Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1d2d4fc1-b25b-4a21-9546-ea0aa37cd60e.roa
File:                     1d2d4fc1-b25b-4a21-9546-ea0aa37cd60e.roa (raw, json)
Hash identifier:          ocvGYET5sTaGEcVd3uOsSOqQL3az7PG43YQtIRG5edg=
Subject key identifier:   1E:F4:F2:C0:FB:41:98:9D:48:06:A9:1F:51:B2:68:7B:D2:73:25:19
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4A7EFACF56DBE7989BECF70DD9EF4CDF1D096A62
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1d2d4fc1-b25b-4a21-9546-ea0aa37cd60e.roa
Signing time:             Tue 23 Sep 2025 16:53:25 +0000
ROA not before:           Tue 23 Sep 2025 16:53:25 +0000
ROA not after:            Tue 28 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.209.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:7e:fa:cf:56:db:e7:98:9b:ec:f7:0d:d9:ef:4c:df:1d:09:6a:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 23 16:53:25 2025 GMT
            Not After : Oct 28 23:59:59 2025 GMT
        Subject: serialNumber=3be149d0b60313d5a6e06375386eb5c5b294189f710ac2d4d56365441ec8e5d8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ad:bf:39:c4:00:19:8d:f9:21:48:4d:28:c9:
                    d5:12:61:30:36:64:7c:0f:70:ca:44:15:04:04:43:
                    fe:0a:14:1a:6b:7d:4e:aa:e4:68:d5:1f:9f:80:eb:
                    9f:06:01:73:92:c4:1d:3f:00:bb:07:26:4a:f5:7e:
                    bd:c5:d8:de:e3:12:f0:eb:f4:8d:22:8b:e0:68:82:
                    5c:3e:79:a9:39:45:fc:6d:eb:25:d6:7a:d2:ad:b7:
                    71:ee:a7:8a:f4:49:40:e3:59:31:18:b3:d6:30:90:
                    df:b6:e1:71:b1:27:1d:16:e5:77:0d:50:95:c9:c9:
                    ee:9d:6d:1e:82:6b:24:bb:e1:33:4f:57:8e:dc:94:
                    6a:f6:67:ae:a4:30:f2:4f:7e:b0:4b:95:e7:9c:ea:
                    eb:bf:36:19:d6:19:11:ce:2f:3c:55:16:04:65:3d:
                    9d:f8:1a:0f:51:5a:34:fc:98:2a:c9:41:91:02:72:
                    4d:6e:d4:0b:a9:f4:74:b8:2f:01:6d:6d:b1:c6:e7:
                    84:da:5c:53:ba:3a:72:71:5d:fb:77:05:ec:0b:7a:
                    a6:e8:b9:e3:7d:db:b9:14:12:d4:b1:be:8a:f3:70:
                    56:fa:93:af:e9:c6:26:e7:d6:fb:fa:64:b9:4a:91:
                    ec:58:c1:ae:55:0b:c5:c9:aa:35:85:56:de:70:7f:
                    92:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:F4:F2:C0:FB:41:98:9D:48:06:A9:1F:51:B2:68:7B:D2:73:25:19
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1d2d4fc1-b25b-4a21-9546-ea0aa37cd60e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.209.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0b:b3:ce:c2:68:58:58:3b:5d:a9:fa:b0:2d:44:57:5d:97:fd:
         1e:d9:6a:ea:0b:7c:6b:71:5f:bd:83:d8:6a:d8:a4:ea:67:88:
         b5:40:3a:f6:26:dd:13:f6:89:8f:39:bf:91:89:a5:b4:e1:7b:
         78:f0:bd:fe:58:18:c3:e8:68:f7:ff:2f:16:5b:57:b2:58:38:
         28:8d:a0:10:9b:99:63:b7:07:6b:8e:04:ae:ee:c7:4a:e6:c9:
         f2:62:29:f7:a0:3d:ab:67:e0:0e:e1:1b:de:0a:66:5a:8c:5b:
         d4:5a:12:29:ff:bd:f1:48:7e:3c:ce:ab:58:32:ed:ee:06:f4:
         7a:8a:cc:14:b3:3e:ce:9f:d2:38:14:85:f8:d4:5e:ab:df:46:
         f4:cb:f0:3e:31:6f:20:31:90:59:ec:c8:b0:2e:a3:42:13:8d:
         9c:9c:0f:27:5b:5d:02:1c:46:51:8f:04:74:44:6d:83:dc:ac:
         ab:0a:35:bc:a5:6a:93:47:41:0b:0e:d6:4c:bf:dd:4c:3b:14:
         e1:89:a7:ff:02:8f:13:a4:bb:fc:f1:ce:12:95:0b:a3:c6:27:
         9b:df:13:31:52:f0:b5:9f:f9:f2:ec:4d:01:d4:e7:d3:d8:87:
         07:d0:d9:20:d1:e0:84:73:72:d3:96:3a:c2:b7:19:c4:27:f1:
         e4:65:c5:bd
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSn76z1bb55ib7PcN2e9M3x0JamIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIzMTY1MzI1WhcNMjUxMDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmUxNDlkMGI2MDMxM2Q1YTZlMDYzNzUzODZlYjVjNWIy
OTQxODlmNzEwYWMyZDRkNTYzNjU0NDFlYzhlNWQ4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRrb85xAAZjfkhSE0oydUSYTA2ZHwPcMpEFQQEQ/4KFBpr
fU6q5GjVH5+A658GAXOSxB0/ALsHJkr1fr3F2N7jEvDr9I0ii+Boglw+eak5Rfxt
6yXWetKtt3Hup4r0SUDjWTEYs9YwkN+24XGxJx0W5XcNUJXJye6dbR6CayS74TNP
V47clGr2Z66kMPJPfrBLleec6uu/NhnWGRHOLzxVFgRlPZ34Gg9RWjT8mCrJQZEC
ck1u1Aup9HS4LwFtbbHG54TaXFO6OnJxXft3BewLeqboueN927kUEtSxvorzcFb6
k6/pxibn1vv6ZLlKkexYwa5VC8XJqjWFVt5wf5I9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHvTywPtBmJ1IBqkfUbJoe9JzJRkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFkMmQ0ZmMxLWIyNWItNGEyMS05NTQ2LWVhMGFhMzdjZDYwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP0TANBgkqhkiG9w0BAQsFAAOCAQEAC7POwmhYWDtdqfqwLURXXZf9Htlq
6gt8a3FfvYPYatik6meItUA69ibdE/aJjzm/kYmltOF7ePC9/lgYw+ho9/8vFltX
slg4KI2gEJuZY7cHa44Eru7HSubJ8mIp96A9q2fgDuEb3gpmWoxb1FoSKf+98Uh+
PM6rWDLt7gb0eorMFLM+zp/SOBSF+NReq99G9MvwPjFvIDGQWezIsC6jQhONnJwP
J1tdAhxGUY8EdERtg9ysqwo1vKVqk0dBCw7WTL/dTDsU4Ymn/wKPE6S7/PHOEpUL
o8Ynm98TMVLwtZ/58uxNAdTn09iHB9DZINHghHNy05Y6wrcZxCfx5GXFvQ==
-----END CERTIFICATE-----