Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/af48a471-47ad-45b4-92ba-7dee5d4a4caa.roa
File:                     af48a471-47ad-45b4-92ba-7dee5d4a4caa.roa (raw, json)
Hash identifier:          gd1CddtXx3EkczYFQW3XKe7g35ohbL86yuzSay+X7JU=
Subject key identifier:   0D:43:51:BB:A9:E7:6D:AF:11:5C:5E:BB:57:37:BE:69:90:40:CC:06
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4898EC48316A6A9C5071478CF03D46AF789C5F19
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/af48a471-47ad-45b4-92ba-7dee5d4a4caa.roa
Signing time:             Fri 26 Sep 2025 15:30:58 +0000
ROA not before:           Fri 26 Sep 2025 15:30:58 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:98:ec:48:31:6a:6a:9c:50:71:47:8c:f0:3d:46:af:78:9c:5f:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 15:30:58 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=662e658dc9295565ccea9323dd554855c7a5d1b0856c9122b5e4720a276a2d6c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:40:cb:dc:ee:c4:a8:5c:96:33:b3:89:6a:97:
                    fc:02:c2:52:0f:2f:6e:39:9a:74:53:f5:84:91:4a:
                    fd:69:8e:25:91:98:b5:74:ff:4a:d6:b3:3f:0d:de:
                    e0:43:c8:b5:6d:16:fc:51:19:36:33:18:05:fd:9e:
                    21:9a:41:94:89:eb:80:6a:05:a9:d3:ce:84:52:17:
                    5f:a6:ae:03:f1:4a:5b:f5:44:9b:e3:b8:e7:2e:55:
                    eb:44:a0:3d:e0:13:e5:d4:78:5b:4e:1a:8a:6c:b5:
                    93:e0:8c:81:f5:1f:b6:9f:99:cf:ba:50:b2:7c:bf:
                    79:d7:c6:7e:a1:dd:ce:78:a7:28:56:03:83:77:f4:
                    1e:c9:34:fb:17:19:c8:c6:51:7f:b7:20:cd:64:ea:
                    07:96:aa:05:3a:49:bc:02:eb:3e:6a:b6:f5:c8:5e:
                    06:ca:f4:60:89:e5:77:0a:a5:c1:6a:c7:f2:4f:39:
                    a9:fd:ef:41:f2:30:5c:c2:1b:00:25:2d:62:12:b1:
                    7e:de:6a:73:e7:16:a4:11:b0:52:64:07:52:40:6d:
                    46:43:b3:9b:fe:ec:88:3d:91:f8:ee:e1:f4:a5:81:
                    00:17:b3:38:a9:fc:5d:4a:55:3c:0f:01:8e:16:39:
                    c4:7f:64:23:b9:29:34:13:90:12:ff:b9:a7:77:e7:
                    94:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:43:51:BB:A9:E7:6D:AF:11:5C:5E:BB:57:37:BE:69:90:40:CC:06
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/af48a471-47ad-45b4-92ba-7dee5d4a4caa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:b7:d6:f7:cf:40:c1:9e:89:98:dd:8f:dd:5b:a8:b0:b4:28:
         34:55:2d:da:31:3d:f2:db:68:c3:69:6a:af:a8:89:0a:0e:27:
         f0:99:f9:a1:7a:e9:dc:69:ec:0b:0a:6c:84:4f:8c:75:f7:75:
         bb:f2:04:bc:3a:46:06:69:71:c6:6e:bc:97:a5:d7:c0:87:f9:
         a5:36:96:69:6c:5f:1c:60:f8:95:b9:27:4c:d6:3c:0d:ed:e1:
         32:14:95:81:8d:3e:2a:da:18:b0:c7:18:c4:df:47:f0:a7:f9:
         d5:a7:71:5e:f9:d1:19:25:a6:dc:40:06:6e:e4:7d:fe:40:e8:
         29:d8:f1:ed:04:cf:70:df:1e:9a:b1:ed:65:2d:e1:f8:26:c9:
         fe:fa:59:b2:f3:c4:ab:9c:ed:a9:9e:5c:7e:65:27:46:87:c6:
         13:d4:58:c2:54:20:45:1d:f4:b2:58:3e:47:70:14:e9:19:43:
         f3:e8:43:e4:f3:a2:94:fa:bf:04:ff:50:6a:0d:b9:ab:7a:3e:
         51:31:f3:2c:1d:fa:4a:56:fd:a7:95:57:11:ad:53:ac:2a:d2:
         60:a5:f0:36:fd:38:c0:d9:fa:00:58:cb:d6:23:75:81:68:bd:
         f7:e5:c0:29:3d:8e:f6:55:a5:0b:a8:0c:5b:74:97:23:c6:0f:
         60:8e:86:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSJjsSDFqapxQcUeM8D1Gr3icXxkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTUzMDU4WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NjJlNjU4ZGM5Mjk1NTY1Y2NlYTkzMjNkZDU1NDg1NWM3
YTVkMWIwODU2YzkxMjJiNWU0NzIwYTI3NmEyZDZjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdQMvc7sSoXJYzs4lql/wCwlIPL245mnRT9YSRSv1pjiWR
mLV0/0rWsz8N3uBDyLVtFvxRGTYzGAX9niGaQZSJ64BqBanTzoRSF1+mrgPxSlv1
RJvjuOcuVetEoD3gE+XUeFtOGopstZPgjIH1H7afmc+6ULJ8v3nXxn6h3c54pyhW
A4N39B7JNPsXGcjGUX+3IM1k6geWqgU6SbwC6z5qtvXIXgbK9GCJ5XcKpcFqx/JP
Oan970HyMFzCGwAlLWISsX7eanPnFqQRsFJkB1JAbUZDs5v+7Ig9kfju4fSlgQAX
szip/F1KVTwPAY4WOcR/ZCO5KTQTkBL/uad355RJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDUNRu6nnba8RXF67Vze+aZBAzAYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FmNDhhNDcxLTQ3YWQtNDViNC05MmJhLTdkZWU1ZDRhNGNhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIP3MAwDQYJKoZIhvcNAQELBQADggEBAGS31vfPQMGeiZjdj91bqLC0KDRV
LdoxPfLbaMNpaq+oiQoOJ/CZ+aF66dxp7AsKbIRPjHX3dbvyBLw6RgZpccZuvJel
18CH+aU2lmlsXxxg+JW5J0zWPA3t4TIUlYGNPiraGLDHGMTfR/Cn+dWncV750Rkl
ptxABm7kff5A6CnY8e0Ez3DfHpqx7WUt4fgmyf76WbLzxKuc7ameXH5lJ0aHxhPU
WMJUIEUd9LJYPkdwFOkZQ/PoQ+TzopT6vwT/UGoNuat6PlEx8ywd+kpW/aeVVxGt
U6wq0mCl8Db9OMDZ+gBYy9YjdYFovfflwCk9jvZVpQuoDFt0lyPGD2COhnI=
-----END CERTIFICATE-----