Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/86cb1ccd-a306-4ede-8bf6-662335dd41c1.roa
File:                     86cb1ccd-a306-4ede-8bf6-662335dd41c1.roa (raw, json)
Hash identifier:          VJI1RjgYKeThbPsx6+ehGn8UznEvyQozZGoN7+/B8f8=
Subject key identifier:   A3:BF:27:C0:E8:95:11:BF:84:45:BF:34:1D:A7:4D:7D:43:D0:EC:85
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6DC1FC2B6D74D132E644180B2B12D7E04E923A4A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/86cb1ccd-a306-4ede-8bf6-662335dd41c1.roa
Signing time:             Tue 19 Aug 2025 15:10:21 +0000
ROA not before:           Tue 19 Aug 2025 15:10:21 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.177.16.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:c1:fc:2b:6d:74:d1:32:e6:44:18:0b:2b:12:d7:e0:4e:92:3a:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 19 15:10:21 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=9460c83f10a706fa80c429f915bea5cdd3a3d34f5ed368bcf7920b8639fc9f52, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:18:99:b5:ff:21:91:ff:bb:33:85:29:56:8e:
                    70:ee:41:e9:43:8f:e8:13:c5:8b:9e:dc:7b:23:48:
                    39:63:74:97:18:c2:e1:57:40:b8:83:b2:f4:04:04:
                    10:26:78:22:28:47:ce:7f:72:6b:dd:f8:22:98:39:
                    42:46:5d:3f:c1:54:03:73:f2:99:4c:25:ef:85:6c:
                    a6:29:75:9e:8d:bb:50:41:9d:cf:4e:c5:6c:44:a3:
                    46:a4:54:56:21:36:df:77:2f:f3:95:d0:2b:9b:b3:
                    b5:34:91:16:be:a7:97:c1:55:53:7a:31:6a:a5:ee:
                    b4:d4:b6:31:03:32:5d:d8:72:a0:18:f7:a5:95:64:
                    52:a9:ff:6b:e7:98:43:b7:81:9c:a2:4e:69:2a:65:
                    c9:70:31:d7:a5:57:bb:ad:bc:9f:a5:fd:c8:3a:ba:
                    87:97:67:b3:90:b3:7c:79:a5:a6:d3:95:1e:24:1d:
                    01:4b:9c:36:9e:34:60:c6:42:72:82:eb:38:1f:d6:
                    a4:c6:27:fc:bf:98:64:1e:dd:6f:14:a6:bc:a1:6a:
                    e5:6f:34:98:b8:af:61:96:1c:64:ed:35:3a:c1:4b:
                    a4:0e:88:43:0a:7e:c2:d4:3a:6a:af:63:aa:9d:a4:
                    e4:e4:9b:d7:a3:78:90:8d:b3:15:77:12:0b:a6:99:
                    cd:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:BF:27:C0:E8:95:11:BF:84:45:BF:34:1D:A7:4D:7D:43:D0:EC:85
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/86cb1ccd-a306-4ede-8bf6-662335dd41c1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.177.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         99:37:f9:44:fc:62:92:80:41:59:78:c9:6f:06:06:b3:ab:44:
         ce:cf:db:d6:ea:fd:06:e8:70:c8:d8:d2:3b:fd:9a:39:95:df:
         25:fb:e7:f0:ff:e3:10:34:69:10:a2:2c:42:1e:50:bf:28:d3:
         ee:bb:2e:94:98:f7:8d:0a:9f:c6:72:04:ca:8e:6e:61:3c:ab:
         0c:33:6f:b5:e0:4f:ec:ff:b4:a9:82:b2:f2:08:fb:db:1e:b0:
         58:c6:ea:16:b2:69:70:61:81:d8:c2:60:9f:45:ef:09:bd:c6:
         ee:a8:55:f7:92:5d:56:e1:4e:35:2e:24:b0:95:5e:c6:02:12:
         4a:76:66:0a:2a:25:9f:52:41:f2:48:bd:41:b3:ee:3e:5f:dc:
         3d:b7:8d:14:7d:40:35:4c:a2:3f:3a:74:dc:0e:6a:9f:b9:53:
         c2:e4:ad:4e:5c:80:a5:4a:e2:a4:b5:fd:86:6f:7e:b4:56:8d:
         d0:83:30:aa:f7:95:67:39:2b:76:82:ed:a6:6e:45:ef:5f:85:
         8e:d0:48:ca:76:38:d7:0b:a0:ee:37:be:19:7d:e2:a8:84:2d:
         d8:e3:ea:12:53:b4:b4:c6:6d:1d:8f:d2:67:9b:e0:88:4c:c5:
         b7:16:7c:21:de:8f:56:a8:7f:3a:c2:5a:1d:37:45:d1:d3:e4:
         6a:12:3f:28
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbcH8K2100TLmRBgLKxLX4E6SOkowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE5MTUxMDIxWhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NDYwYzgzZjEwYTcwNmZhODBjNDI5ZjkxNWJlYTVjZGQz
YTNkMzRmNWVkMzY4YmNmNzkyMGI4NjM5ZmM5ZjUyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpGJm1/yGR/7szhSlWjnDuQelDj+gTxYue3HsjSDljdJcY
wuFXQLiDsvQEBBAmeCIoR85/cmvd+CKYOUJGXT/BVANz8plMJe+FbKYpdZ6Nu1BB
nc9OxWxEo0akVFYhNt93L/OV0Cubs7U0kRa+p5fBVVN6MWql7rTUtjEDMl3YcqAY
96WVZFKp/2vnmEO3gZyiTmkqZclwMdelV7utvJ+l/cg6uoeXZ7OQs3x5pabTlR4k
HQFLnDaeNGDGQnKC6zgf1qTGJ/y/mGQe3W8UpryhauVvNJi4r2GWHGTtNTrBS6QO
iEMKfsLUOmqvY6qdpOTkm9ejeJCNsxV3Egummc0FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUo78nwOiVEb+ERb80HadNfUPQ7IUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg2Y2IxY2NkLWEzMDYtNGVkZS04YmY2LTY2MjMzNWRkNDFjMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMPsRAwDQYJKoZIhvcNAQELBQADggEBAJk3+UT8YpKAQVl4yW8GBrOrRM7P
29bq/QbocMjY0jv9mjmV3yX75/D/4xA0aRCiLEIeUL8o0+67LpSY940Kn8ZyBMqO
bmE8qwwzb7XgT+z/tKmCsvII+9sesFjG6hayaXBhgdjCYJ9F7wm9xu6oVfeSXVbh
TjUuJLCVXsYCEkp2ZgoqJZ9SQfJIvUGz7j5f3D23jRR9QDVMoj86dNwOap+5U8Lk
rU5cgKVK4qS1/YZvfrRWjdCDMKr3lWc5K3aC7aZuRe9fhY7QSMp2ONcLoO43vhl9
4qiELdjj6hJTtLTGbR2P0meb4IhMxbcWfCHej1aofzrCWh03RdHT5GoSPyg=
-----END CERTIFICATE-----