Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1b104d16-32c1-4120-849f-050a4b66c723.roa
File:                     1b104d16-32c1-4120-849f-050a4b66c723.roa (raw, json)
Hash identifier:          tpGKRCE6JpLjVCVWgkFlbg0EI0WM3g4h0/IygdvWh1E=
Subject key identifier:   85:C6:72:AA:09:65:85:B3:4B:DE:88:4D:53:20:24:5C:49:49:4D:D0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6003118E08B81C22609EEF08C259B70739877FFB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1b104d16-32c1-4120-849f-050a4b66c723.roa
Signing time:             Tue 07 Oct 2025 15:32:53 +0000
ROA not before:           Tue 07 Oct 2025 15:32:53 +0000
ROA not after:            Tue 11 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:03:11:8e:08:b8:1c:22:60:9e:ef:08:c2:59:b7:07:39:87:7f:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct  7 15:32:53 2025 GMT
            Not After : Nov 11 23:59:59 2025 GMT
        Subject: serialNumber=50d22b9ceec89fd84147ae70b49a8d4e4e915290aaef52cb83d2f32dc9d95389, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:11:73:89:b8:9e:6d:db:3f:57:5d:24:d6:7d:
                    c3:60:a1:7c:c8:c5:3b:43:40:d2:63:05:d4:c1:66:
                    2e:31:e5:7b:bf:6e:2d:e6:ca:a5:fb:77:b1:78:63:
                    02:bc:99:39:be:6b:0a:75:d2:26:ec:37:5f:9b:8d:
                    2b:a2:c2:d7:e4:e5:25:02:06:7e:d1:51:92:5f:4b:
                    e4:40:3c:60:c9:fc:ae:44:8c:af:16:91:f0:d5:c0:
                    f3:1c:b7:39:06:54:73:1d:50:73:1e:7b:c1:38:05:
                    8a:ef:ee:65:0e:c6:5f:63:f9:6e:b1:4b:3d:da:50:
                    32:97:cc:12:c5:c3:b0:75:4c:4d:75:fa:04:7a:e7:
                    81:b3:22:38:00:4b:3a:5d:8e:f5:95:d1:93:2a:0d:
                    69:83:5c:fc:f5:e1:2c:1e:6a:79:a9:fc:f2:7b:e8:
                    18:25:2f:36:c0:a6:c7:81:53:ad:c4:e5:df:90:01:
                    cb:f9:e2:bc:69:69:48:cc:c3:ce:5d:56:eb:48:d1:
                    77:20:a7:e5:98:b7:27:d6:fb:52:49:8f:de:96:f8:
                    c3:0b:b8:1d:91:be:b7:16:80:23:e1:b1:14:fc:35:
                    3f:66:44:f9:7b:1c:96:43:6a:87:ad:73:5f:8d:7f:
                    09:42:13:69:65:8d:56:2c:75:ad:85:4d:8c:fd:34:
                    c3:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:C6:72:AA:09:65:85:B3:4B:DE:88:4D:53:20:24:5C:49:49:4D:D0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1b104d16-32c1-4120-849f-050a4b66c723.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         52:60:45:3e:e4:c8:81:be:88:fb:9d:2a:6e:71:91:0b:ac:b1:
         43:f1:97:bf:09:b7:77:dc:96:18:29:73:0a:16:d6:f3:a0:d5:
         57:f4:bb:7f:21:e0:bc:2b:5f:a8:de:9d:8a:0d:dd:0a:20:f6:
         8c:11:9a:d4:03:28:8b:c6:44:a4:ca:61:79:84:34:95:4b:2f:
         73:48:09:9f:b4:cc:3e:3c:ce:c9:d1:39:0b:46:db:ed:7c:a3:
         bb:9c:69:68:51:cb:4f:7e:65:02:16:5b:4f:6b:90:7f:e5:7a:
         37:e8:74:3e:6a:4b:e2:d9:ed:29:47:1b:af:9c:05:de:3b:fa:
         6e:15:bb:4b:a0:37:84:ec:11:d7:ca:5d:f4:7d:30:d2:89:64:
         49:4c:d4:59:15:e7:c3:9e:fc:39:39:25:62:d8:2c:65:ed:c1:
         ea:37:67:92:87:b1:07:fb:c1:ac:1c:bc:9a:cd:50:54:c3:fa:
         df:32:ec:37:a9:05:1c:56:dd:3a:2f:17:a2:6e:9a:2a:67:9c:
         42:97:8f:a7:e3:95:41:b8:cf:d9:55:24:a0:20:b0:a7:56:8f:
         62:d9:b6:6c:d6:6a:63:70:cf:7e:6d:d2:7a:71:0c:fb:bd:01:
         b1:34:a7:86:b5:5a:53:48:7b:f2:11:1c:80:12:c2:8c:30:4b:
         5b:e5:c0:55
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYAMRjgi4HCJgnu8Iwlm3BzmHf/swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDA3MTUzMjUzWhcNMjUxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MGQyMmI5Y2VlYzg5ZmQ4NDE0N2FlNzBiNDlhOGQ0ZTRl
OTE1MjkwYWFlZjUyY2I4M2QyZjMyZGM5ZDk1Mzg5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnEXOJuJ5t2z9XXSTWfcNgoXzIxTtDQNJjBdTBZi4x5Xu/
bi3myqX7d7F4YwK8mTm+awp10ibsN1+bjSuiwtfk5SUCBn7RUZJfS+RAPGDJ/K5E
jK8WkfDVwPMctzkGVHMdUHMee8E4BYrv7mUOxl9j+W6xSz3aUDKXzBLFw7B1TE11
+gR654GzIjgASzpdjvWV0ZMqDWmDXPz14Sweanmp/PJ76BglLzbApseBU63E5d+Q
Acv54rxpaUjMw85dVutI0Xcgp+WYtyfW+1JJj96W+MMLuB2RvrcWgCPhsRT8NT9m
RPl7HJZDaoetc1+NfwlCE2lljVYsda2FTYz9NMM9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhcZyqgllhbNL3ohNUyAkXElJTdAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFiMTA0ZDE2LTMyYzEtNDEyMC04NDlmLTA1MGE0YjY2YzcyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQP3AAwDQYJKoZIhvcNAQELBQADggEBAFJgRT7kyIG+iPudKm5xkQussUPx
l78Jt3fclhgpcwoW1vOg1Vf0u38h4LwrX6jenYoN3Qog9owRmtQDKIvGRKTKYXmE
NJVLL3NICZ+0zD48zsnROQtG2+18o7ucaWhRy09+ZQIWW09rkH/lejfodD5qS+LZ
7SlHG6+cBd47+m4Vu0ugN4TsEdfKXfR9MNKJZElM1FkV58Oe/Dk5JWLYLGXtweo3
Z5KHsQf7wawcvJrNUFTD+t8y7DepBRxW3TovF6JumipnnEKXj6fjlUG4z9lVJKAg
sKdWj2LZtmzWamNwz35t0npxDPu9AbE0p4a1WlNIe/IRHIASwowwS1vlwFU=
-----END CERTIFICATE-----