Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a7263a9f-7172-480b-9d6d-f158ac2601a0.roa
File:                     a7263a9f-7172-480b-9d6d-f158ac2601a0.roa (raw, json)
Hash identifier:          lCaB709qGWyRb1ZnzKS5KrSLsek5WBAhnGmHw5vgQY8=
Subject key identifier:   EA:65:DE:A5:CF:59:36:BB:EA:30:AF:63:33:5D:A9:7A:F8:8E:D1:3F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       449B69876A744C914A6D7F2C2BFCA63DC0AC2028
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a7263a9f-7172-480b-9d6d-f158ac2601a0.roa
Signing time:             Wed 20 Aug 2025 00:30:15 +0000
ROA not before:           Wed 20 Aug 2025 00:30:15 +0000
ROA not after:            Wed 24 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.184.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:9b:69:87:6a:74:4c:91:4a:6d:7f:2c:2b:fc:a6:3d:c0:ac:20:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 20 00:30:15 2025 GMT
            Not After : Sep 24 23:59:59 2025 GMT
        Subject: serialNumber=eb62daecb6ad5a45b9f68c75b698799932855e01e7b3eae18b7467cc742dd16d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:0e:3f:22:5e:54:7f:d6:a3:7f:ec:df:65:7f:
                    9e:1c:87:eb:f6:66:f0:68:50:f9:45:90:be:3f:32:
                    66:df:5f:9e:09:20:77:75:43:b9:7c:23:39:83:25:
                    e3:06:8a:d5:e2:b4:42:6e:a4:f0:88:0a:85:cc:ac:
                    7f:82:6b:d7:37:a4:3b:fc:40:0a:43:94:c8:be:65:
                    38:75:7c:29:1a:45:c2:5c:c8:d9:9d:f0:c2:7e:50:
                    36:11:fc:c8:0a:94:62:b6:15:ff:cd:ca:02:38:3f:
                    32:21:f7:46:69:0d:c9:8a:77:ea:c2:66:45:38:1a:
                    5d:01:94:50:7a:da:cf:65:b8:09:c7:fe:1c:b8:05:
                    f5:54:bd:0d:d5:ef:f7:32:cd:b5:22:4f:9e:cc:84:
                    ec:a0:59:0c:1b:9b:8b:58:68:0f:9e:7b:58:c5:f2:
                    50:4f:f4:5b:8b:ec:d3:26:ec:82:09:63:17:65:3e:
                    5d:94:ef:93:fb:64:77:f5:fe:e6:fb:56:29:95:93:
                    99:6e:94:92:15:e2:64:e0:a4:05:42:7d:38:da:56:
                    4d:08:b7:84:c2:d5:27:68:4d:fb:f2:ed:fb:a4:e4:
                    8c:f7:43:5f:1c:6c:4c:4d:66:06:ad:c9:04:d0:ad:
                    1f:79:bf:de:3d:29:c2:ef:d6:c8:78:86:91:4e:ea:
                    43:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:65:DE:A5:CF:59:36:BB:EA:30:AF:63:33:5D:A9:7A:F8:8E:D1:3F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a7263a9f-7172-480b-9d6d-f158ac2601a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1d:e4:4c:11:4e:ff:7b:2d:67:30:b0:95:cb:77:06:76:30:ab:
         f1:9a:13:05:62:da:22:d2:55:d8:3e:0e:0c:76:6e:63:e5:2c:
         34:1f:25:69:18:a2:61:0d:ec:93:af:2a:96:21:7e:33:1e:5c:
         5a:cb:6a:e2:03:59:61:0a:38:be:ba:c1:a3:90:d6:43:67:7d:
         62:fc:0f:90:da:23:9e:44:be:2b:68:17:87:07:d8:fc:32:90:
         6f:cc:2b:46:f5:14:b2:4d:73:ca:c2:69:fe:89:d6:e3:87:d2:
         4e:9a:55:74:b1:72:06:21:00:02:d3:4c:28:62:1f:10:e3:5b:
         42:24:a1:41:14:3f:4b:03:77:9c:11:4e:d4:6f:1f:ab:34:e1:
         27:53:6f:10:50:d2:9c:27:a8:07:9a:bf:aa:d1:95:59:9a:82:
         a7:bf:0f:cd:ee:f7:d6:86:46:e3:70:4a:1a:6d:4f:3c:71:4f:
         2b:ac:07:dc:07:78:09:c3:e0:9e:ab:0e:d5:74:83:03:76:25:
         8d:5b:e5:45:f0:88:62:de:fe:bb:94:b4:ed:51:a4:43:4f:1d:
         d9:38:64:a4:e8:f8:0a:bd:c2:c4:7e:91:dd:64:93:d8:87:9f:
         0b:82:ca:e1:6f:43:4f:ef:43:6e:cc:48:eb:78:d9:f5:b6:4c:
         b0:33:c6:cf
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURJtph2p0TJFKbX8sK/ymPcCsICgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODIwMDAzMDE1WhcNMjUwOTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYjYyZGFlY2I2YWQ1YTQ1YjlmNjhjNzViNjk4Nzk5OTMy
ODU1ZTAxZTdiM2VhZTE4Yjc0NjdjYzc0MmRkMTZkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVDj8iXlR/1qN/7N9lf54ch+v2ZvBoUPlFkL4/MmbfX54J
IHd1Q7l8IzmDJeMGitXitEJupPCICoXMrH+Ca9c3pDv8QApDlMi+ZTh1fCkaRcJc
yNmd8MJ+UDYR/MgKlGK2Ff/NygI4PzIh90ZpDcmKd+rCZkU4Gl0BlFB62s9luAnH
/hy4BfVUvQ3V7/cyzbUiT57MhOygWQwbm4tYaA+ee1jF8lBP9FuL7NMm7IIJYxdl
Pl2U75P7ZHf1/ub7VimVk5lulJIV4mTgpAVCfTjaVk0It4TC1SdoTfvy7fuk5Iz3
Q18cbExNZgatyQTQrR95v949KcLv1sh4hpFO6kO3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6mXepc9ZNrvqMK9jM12peviO0T8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E3MjYzYTlmLTcxNzItNDgwYi05ZDZkLWYxNThhYzI2MDFhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3LgwDQYJKoZIhvcNAQELBQADggEBAB3kTBFO/3stZzCwlct3BnYwq/Ga
EwVi2iLSVdg+Dgx2bmPlLDQfJWkYomEN7JOvKpYhfjMeXFrLauIDWWEKOL66waOQ
1kNnfWL8D5DaI55EvitoF4cH2PwykG/MK0b1FLJNc8rCaf6J1uOH0k6aVXSxcgYh
AALTTChiHxDjW0IkoUEUP0sDd5wRTtRvH6s04SdTbxBQ0pwnqAeav6rRlVmagqe/
D83u99aGRuNwShptTzxxTyusB9wHeAnD4J6rDtV0gwN2JY1b5UXwiGLe/ruUtO1R
pENPHdk4ZKTo+Aq9wsR+kd1kk9iHnwuCyuFvQ0/vQ27MSOt42fW2TLAzxs8=
-----END CERTIFICATE-----