Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/78bfeba9-7b52-480f-986d-6608da14c76d.roa
File:                     78bfeba9-7b52-480f-986d-6608da14c76d.roa (raw, json)
Hash identifier:          hgLUzvhVh5Mjr5mN647w4Ye/0xxcRLGbpgNUEb0EebE=
Subject key identifier:   C7:50:BC:75:20:DF:42:D7:24:19:73:BE:EA:D8:E5:B6:96:B0:EB:A2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       123DC87116C81F748F63E4A0F8BEC9888AF4C9DC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/78bfeba9-7b52-480f-986d-6608da14c76d.roa
Signing time:             Fri 10 Oct 2025 00:55:38 +0000
ROA not before:           Fri 10 Oct 2025 00:55:38 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.230.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:3d:c8:71:16:c8:1f:74:8f:63:e4:a0:f8:be:c9:88:8a:f4:c9:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 00:55:38 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=7a5faf18fc140f7d2ca05a7b6d05bf5e8a306099e2562ac3781dafaa8323ebf1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f7:a5:8a:05:c3:45:7a:67:38:2f:2e:aa:74:
                    9c:c3:fe:77:ce:6a:b1:34:0f:ef:5c:02:5d:ef:2b:
                    85:c9:9c:17:8e:66:80:51:c7:78:ec:c5:08:e9:b1:
                    9a:ce:79:60:47:53:4a:d9:99:55:f6:c5:ef:41:77:
                    18:64:f1:4e:c9:d0:f8:fe:51:f3:07:e8:46:4c:88:
                    13:f6:ea:0e:c6:03:13:e5:cd:17:09:5f:4f:7f:74:
                    e0:66:a2:f1:1d:ed:91:c6:ee:27:1f:4f:d9:32:b1:
                    96:d7:16:9d:ff:f6:4f:7d:dd:fd:74:27:bf:b1:c3:
                    32:05:b2:b5:1b:31:f4:99:54:0c:ad:1b:33:ae:a8:
                    cc:b3:06:1e:fa:7d:67:19:10:e2:96:79:3a:70:96:
                    3b:14:dc:3b:a3:b6:e0:7e:ac:6a:7f:eb:d4:4b:a6:
                    e2:0d:29:fc:03:8c:b1:2a:dd:84:c3:f6:5f:ea:dc:
                    5e:c4:32:58:cd:7c:b7:24:32:bc:e6:5c:b6:b4:c6:
                    bd:4a:96:ee:43:02:9e:54:2c:c2:ad:48:1d:7e:e6:
                    e2:c9:76:38:2b:bb:a1:d1:be:4f:4f:73:f2:17:5d:
                    fb:9c:89:4e:88:55:d3:5a:c3:87:db:2e:67:d0:6c:
                    92:9e:a9:c2:d8:a9:a8:6b:c1:aa:3f:d1:fb:ad:d2:
                    b8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:50:BC:75:20:DF:42:D7:24:19:73:BE:EA:D8:E5:B6:96:B0:EB:A2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/78bfeba9-7b52-480f-986d-6608da14c76d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:0e:ed:f5:65:42:8d:72:c7:4c:ce:c8:01:94:9b:ac:43:1a:
         3a:19:7c:0f:5d:30:89:18:c3:f6:0d:a9:7f:76:83:fb:2d:f3:
         f4:7a:f0:c5:aa:f3:b3:ee:1b:48:4e:57:07:d7:6e:30:fc:35:
         b3:6a:29:c8:15:87:3a:91:82:fa:34:06:4f:7c:90:5f:86:dc:
         bd:7a:a1:35:cb:4c:11:0d:f6:18:96:4e:53:eb:7e:17:94:8b:
         df:39:78:46:20:09:2c:48:58:e6:9a:85:5d:72:26:b0:87:2b:
         03:a6:cf:ac:9a:0a:c4:78:bc:4c:81:0b:81:b0:78:82:d9:68:
         fc:30:a3:80:3c:6a:2e:0f:2d:3e:79:a7:cd:63:0e:89:db:d6:
         c0:04:46:43:09:71:23:30:7d:26:0e:f6:fd:f9:fb:ba:02:57:
         32:06:ae:8d:8a:1f:3a:14:9b:c9:12:66:d3:72:62:95:d2:2a:
         40:61:19:49:d5:7d:55:19:48:fc:64:6c:a5:c6:31:97:65:8e:
         24:4c:93:ac:b3:12:0a:9c:a8:78:98:d8:79:a3:9a:75:35:d2:
         47:7e:bb:a8:cc:9d:1c:34:a5:db:2e:2c:dc:58:96:ea:51:1b:
         89:9e:b6:7c:6e:bc:a3:91:d5:94:56:96:24:34:5c:38:e4:bd:
         85:c5:1f:17
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEj3IcRbIH3SPY+Sg+L7JiIr0ydwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMDA1NTM4WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YTVmYWYxOGZjMTQwZjdkMmNhMDVhN2I2ZDA1YmY1ZThh
MzA2MDk5ZTI1NjJhYzM3ODFkYWZhYTgzMjNlYmYxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCj96WKBcNFemc4Ly6qdJzD/nfOarE0D+9cAl3vK4XJnBeO
ZoBRx3jsxQjpsZrOeWBHU0rZmVX2xe9Bdxhk8U7J0Pj+UfMH6EZMiBP26g7GAxPl
zRcJX09/dOBmovEd7ZHG7icfT9kysZbXFp3/9k993f10J7+xwzIFsrUbMfSZVAyt
GzOuqMyzBh76fWcZEOKWeTpwljsU3DujtuB+rGp/69RLpuINKfwDjLEq3YTD9l/q
3F7EMljNfLckMrzmXLa0xr1Klu5DAp5ULMKtSB1+5uLJdjgru6HRvk9Pc/IXXfuc
iU6IVdNaw4fbLmfQbJKeqcLYqahrwao/0fut0rjrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUx1C8dSDfQtckGXO+6tjltpaw66IwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc4YmZlYmE5LTdiNTItNDgwZi05ODZkLTY2MDhkYTE0Yzc2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5l8wDQYJKoZIhvcNAQELBQADggEBAJwO7fVlQo1yx0zOyAGUm6xDGjoZ
fA9dMIkYw/YNqX92g/st8/R68MWq87PuG0hOVwfXbjD8NbNqKcgVhzqRgvo0Bk98
kF+G3L16oTXLTBEN9hiWTlPrfheUi985eEYgCSxIWOaahV1yJrCHKwOmz6yaCsR4
vEyBC4GweILZaPwwo4A8ai4PLT55p81jDonb1sAERkMJcSMwfSYO9v35+7oCVzIG
ro2KHzoUm8kSZtNyYpXSKkBhGUnVfVUZSPxkbKXGMZdljiRMk6yzEgqcqHiY2Hmj
mnU10kd+u6jMnRw0pdsuLNxYlupRG4metnxuvKOR1ZRWliQ0XDjkvYXFHxc=
-----END CERTIFICATE-----