Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a40471e2-3637-4ea5-abe1-c56419621870.roa
File:                     a40471e2-3637-4ea5-abe1-c56419621870.roa (raw, json)
Hash identifier:          lJfbK6fnOHyc4ybSuotU45wuOXNBsWFFem4QMcZMWTE=
Subject key identifier:   EA:86:5A:32:FB:B9:8B:6D:DC:B0:C0:AF:BF:39:FE:13:A6:25:C3:5A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       65711C25F15D768C99200C5836AA97207A6338DD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a40471e2-3637-4ea5-abe1-c56419621870.roa
Signing time:             Tue 23 Sep 2025 17:02:30 +0000
ROA not before:           Tue 23 Sep 2025 17:02:30 +0000
ROA not after:            Tue 28 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        150.222.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:71:1c:25:f1:5d:76:8c:99:20:0c:58:36:aa:97:20:7a:63:38:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 23 17:02:30 2025 GMT
            Not After : Oct 28 23:59:59 2025 GMT
        Subject: serialNumber=86f263ff2b9862644207a1a4a115bfbd73f70dba5d469c51001e3838fcee652a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:0c:24:c6:75:50:77:c0:25:94:f2:e6:09:7c:
                    28:23:65:3a:af:4e:46:c2:2f:8e:23:1c:bf:52:1e:
                    cc:0c:35:d2:3a:25:f4:23:4c:bd:4e:2b:0a:60:e5:
                    6e:24:2f:1a:71:f8:c5:49:6b:81:7d:ba:ff:52:bc:
                    3f:17:89:8e:b3:50:56:d0:ed:bd:7a:99:8f:87:db:
                    24:af:30:24:f3:97:ce:89:06:96:74:c2:97:55:bc:
                    d2:51:2a:5a:f6:29:db:15:6e:44:9d:95:e5:8e:44:
                    9b:a1:75:a9:99:10:56:e9:d5:9f:31:0d:18:79:fb:
                    f6:5e:54:f7:c0:d3:db:fe:a9:2b:8e:2c:02:8e:9b:
                    1c:51:2c:ef:86:62:68:03:ef:c3:14:4b:a0:1e:5d:
                    2d:9d:07:51:57:7a:7b:f4:14:fe:a3:9b:ca:59:19:
                    89:cc:21:e5:18:51:e7:cb:07:9c:16:55:91:c6:0f:
                    a7:b4:5e:27:a8:98:ff:e4:30:c8:66:3f:f4:ea:69:
                    98:c6:5f:78:bd:b6:90:0b:9d:fd:13:ac:0b:5e:8c:
                    51:80:15:f1:b6:ac:03:a5:cd:1d:80:47:a2:c8:38:
                    df:46:e3:db:8b:61:25:5b:bb:8e:8c:46:c6:a1:96:
                    93:e7:6f:93:08:9a:96:bb:c7:a4:b8:31:81:bc:eb:
                    b7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:86:5A:32:FB:B9:8B:6D:DC:B0:C0:AF:BF:39:FE:13:A6:25:C3:5A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a40471e2-3637-4ea5-abe1-c56419621870.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:a2:29:41:e6:3c:c9:04:92:51:a6:08:0f:3d:d2:99:08:9e:
         05:d6:ab:b3:4e:31:77:ce:4b:a8:3c:09:54:4d:d3:0d:8c:9b:
         90:24:82:cb:0e:85:10:56:54:93:dd:31:3f:80:3a:9e:95:48:
         cc:8b:b9:55:79:7f:ce:41:79:9e:2f:d4:9d:6f:b9:1a:c6:c3:
         99:58:30:87:f4:cc:b9:90:9d:e0:84:ce:27:e6:7e:98:61:b7:
         0a:73:b4:94:37:84:ef:c9:27:76:1d:12:47:84:41:63:55:20:
         db:f8:95:9a:24:1c:a7:e6:7e:ca:3a:8c:4c:a5:88:e0:af:65:
         9f:2f:1b:b9:92:02:90:72:74:b5:f9:dd:7f:14:dc:36:8b:88:
         0f:4b:77:5d:55:bd:7b:35:39:b1:5d:2b:50:9c:40:14:e5:82:
         25:88:69:70:6d:c7:76:57:bd:8d:d7:08:c4:70:fd:78:44:63:
         82:23:00:10:53:1c:ed:3c:4e:85:f1:00:cd:d9:5f:f7:ca:66:
         99:3e:d0:8e:df:d6:0e:66:87:d1:48:b8:82:1c:81:30:d8:10:
         1b:14:4c:90:0b:5d:7f:28:c3:32:da:4f:5e:6b:b0:34:9b:93:
         00:74:01:d3:4b:7a:d2:1a:84:59:eb:66:be:1d:cc:da:68:c9:
         ed:19:0f:a7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZXEcJfFddoyZIAxYNqqXIHpjON0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIzMTcwMjMwWhcNMjUxMDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NmYyNjNmZjJiOTg2MjY0NDIwN2ExYTRhMTE1YmZiZDcz
ZjcwZGJhNWQ0NjljNTEwMDFlMzgzOGZjZWU2NTJhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUDCTGdVB3wCWU8uYJfCgjZTqvTkbCL44jHL9SHswMNdI6
JfQjTL1OKwpg5W4kLxpx+MVJa4F9uv9SvD8XiY6zUFbQ7b16mY+H2ySvMCTzl86J
BpZ0wpdVvNJRKlr2KdsVbkSdleWORJuhdamZEFbp1Z8xDRh5+/ZeVPfA09v+qSuO
LAKOmxxRLO+GYmgD78MUS6AeXS2dB1FXenv0FP6jm8pZGYnMIeUYUefLB5wWVZHG
D6e0XieomP/kMMhmP/TqaZjGX3i9tpALnf0TrAtejFGAFfG2rAOlzR2AR6LION9G
49uLYSVbu46MRsahlpPnb5MImpa7x6S4MYG867eBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6oZaMvu5i23csMCvvzn+E6Ylw1owHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E0MDQ3MWUyLTM2MzctNGVhNS1hYmUxLWM1NjQxOTYyMTg3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3tgwDQYJKoZIhvcNAQELBQADggEBAEaiKUHmPMkEklGmCA890pkIngXW
q7NOMXfOS6g8CVRN0w2Mm5AkgssOhRBWVJPdMT+AOp6VSMyLuVV5f85BeZ4v1J1v
uRrGw5lYMIf0zLmQneCEzifmfphhtwpztJQ3hO/JJ3YdEkeEQWNVINv4lZokHKfm
fso6jEyliOCvZZ8vG7mSApBydLX53X8U3DaLiA9Ld11VvXs1ObFdK1CcQBTlgiWI
aXBtx3ZXvY3XCMRw/XhEY4IjABBTHO08ToXxAM3ZX/fKZpk+0I7f1g5mh9FIuIIc
gTDYEBsUTJALXX8owzLaT15rsDSbkwB0AdNLetIahFnrZr4dzNpoye0ZD6c=
-----END CERTIFICATE-----