Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ac90cb56-bc99-4676-b64a-509a8ac49d6d.roa
File:                     ac90cb56-bc99-4676-b64a-509a8ac49d6d.roa (raw, json)
Hash identifier:          4GVZ+Du2TPd/GQ65Ffp2EAYn23Kr/kTC4XzoavPoVd4=
Subject key identifier:   50:E1:48:2D:6F:EF:DA:50:A5:E9:0D:21:D3:72:8D:6A:F8:DF:C4:39
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1F2B091D9128AE53E053C983DBDEE0306AD11756
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ac90cb56-bc99-4676-b64a-509a8ac49d6d.roa
Signing time:             Fri 07 Feb 2025 00:00:00 +0000
ROA not before:           Fri 07 Feb 2025 00:00:00 +0000
ROA not after:            Fri 14 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.193.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:2b:09:1d:91:28:ae:53:e0:53:c9:83:db:de:e0:30:6a:d1:17:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb  7 00:00:00 2025 GMT
            Not After : Mar 14 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e7:bd:dd:8a:79:6a:19:93:8d:65:a1:32:6c:
                    50:0a:9f:67:3f:6b:13:8c:93:23:89:57:71:ea:fc:
                    3e:00:61:a7:57:e7:f8:e4:f1:c5:0c:fc:e1:82:50:
                    7d:97:79:10:fd:98:af:99:e8:28:41:99:b3:3a:65:
                    c3:63:2b:5d:bf:71:07:cc:61:a8:4a:c1:41:d6:8f:
                    10:63:44:c2:0d:96:d4:dc:91:d2:ab:bd:43:c8:d7:
                    48:be:1e:33:d1:dc:77:ff:3c:75:a7:8c:c1:3b:19:
                    fe:8c:df:c0:11:1a:38:33:62:0e:6f:3f:34:ae:5d:
                    14:1c:2b:df:42:75:1a:e3:d9:b3:1c:4a:86:85:c2:
                    d1:75:d2:55:e5:bf:ca:79:1e:a9:c2:e3:71:20:23:
                    a1:8b:9e:5f:27:85:13:5c:bc:19:c3:7c:20:a7:98:
                    19:b5:50:bf:f4:86:54:e3:df:76:15:0b:ed:4e:67:
                    4a:9c:c7:06:6b:75:65:f9:64:50:e5:a9:e7:97:b8:
                    c6:53:19:78:7b:f6:76:5e:d4:a5:a1:fa:b4:16:5c:
                    40:79:19:21:84:64:fd:e7:87:65:0d:00:ba:18:52:
                    0b:8c:96:8d:72:59:8a:4d:8f:ff:c4:1d:4c:d5:a0:
                    3d:a1:45:42:e6:59:87:fc:ed:d5:a0:c7:a4:c0:e8:
                    50:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E1:48:2D:6F:EF:DA:50:A5:E9:0D:21:D3:72:8D:6A:F8:DF:C4:39
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ac90cb56-bc99-4676-b64a-509a8ac49d6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.193.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:c7:1e:bd:e2:d0:35:dc:dd:38:15:9c:bc:97:d2:3d:49:41:
         76:57:a0:89:84:83:5f:fa:47:0b:19:ca:98:a1:2f:69:d6:e6:
         c4:35:82:96:31:ed:5b:d2:55:a9:36:7c:6d:e2:b4:d6:fc:4c:
         f5:ed:f1:7b:68:ca:96:25:df:2c:2e:56:be:21:86:44:33:b7:
         2c:33:1c:d5:c7:e7:6e:d0:14:d5:bc:46:2e:56:6d:47:ec:6a:
         fd:5e:42:8c:d2:e7:03:a1:51:ea:e4:4d:06:94:0c:45:75:49:
         8b:cb:10:f4:8f:b8:3a:43:d9:14:27:db:b3:1c:b9:c1:50:4f:
         ef:66:63:d7:af:d1:0a:b1:a1:72:5f:70:22:05:d1:32:cb:71:
         f6:c9:12:87:5a:72:73:ed:23:c9:8d:84:b9:a3:74:b6:8c:f3:
         b9:e3:38:18:99:2d:ae:4b:f5:99:5d:04:0d:99:f9:53:a4:39:
         0b:15:9c:28:2a:24:43:e5:9a:b2:a9:64:c6:71:11:fd:ec:43:
         a7:3e:26:15:b4:59:b1:7a:c8:f2:c0:74:74:13:df:5f:a1:73:
         5b:40:06:36:7d:f8:f9:05:e6:18:ee:b7:53:d0:a8:37:5a:aa:
         0d:db:df:b5:cc:c9:9b:48:62:09:9e:6e:e1:bd:f4:9d:0f:d2:
         0e:df:2d:fc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHysJHZEorlPgU8mD297gMGrRF1YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMjA3MDAwMDAwWhcNMjUwMzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZjBiMzM0NWY0NDUwNzllZmJkMmMyMDRkYjI1NzY5M2Qx
NGRjOTk5NmZjNmVjN2U3ODAzOWU4ZTcwYzc0NjQ5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCu573dinlqGZONZaEybFAKn2c/axOMkyOJV3Hq/D4AYadX
5/jk8cUM/OGCUH2XeRD9mK+Z6ChBmbM6ZcNjK12/cQfMYahKwUHWjxBjRMINltTc
kdKrvUPI10i+HjPR3Hf/PHWnjME7Gf6M38ARGjgzYg5vPzSuXRQcK99CdRrj2bMc
SoaFwtF10lXlv8p5HqnC43EgI6GLnl8nhRNcvBnDfCCnmBm1UL/0hlTj33YVC+1O
Z0qcxwZrdWX5ZFDlqeeXuMZTGXh79nZe1KWh+rQWXEB5GSGEZP3nh2UNALoYUguM
lo1yWYpNj//EHUzVoD2hRULmWYf87dWgx6TA6FDHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUOFILW/v2lCl6Q0h03KNavjfxDkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FjOTBjYjU2LWJjOTktNDY3Ni1iNjRhLTUwOWE4YWM0OWQ2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPwQkwDQYJKoZIhvcNAQELBQADggEBAGjHHr3i0DXc3TgVnLyX0j1JQXZX
oImEg1/6RwsZypihL2nW5sQ1gpYx7VvSVak2fG3itNb8TPXt8XtoypYl3ywuVr4h
hkQztywzHNXH527QFNW8Ri5WbUfsav1eQozS5wOhUerkTQaUDEV1SYvLEPSPuDpD
2RQn27McucFQT+9mY9ev0QqxoXJfcCIF0TLLcfbJEodacnPtI8mNhLmjdLaM87nj
OBiZLa5L9ZldBA2Z+VOkOQsVnCgqJEPlmrKpZMZxEf3sQ6c+JhW0WbF6yPLAdHQT
31+hc1tABjZ9+PkF5hjut1PQqDdaqg3b37XMyZtIYgmebuG99J0P0g7fLfw=
-----END CERTIFICATE-----