Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27faa4d7-d285-4042-870f-e16b6211a368.roa
File:                     27faa4d7-d285-4042-870f-e16b6211a368.roa (raw, json)
Hash identifier:          lh4+11zZd5mA5ZL+MSpcwkbST4lPDo+7MVWdN3EPjc0=
Subject key identifier:   DE:0C:6D:92:A3:9F:F2:4A:32:17:69:AD:61:BF:36:0C:36:2D:FC:5F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6B58FD6286826791701E4887C51BE3563C3B1986
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27faa4d7-d285-4042-870f-e16b6211a368.roa
Signing time:             Mon 27 Jan 2025 00:00:00 +0000
ROA not before:           Mon 27 Jan 2025 00:00:00 +0000
ROA not after:            Mon 03 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.136.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:58:fd:62:86:82:67:91:70:1e:48:87:c5:1b:e3:56:3c:3b:19:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 27 00:00:00 2025 GMT
            Not After : Mar  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7e:05:b4:b9:d8:ce:7d:3e:2b:c5:45:a7:b7:
                    2d:ed:ab:39:13:eb:bc:9c:b3:a3:d4:d5:16:59:5d:
                    da:8d:11:9f:ba:91:68:b3:86:f3:01:02:d1:6f:1e:
                    cb:dd:56:8e:a3:d0:16:f3:04:3b:b6:b3:f0:93:e0:
                    80:02:01:9a:97:f3:aa:08:b0:cb:dc:fc:14:ac:0f:
                    ff:d8:2c:5f:42:da:07:07:49:fc:d9:72:fe:cc:86:
                    08:cb:81:db:e1:cb:05:19:4c:ed:1e:6d:3a:e4:54:
                    5e:b8:23:a0:a2:06:bd:a8:d7:ca:76:11:9e:4e:32:
                    98:fa:dc:67:c2:97:a2:5b:4b:1a:c1:75:5d:f9:50:
                    47:a2:3c:63:5a:c4:89:b7:ea:d7:1b:c4:fe:93:ce:
                    64:1b:80:a3:a1:31:6f:4c:49:69:81:4a:c4:e9:0c:
                    0d:8c:69:80:ff:12:50:96:c1:37:74:fa:03:56:43:
                    39:e7:a6:ff:7f:b4:30:b5:5c:d6:59:25:05:be:2e:
                    de:1a:de:14:18:86:18:cf:a4:41:fd:92:96:c0:c5:
                    01:b1:69:94:d8:40:38:c9:d4:46:05:6f:43:09:6d:
                    aa:31:15:5b:34:3a:47:14:ce:cf:e7:c2:9b:12:15:
                    78:e2:1f:d0:97:6b:ad:79:12:46:9f:d4:7c:a2:36:
                    13:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:0C:6D:92:A3:9F:F2:4A:32:17:69:AD:61:BF:36:0C:36:2D:FC:5F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27faa4d7-d285-4042-870f-e16b6211a368.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         60:9a:19:5b:65:eb:19:fc:79:f9:cb:57:27:6a:59:69:42:de:
         1b:c1:df:e0:ca:14:e6:ae:79:79:e6:52:d5:84:42:c4:d9:61:
         4c:9b:f8:5c:a9:9a:90:96:2b:76:23:7e:71:3f:5d:60:dd:cf:
         fb:d1:4f:5f:3c:b3:ab:cc:4b:ef:20:ad:32:89:b0:b7:67:52:
         4a:26:76:7f:29:7b:32:15:ce:fe:cb:63:28:0b:df:96:bd:8b:
         56:c2:9d:2f:45:ac:1d:77:0f:d0:99:91:b5:e7:b6:bd:55:b8:
         eb:86:02:27:99:64:58:29:b9:5d:11:6f:f1:3f:5b:ae:b2:1d:
         52:2f:95:c7:69:7f:c8:d7:d0:c5:22:29:a4:52:68:25:76:b1:
         ac:93:11:90:f5:39:5a:15:3c:b6:cb:36:cc:1f:ab:05:9d:79:
         47:2d:d1:cb:ef:e8:05:34:1f:ab:e1:29:ac:ce:8f:fd:f8:96:
         14:b1:04:3f:56:39:2f:a7:b8:a3:ac:0a:22:b5:40:3c:13:29:
         dd:a9:31:b0:56:6c:cd:70:b9:5c:77:35:d8:f0:52:48:8a:79:
         d9:4c:06:8b:bf:79:60:21:3b:7e:fb:c7:1e:93:7a:a2:ae:44:
         72:79:5e:7d:5b:06:b8:1f:72:e6:b0:5a:26:1d:a0:82:d9:56:
         71:29:8d:1f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa1j9YoaCZ5FwHkiHxRvjVjw7GYYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTI3MDAwMDAwWhcNMjUwMzAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTFjNzA4MzEyMGI2MTZkZDExZmFkYWIzNDg2OGZmNDkz
Y2RhYTU1YTFhZDBkN2U0ODdjOTlkODU4NDU1Njc0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLfgW0udjOfT4rxUWnty3tqzkT67ycs6PU1RZZXdqNEZ+6
kWizhvMBAtFvHsvdVo6j0BbzBDu2s/CT4IACAZqX86oIsMvc/BSsD//YLF9C2gcH
SfzZcv7MhgjLgdvhywUZTO0ebTrkVF64I6CiBr2o18p2EZ5OMpj63GfCl6JbSxrB
dV35UEeiPGNaxIm36tcbxP6TzmQbgKOhMW9MSWmBSsTpDA2MaYD/ElCWwTd0+gNW
Qznnpv9/tDC1XNZZJQW+Lt4a3hQYhhjPpEH9kpbAxQGxaZTYQDjJ1EYFb0MJbaox
FVs0OkcUzs/nwpsSFXjiH9CXa615Ekaf1HyiNhO5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3gxtkqOf8koyF2mtYb82DDYt/F8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI3ZmFhNGQ3LWQyODUtNDA0Mi04NzBmLWUxNmI2MjExYTM2OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3IgwDQYJKoZIhvcNAQELBQADggEBAGCaGVtl6xn8efnLVydqWWlC3hvB
3+DKFOaueXnmUtWEQsTZYUyb+FypmpCWK3YjfnE/XWDdz/vRT188s6vMS+8grTKJ
sLdnUkomdn8pezIVzv7LYygL35a9i1bCnS9FrB13D9CZkbXntr1VuOuGAieZZFgp
uV0Rb/E/W66yHVIvlcdpf8jX0MUiKaRSaCV2sayTEZD1OVoVPLbLNswfqwWdeUct
0cvv6AU0H6vhKazOj/34lhSxBD9WOS+nuKOsCiK1QDwTKd2pMbBWbM1wuVx3Ndjw
UkiKedlMBou/eWAhO377xx6TeqKuRHJ5Xn1bBrgfcuawWiYdoILZVnEpjR8=
-----END CERTIFICATE-----