Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/78bfeba9-7b52-480f-986d-6608da14c76d.roa
File:                     78bfeba9-7b52-480f-986d-6608da14c76d.roa (raw, json)
Hash identifier:          UQMgZDaucopQaC5763/y3E9WbkEVKYpX/HT3qFsSlvs=
Subject key identifier:   49:85:30:89:CB:E8:AF:B0:DB:D9:2B:89:E6:56:B9:59:85:90:3E:7C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5F8BE0453D1BD528B784EC4BD8DDB78A8FB4376F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/78bfeba9-7b52-480f-986d-6608da14c76d.roa
Signing time:             Wed 20 Aug 2025 00:31:06 +0000
ROA not before:           Wed 20 Aug 2025 00:31:06 +0000
ROA not after:            Wed 24 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.230.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:8b:e0:45:3d:1b:d5:28:b7:84:ec:4b:d8:dd:b7:8a:8f:b4:37:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 20 00:31:06 2025 GMT
            Not After : Sep 24 23:59:59 2025 GMT
        Subject: serialNumber=a33385923c8fed012e27cd133b9a8f55ab734d6f5872fce3f5a2a5713b141acd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7e:2d:1a:19:c6:8f:2c:d6:dc:2f:54:4c:83:
                    8e:13:4d:eb:1a:74:b3:05:63:c5:51:e7:7b:62:b5:
                    c8:10:86:7b:a6:61:ad:3d:96:15:99:cb:ab:23:81:
                    1f:93:c4:97:17:9d:ef:2f:69:0a:48:ae:fa:71:16:
                    47:45:9d:43:e2:d0:96:4f:5c:bd:99:e9:be:12:db:
                    44:89:cc:ea:24:36:5e:7f:18:78:f7:72:17:7a:fd:
                    8e:9e:ad:aa:c0:d4:8e:49:fb:ee:f3:39:13:d4:ef:
                    0b:50:f9:b7:bd:da:2c:84:3b:18:be:e7:4f:f0:fe:
                    86:2a:77:61:d8:61:7e:90:85:f9:cf:01:30:87:eb:
                    f6:79:66:3e:a3:7a:19:0b:2b:ec:a8:50:d9:a2:59:
                    36:bc:66:b7:76:4e:5f:30:4c:9a:b3:58:22:6b:46:
                    33:9d:41:c6:bb:21:99:ac:1b:f5:ea:c3:f7:09:c9:
                    0b:c5:0b:ff:1b:f3:98:6b:b8:98:00:52:37:c5:dc:
                    20:34:c9:2b:a1:87:3a:e2:73:44:24:e1:43:4a:cb:
                    27:8e:d3:27:14:2d:54:ce:5d:f5:d3:01:96:e1:fd:
                    53:c8:c7:3d:eb:82:f4:ee:3a:ea:5e:59:11:cb:dc:
                    af:42:10:36:36:66:bb:0b:83:1e:e8:49:47:bf:07:
                    ef:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:85:30:89:CB:E8:AF:B0:DB:D9:2B:89:E6:56:B9:59:85:90:3E:7C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/78bfeba9-7b52-480f-986d-6608da14c76d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:da:0e:69:8c:59:01:5e:d5:c8:d3:8a:9f:c7:95:f3:65:52:
         37:4a:c9:68:ac:fc:ff:d8:a5:5a:b8:ef:ec:58:ac:f2:fa:25:
         be:aa:1d:74:f2:9a:15:2f:ac:db:a8:36:36:30:89:8d:2b:55:
         c6:b9:a5:a9:7a:60:b9:e1:ca:2f:1e:dd:e7:c5:92:8f:2e:d7:
         05:44:16:70:be:9e:37:91:c1:e7:29:74:1e:05:8b:27:55:69:
         de:c1:e3:1a:ab:30:b8:df:21:83:ee:c0:20:c1:5a:23:d9:4c:
         e7:4a:fc:a0:60:53:9e:f4:b4:c5:d5:e1:1c:0c:08:66:e6:54:
         45:25:f3:91:5e:2f:10:ba:62:db:e6:db:82:6f:12:69:1a:90:
         8f:fc:af:7b:95:f3:bb:cb:33:18:02:68:e1:55:42:f9:81:d0:
         a1:4c:a8:c0:e8:44:ea:f9:88:f5:23:53:5f:e6:4c:83:51:a0:
         50:c9:b4:10:4f:7a:27:79:62:d6:8b:f0:31:1e:53:90:59:9d:
         a2:51:f7:fd:36:9d:7a:50:f5:5f:33:70:56:2e:7f:22:73:68:
         36:8e:0f:6c:0f:7a:56:b4:f7:55:c6:db:55:ec:e8:38:b0:c4:
         51:1f:0c:07:7b:23:84:85:5d:06:28:56:6d:bd:e6:f6:f7:7b:
         24:7b:9b:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUX4vgRT0b1Si3hOxL2N23io+0N28wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODIwMDAzMTA2WhcNMjUwOTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzMzODU5MjNjOGZlZDAxMmUyN2NkMTMzYjlhOGY1NWFi
NzM0ZDZmNTg3MmZjZTNmNWEyYTU3MTNiMTQxYWNkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAfi0aGcaPLNbcL1RMg44TTesadLMFY8VR53titcgQhnum
Ya09lhWZy6sjgR+TxJcXne8vaQpIrvpxFkdFnUPi0JZPXL2Z6b4S20SJzOokNl5/
GHj3chd6/Y6erarA1I5J++7zORPU7wtQ+be92iyEOxi+50/w/oYqd2HYYX6QhfnP
ATCH6/Z5Zj6jehkLK+yoUNmiWTa8Zrd2Tl8wTJqzWCJrRjOdQca7IZmsG/Xqw/cJ
yQvFC/8b85hruJgAUjfF3CA0ySuhhzric0Qk4UNKyyeO0ycULVTOXfXTAZbh/VPI
xz3rgvTuOupeWRHL3K9CEDY2ZrsLgx7oSUe/B+/pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSYUwicvor7Db2SuJ5la5WYWQPnwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc4YmZlYmE5LTdiNTItNDgwZi05ODZkLTY2MDhkYTE0Yzc2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5l8wDQYJKoZIhvcNAQELBQADggEBAJLaDmmMWQFe1cjTip/HlfNlUjdK
yWis/P/YpVq47+xYrPL6Jb6qHXTymhUvrNuoNjYwiY0rVca5pal6YLnhyi8e3efF
ko8u1wVEFnC+njeRwecpdB4FiydVad7B4xqrMLjfIYPuwCDBWiPZTOdK/KBgU570
tMXV4RwMCGbmVEUl85FeLxC6Ytvm24JvEmkakI/8r3uV87vLMxgCaOFVQvmB0KFM
qMDoROr5iPUjU1/mTINRoFDJtBBPeid5YtaL8DEeU5BZnaJR9/02nXpQ9V8zcFYu
fyJzaDaOD2wPela091XG21Xs6DiwxFEfDAd7I4SFXQYoVm295vb3eyR7m74=
-----END CERTIFICATE-----