Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/88f09a26-8b70-4d31-b73b-01df50c56e50.roa
File:                     88f09a26-8b70-4d31-b73b-01df50c56e50.roa (raw, json)
Hash identifier:          K0fpmtp6aTvA50flQKe93Nla8fo/cARBOSWEtJAlJuY=
Subject key identifier:   E6:1F:D2:E5:70:A6:A6:07:9F:7C:00:B1:11:EC:81:E1:34:10:70:CA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3DC08DF3C7D073055F43A988DCD370A6B416178C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/88f09a26-8b70-4d31-b73b-01df50c56e50.roa
Signing time:             Tue 08 Jul 2025 17:51:41 +0000
ROA not before:           Tue 08 Jul 2025 17:51:41 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     6167
IP address blocks:        155.146.128.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 02 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:c0:8d:f3:c7:d0:73:05:5f:43:a9:88:dc:d3:70:a6:b4:16:17:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul  8 17:51:41 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=4875b473d430e67629fde8751f7e6e98d50da3129be44ca74eb101a6fc75f299, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a1:a6:08:5e:bc:e8:98:61:8d:ee:e5:4f:04:
                    a4:26:24:33:c8:fb:b2:8f:16:db:c6:91:44:5e:79:
                    77:0d:cd:b3:bf:46:5d:10:b0:f8:66:48:36:27:79:
                    53:ee:1a:e1:5d:21:a7:e7:62:66:e0:8e:84:8c:69:
                    4b:a7:07:f7:05:ea:fc:96:75:5d:8c:2c:b9:84:13:
                    62:b3:f4:b8:4e:5f:94:27:7d:1f:4a:33:1e:44:80:
                    5a:e1:b8:2c:c2:4c:22:20:a0:d9:7b:a7:82:97:f2:
                    6a:90:38:ac:fb:2d:e6:ab:f3:93:d0:c0:24:e0:4f:
                    0b:f1:4e:04:31:fd:02:53:f7:f3:a5:04:5c:d3:f9:
                    40:58:15:ad:d0:c0:c8:b9:05:84:db:36:f9:15:d4:
                    e2:9e:e1:18:5f:3a:d5:4d:e0:85:c7:f6:02:3d:1f:
                    21:83:83:34:2c:e0:ab:dc:28:3d:fc:90:ec:19:69:
                    93:5f:f8:7c:ff:f3:a2:c2:05:92:76:81:a0:fe:32:
                    16:9c:37:e4:57:07:11:f1:8f:6f:6e:90:49:55:c0:
                    64:8b:e9:19:c7:53:d3:7c:26:d1:1a:61:15:57:86:
                    88:ce:10:c8:3f:8f:00:39:5c:99:ef:e0:01:60:8d:
                    d0:3e:4e:24:ab:26:1a:79:3c:0b:a6:b2:c2:d4:95:
                    f1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:1F:D2:E5:70:A6:A6:07:9F:7C:00:B1:11:EC:81:E1:34:10:70:CA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/88f09a26-8b70-4d31-b73b-01df50c56e50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.146.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2b:93:68:40:6e:8b:e2:44:1b:56:88:ef:25:2e:12:7f:3d:a7:
         fc:c4:1b:10:f7:01:8b:aa:bf:0f:9b:28:6c:ec:70:f4:53:6b:
         24:3e:1e:c4:71:e6:d0:51:df:c8:28:80:86:20:f0:c3:46:ed:
         91:f3:7f:84:6e:6c:59:96:5c:3d:0e:f5:ba:94:59:2c:d9:7c:
         5e:ba:5e:5b:c6:ae:c4:54:77:f1:73:8c:dd:3c:82:95:c0:31:
         4d:4e:bc:a4:29:9e:13:03:4f:73:bf:9d:22:9b:11:3b:de:21:
         7b:93:a5:7a:34:11:15:e2:31:52:24:71:a6:e6:c6:8d:ff:51:
         58:2e:85:35:12:94:f5:66:5b:04:20:9f:5f:d8:72:7e:1d:c8:
         8f:ea:69:ba:0a:39:04:73:b0:b5:a7:a0:9c:37:0b:1f:d6:b3:
         cf:68:0b:e4:77:d7:83:fa:56:a4:8d:54:27:28:ea:76:cb:33:
         bb:fc:4c:fe:76:1d:09:3f:52:72:29:bd:f4:c7:b9:b6:83:9d:
         64:92:d3:ad:58:81:b6:31:25:0e:a4:ff:14:7e:94:c9:18:db:
         cc:58:b4:3e:bc:5a:39:e6:a8:b5:45:97:98:b1:a7:86:10:7e:
         e8:00:de:c8:30:80:26:10:a4:ca:bf:f0:b5:99:f8:17:df:7f:
         df:01:47:fa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPcCN88fQcwVfQ6mI3NNwprQWF4wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzA4MTc1MTQxWhcNMjUwODEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODc1YjQ3M2Q0MzBlNjc2MjlmZGU4NzUxZjdlNmU5OGQ1
MGRhMzEyOWJlNDRjYTc0ZWIxMDFhNmZjNzVmMjk5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1oaYIXrzomGGN7uVPBKQmJDPI+7KPFtvGkUReeXcNzbO/
Rl0QsPhmSDYneVPuGuFdIafnYmbgjoSMaUunB/cF6vyWdV2MLLmEE2Kz9LhOX5Qn
fR9KMx5EgFrhuCzCTCIgoNl7p4KX8mqQOKz7Lear85PQwCTgTwvxTgQx/QJT9/Ol
BFzT+UBYFa3QwMi5BYTbNvkV1OKe4RhfOtVN4IXH9gI9HyGDgzQs4KvcKD38kOwZ
aZNf+Hz/86LCBZJ2gaD+MhacN+RXBxHxj29ukElVwGSL6RnHU9N8JtEaYRVXhojO
EMg/jwA5XJnv4AFgjdA+TiSrJhp5PAumssLUlfGFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5h/S5XCmpgeffACxEeyB4TQQcMowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg4ZjA5YTI2LThiNzAtNGQzMS1iNzNiLTAxZGY1MGM1NmU1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASbkoAwDQYJKoZIhvcNAQELBQADggEBACuTaEBui+JEG1aI7yUuEn89p/zE
GxD3AYuqvw+bKGzscPRTayQ+HsRx5tBR38gogIYg8MNG7ZHzf4RubFmWXD0O9bqU
WSzZfF66XlvGrsRUd/FzjN08gpXAMU1OvKQpnhMDT3O/nSKbETveIXuTpXo0ERXi
MVIkcabmxo3/UVguhTUSlPVmWwQgn1/Ycn4dyI/qaboKOQRzsLWnoJw3Cx/Ws89o
C+R314P6VqSNVCco6nbLM7v8TP52HQk/UnIpvfTHubaDnWSS061YgbYxJQ6k/xR+
lMkY28xYtD68WjnmqLVFl5ixp4YQfugA3sgwgCYQpMq/8LWZ+Bfff98BR/o=
-----END CERTIFICATE-----