07:0c:31:9f:f9:96:cc:97:
         b5:41:b4:34:22:1e:e0:0b:62:a7:af:60:1e:5c:ec:03:ee:00:
         03:7d:a9:e7:57:54:49:6d:e3:80:80:d3:f3:48:4e:7d:28:11:
         78:01:1e:75:22:76:53:9e:92:d2:8e:d0:92:4d:01:93:b9:9e:
         38:b1:77:23:35:4b:64:53:12:71:e5:df:12:d9:cb:22:ba:8b:
         2f:72:c8:2f:7c:ac:5b:91:a9:27:82:f5:af:0e:a9:de:fc:50:
         58:98:1d:e0:e2:e2:53:dd:53:14:4a:93:0a:a5:30:9e:31:60:
         65:fb:9b:9c:08:b7:f3:c2:0b:4a:0d:0d:e7:9a:d4:b6:38:0d:
         1b:e9:39:20:b3:94:a9:15:46:95:06:1b:b9:09:d5:92:80:72:
         cc:3e:ac:e1:6b:bd:12:d7:af:e4:86:34:84:12:7c:35:d2:f1:
         b4:4b:00:8e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMuiQjpoSH01H/rrBqT6oO1Kxv24wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODEzMDA1MDE1WhcNMjUwOTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmODQ4ZjQ3Y2FlYzM1MDcwY2NjODI0ZDYxZGZmZDEwOTAz
YThkZDc1M2FlNTU5ZWNjZTJhNDk3ODUwYzc5MWFlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVz8bJN0Uc4ZguRkHd2E779xunAhiYoofcp9qcg1QjS6pM
8Qm4+4/aeJOi0mWBa3LHz+FpEidya6n2B1/Y+aaKBp9dMy84kUzZg/Shln4obYjY
FII2JPV2NdKNUFQBpXzFUQx9jPWva5O+teJj3R4Un3MRFKF3mbPXso/8U9YPxp29
8SMw+BiVuRPva8wBnvHGBoQa7LfNXPpLK4GJgSV/nLjUKQuiD2E267UsBZYDJW7f
5F8PRvQeR1cxxJ82eG4qJJ3ZLDG66cUvCdtB4NbCoUrnJZqyAPOShGPkTRHrDjTz
BBpyVv2PM4SFrGVHnZnnPMCOHRFKs5zEUPO42SbNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5PpEItrnvDG31L6D0BgQK9rhHXgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE0MmNlOTA3LWFlZGMtNDYwNS04ODYyLWMzZDdmNTEwNGIwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPsWgwDQYJKoZIhvcNAQELBQADggEBAB3pur2dnMzDUU+93oOQGMvry7Er
6b2pwHcjdhDuAWErTjena8eZkGSbPghyFdXgFyDkt97Vht0UE65JEqnawvMZmDOg
y604punP0ge+a8RFmL8HDDGf+ZbMl7VBtDQiHuALYqevYB5c7APuAAN9qedXVElt
44CA0/NITn0oEXgBHnUidlOektKO0JJNAZO5njixdyM1S2RTEnHl3xLZyyK6iy9y
yC98rFuRqSeC9a8Oqd78UFiYHeDi4lPdUxRKkwqlMJ4xYGX7m5wIt/PCC0oNDeea
1LY4DRvpOSCzlKkVRpUGG7kJ1ZKAcsw+rOFrvRLXr+SGNIQSfDXS8bRLAI4=
-----END CERTIFICATE-----