Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7d0e3caf-bdbd-4f93-a5c4-ad3263a8469c.roa
File:                     7d0e3caf-bdbd-4f93-a5c4-ad3263a8469c.roa (raw, json)
Hash identifier:          Jws5HrIU4smbyQVpS1rlFoB0UppqJwWUjIL69ZLCduw=
Subject key identifier:   B4:02:48:F1:D1:27:38:E9:6C:04:1C:09:4A:8C:5D:24:0B:23:F2:37
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7C1A6A1421B62401C1A0D0DD8CE00A1C24F4BC64
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7d0e3caf-bdbd-4f93-a5c4-ad3263a8469c.roa
Signing time:             Mon 01 Sep 2025 16:00:21 +0000
ROA not before:           Mon 01 Sep 2025 16:00:21 +0000
ROA not after:            Mon 06 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        146.207.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 19 Sep 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:1a:6a:14:21:b6:24:01:c1:a0:d0:dd:8c:e0:0a:1c:24:f4:bc:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep  1 16:00:21 2025 GMT
            Not After : Oct  6 23:59:59 2025 GMT
        Subject: serialNumber=4b8617874e7cd9afc258fcbf0b8c59a5b3ec73998eaaa59c4efa135e5d194500, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:68:e2:1d:03:b8:2d:2a:5b:90:7b:17:7c:cd:
                    ab:e6:54:5a:a4:dc:8e:93:cf:1a:7f:95:3e:fb:73:
                    84:3a:16:b1:1a:52:cf:99:f5:da:3c:21:75:11:1f:
                    93:6f:95:c1:f1:d9:bb:04:e1:13:5d:6c:72:d5:ec:
                    73:a0:05:1b:3d:34:c1:61:dc:7a:85:1f:a1:91:6d:
                    ec:45:39:c0:44:f8:83:7d:b2:0f:b0:4c:f5:3e:a8:
                    45:af:c6:9f:07:63:8f:79:dd:d8:90:c4:b6:bf:38:
                    1f:00:f4:d5:93:ad:c3:62:b6:28:ff:90:4f:62:86:
                    e3:f6:e2:14:17:e5:ff:33:69:7a:fd:99:48:ab:1a:
                    3a:7c:b1:ab:36:a8:0a:c3:98:ff:a4:46:c2:64:0d:
                    8c:14:7e:71:47:de:a3:bd:5e:28:19:46:8c:e8:48:
                    de:18:d6:63:f1:59:63:cb:8d:c4:e6:95:fb:25:e7:
                    7b:19:25:65:5a:db:f4:5a:c7:69:98:50:d4:75:dd:
                    2f:14:7e:e1:c5:1a:e6:22:de:0f:ad:e6:a0:67:55:
                    ab:19:e6:02:74:0c:22:8c:8a:e6:86:4a:2e:d3:ef:
                    bb:c1:75:bf:28:25:66:26:ee:ec:75:cb:f4:5c:8a:
                    70:e3:0c:0d:fd:e3:56:e5:d5:73:f4:83:17:ba:96:
                    09:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:02:48:F1:D1:27:38:E9:6C:04:1C:09:4A:8C:5D:24:0B:23:F2:37
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7d0e3caf-bdbd-4f93-a5c4-ad3263a8469c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.207.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         20:01:ca:45:af:81:15:40:59:b9:b7:a6:c1:2f:7a:2f:9e:8f:
         b1:a8:77:d4:f8:db:c2:ef:a0:18:2c:19:d1:93:04:89:b9:1f:
         23:1f:5a:85:72:17:47:0e:54:73:fa:5d:58:ff:ed:f6:00:74:
         c8:f8:54:89:ef:29:d5:2d:e6:55:5d:e3:69:f5:9d:05:21:66:
         be:74:71:87:06:77:37:21:4a:d0:d9:4c:0f:9e:7a:4d:cf:ff:
         1f:9b:60:0b:75:29:37:63:d5:b2:6e:9c:f6:17:56:16:6f:f2:
         fa:61:46:ed:87:ba:4c:e8:6a:a3:f6:77:ff:b3:43:a8:33:a1:
         82:20:bc:24:b1:a2:6a:d8:f7:ac:12:98:8f:1f:a3:1b:31:f9:
         8f:b7:36:c9:95:68:72:85:77:f0:a7:d0:93:f3:8b:db:3d:4d:
         f9:3a:18:a4:0e:35:1f:c0:54:a6:ca:6e:24:ce:0a:68:1f:54:
         80:ce:fb:ba:87:d5:1d:75:50:1a:67:d3:bb:64:29:7a:20:bb:
         fd:64:93:24:c3:90:00:08:e4:79:20:05:db:b3:95:31:a3:ab:
         88:5b:8e:ed:01:da:d4:d3:4c:59:b5:05:21:43:72:20:d7:00:
         b5:2e:3f:af:e8:c0:4f:0d:c2:cd:ee:a1:8b:4f:19:7e:f0:0b:
         f9:dc:d6:da
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfBpqFCG2JAHBoNDdjOAKHCT0vGQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTAxMTYwMDIxWhcNMjUxMDA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Yjg2MTc4NzRlN2NkOWFmYzI1OGZjYmYwYjhjNTlhNWIz
ZWM3Mzk5OGVhYWE1OWM0ZWZhMTM1ZTVkMTk0NTAwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwaOIdA7gtKluQexd8zavmVFqk3I6Tzxp/lT77c4Q6FrEa
Us+Z9do8IXURH5NvlcHx2bsE4RNdbHLV7HOgBRs9NMFh3HqFH6GRbexFOcBE+IN9
sg+wTPU+qEWvxp8HY4953diQxLa/OB8A9NWTrcNitij/kE9ihuP24hQX5f8zaXr9
mUirGjp8sas2qArDmP+kRsJkDYwUfnFH3qO9XigZRozoSN4Y1mPxWWPLjcTmlfsl
53sZJWVa2/Rax2mYUNR13S8UfuHFGuYi3g+t5qBnVasZ5gJ0DCKMiuaGSi7T77vB
db8oJWYm7ux1y/RcinDjDA3941bl1XP0gxe6lgkzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUtAJI8dEnOOlsBBwJSoxdJAsj8jcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdkMGUzY2FmLWJkYmQtNGY5My1hNWM0LWFkMzI2M2E4NDY5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCSzzANBgkqhkiG9w0BAQsFAAOCAQEAIAHKRa+BFUBZubemwS96L56Psah3
1Pjbwu+gGCwZ0ZMEibkfIx9ahXIXRw5Uc/pdWP/t9gB0yPhUie8p1S3mVV3jafWd
BSFmvnRxhwZ3NyFK0NlMD556Tc//H5tgC3UpN2PVsm6c9hdWFm/y+mFG7Ye6TOhq
o/Z3/7NDqDOhgiC8JLGiatj3rBKYjx+jGzH5j7c2yZVocoV38KfQk/OL2z1N+ToY
pA41H8BUpspuJM4KaB9UgM77uofVHXVQGmfTu2QpeiC7/WSTJMOQAAjkeSAF27OV
MaOriFuO7QHa1NNMWbUFIUNyINcAtS4/r+jATw3Cze6hi08ZfvAL+dzW2g==
-----END CERTIFICATE-----