Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a7263a9f-7172-480b-9d6d-f158ac2601a0.roa
File:                     a7263a9f-7172-480b-9d6d-f158ac2601a0.roa (raw, json)
Hash identifier:          tlipZVlbWuAxETCtPmJI0Vv1MfEMBtM51ZZG8OdGGs4=
Subject key identifier:   22:DF:3F:5C:01:AD:E7:4F:83:C2:15:A0:F7:F9:7A:67:D3:0C:AA:AF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6519A73BE92ED9798BBCA9B8DB496A74ED1A70D3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a7263a9f-7172-480b-9d6d-f158ac2601a0.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.184.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:19:a7:3b:e9:2e:d9:79:8b:bc:a9:b8:db:49:6a:74:ed:1a:70:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ed:5b:fe:8d:cd:66:10:9b:31:eb:e4:ef:e7:
                    00:72:a2:d0:7f:e8:a8:50:23:36:32:5b:fa:1e:f2:
                    53:b4:1d:20:7f:2f:7f:76:21:9e:01:2b:66:10:f5:
                    bc:8a:5c:48:91:a2:c3:8f:cf:5b:86:6d:96:2d:db:
                    91:ed:64:7c:de:ea:09:f1:01:7b:df:53:44:47:a8:
                    77:6e:75:3b:5e:97:c2:78:de:47:70:e5:f3:59:fe:
                    d1:74:19:be:b4:08:b9:d6:12:e6:ac:6a:65:14:90:
                    d6:71:93:8c:5a:d3:00:19:12:d5:84:17:15:45:14:
                    7a:4c:24:0c:1b:9b:c9:77:03:2e:3e:72:f1:b6:2b:
                    3d:54:3d:ab:31:07:49:d4:65:fe:c3:df:62:43:15:
                    de:dd:21:98:67:f5:48:66:f4:26:1b:b2:a3:12:34:
                    92:80:f4:98:61:5c:43:79:89:40:5d:f2:13:25:d2:
                    4a:3a:66:71:05:00:5b:69:41:fd:9c:29:b3:3e:57:
                    0b:03:ee:35:f0:96:f7:94:82:2b:f3:5e:8c:12:71:
                    f9:23:52:a1:ae:70:56:30:c1:73:90:f0:25:ce:84:
                    80:3a:21:4b:59:d6:da:92:5f:66:f2:ed:8d:da:b5:
                    38:e6:fb:9b:cd:0c:65:4c:a0:6b:ce:30:2f:de:6a:
                    95:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:DF:3F:5C:01:AD:E7:4F:83:C2:15:A0:F7:F9:7A:67:D3:0C:AA:AF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a7263a9f-7172-480b-9d6d-f158ac2601a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         56:a9:f2:da:86:9b:75:e5:3f:b2:0b:63:e5:ba:f2:ad:a5:fd:
         7e:2b:db:c4:9b:d0:33:5a:bc:6f:0d:28:ab:97:50:a4:be:cf:
         53:06:73:08:93:fa:e9:6a:7c:59:19:37:08:62:f1:76:5b:19:
         6f:2a:85:5a:20:6c:20:8d:82:fd:61:7b:94:ae:82:c2:0f:62:
         00:44:1c:c9:78:93:d4:a0:d9:be:67:e4:4f:8c:30:91:e5:2c:
         86:bf:72:01:e2:17:a1:bf:97:b1:45:74:43:d1:d2:fe:35:07:
         2f:64:20:c9:7d:b9:3d:37:14:36:8c:6b:6e:b0:fd:19:2d:cb:
         7a:0d:b4:cf:1c:23:d3:a5:55:4f:40:51:af:8c:fb:d4:a4:a6:
         4d:be:ce:af:b4:98:c1:51:b7:ee:66:ef:4e:6d:df:6d:3e:9b:
         c3:6d:a3:8c:4b:70:43:80:81:c3:81:1e:ad:d9:12:aa:87:ef:
         9e:0a:34:c8:b4:e7:0d:15:93:94:75:32:d4:a7:0f:37:50:ac:
         33:d0:74:b5:79:c2:17:3d:8b:df:ae:5e:cb:12:14:9c:75:cc:
         f8:c5:85:3b:f9:8d:b3:b3:57:25:55:dd:99:01:e2:30:0a:e6:
         77:bb:64:76:53:5e:02:33:11:10:51:78:af:b9:c7:0c:e1:3f:
         01:05:0c:98
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZRmnO+ku2XmLvKm420lqdO0acNMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZTQ3MGE5ZjE3NTRhYmQ0MzYwYjNjMGY1ZDZjZTc1ODM1
ODhjMWQ1OGI0Yzg1NDJiNTM5OTcxYzA5NjkzZmNmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCo7Vv+jc1mEJsx6+Tv5wByotB/6KhQIzYyW/oe8lO0HSB/
L392IZ4BK2YQ9byKXEiRosOPz1uGbZYt25HtZHze6gnxAXvfU0RHqHdudTtel8J4
3kdw5fNZ/tF0Gb60CLnWEuasamUUkNZxk4xa0wAZEtWEFxVFFHpMJAwbm8l3Ay4+
cvG2Kz1UPasxB0nUZf7D32JDFd7dIZhn9Uhm9CYbsqMSNJKA9JhhXEN5iUBd8hMl
0ko6ZnEFAFtpQf2cKbM+VwsD7jXwlveUgivzXowScfkjUqGucFYwwXOQ8CXOhIA6
IUtZ1tqSX2by7Y3atTjm+5vNDGVMoGvOMC/eapXXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIt8/XAGt50+DwhWg9/l6Z9MMqq8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E3MjYzYTlmLTcxNzItNDgwYi05ZDZkLWYxNThhYzI2MDFhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3LgwDQYJKoZIhvcNAQELBQADggEBAFap8tqGm3XlP7ILY+W68q2l/X4r
28Sb0DNavG8NKKuXUKS+z1MGcwiT+ulqfFkZNwhi8XZbGW8qhVogbCCNgv1he5Su
gsIPYgBEHMl4k9Sg2b5n5E+MMJHlLIa/cgHiF6G/l7FFdEPR0v41By9kIMl9uT03
FDaMa26w/Rkty3oNtM8cI9OlVU9AUa+M+9Skpk2+zq+0mMFRt+5m705t320+m8Nt
o4xLcEOAgcOBHq3ZEqqH754KNMi05w0Vk5R1MtSnDzdQrDPQdLV5whc9i9+uXssS
FJx1zPjFhTv5jbOzVyVV3ZkB4jAK5ne7ZHZTXgIzERBReK+5xwzhPwEFDJg=
-----END CERTIFICATE-----