Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc9009b0-19f7-4ca9-911b-e035c960f977.roa
File:                     bc9009b0-19f7-4ca9-911b-e035c960f977.roa (raw, json)
Hash identifier:          Cc3Y4oBqyQEVCQ1Z2HXDTtm93w+Om/C4esMY1WsWag8=
Subject key identifier:   30:1C:CD:06:16:2D:17:72:5B:1B:B9:D2:29:6A:3A:C7:6A:3B:66:0F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       516292C026B1250D59E79C229E50E7CF75D4F41C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc9009b0-19f7-4ca9-911b-e035c960f977.roa
Signing time:             Tue 05 Aug 2025 16:31:30 +0000
ROA not before:           Tue 05 Aug 2025 16:31:30 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.206.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:62:92:c0:26:b1:25:0d:59:e7:9c:22:9e:50:e7:cf:75:d4:f4:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  5 16:31:30 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=0fa2a31f37d943d79d6f1cd1af8238c79ded132d2fe8d19dd3a8ceb3be10b6ea, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a1:f7:ea:c5:79:18:b7:d0:c3:2b:b1:99:8a:
                    81:10:49:59:ce:75:e4:52:6b:36:87:00:e3:93:72:
                    c4:5b:39:4f:4a:dd:41:f8:d4:17:29:df:0f:54:c7:
                    2c:7a:bb:b7:92:6b:0c:00:b0:0f:e6:d4:2d:16:f6:
                    f2:34:e7:a4:b0:8c:16:59:d2:e6:e0:fb:0e:ff:bb:
                    4d:54:f5:f4:a7:e0:1c:ab:65:f1:89:98:6c:f3:2f:
                    9c:27:ff:8a:e3:b8:b2:0c:d7:77:78:57:3e:58:d0:
                    f2:33:29:8b:69:cc:9e:ae:a2:2c:5c:f1:a0:d0:f3:
                    e7:23:eb:08:24:48:6a:1b:2a:18:6f:89:7b:1b:56:
                    d1:ae:34:cb:75:87:8e:34:52:88:d4:41:b5:9a:36:
                    ed:ae:85:c7:c6:19:32:02:0d:d3:56:86:51:a3:f7:
                    8a:24:13:42:45:cf:df:59:b7:cb:fa:b2:2d:7e:39:
                    9b:77:66:5d:32:ef:f7:92:e4:d1:26:42:41:29:6f:
                    7d:00:80:48:c7:f0:92:33:f1:fe:11:51:8d:6b:35:
                    10:51:1a:a1:fc:4d:ed:46:c0:57:83:11:fc:56:07:
                    bc:d6:dc:29:a6:cf:6b:bc:8c:f9:76:cf:c4:4f:5f:
                    0a:01:80:7b:bd:7c:de:1f:0f:99:41:5b:40:5d:c7:
                    c1:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:1C:CD:06:16:2D:17:72:5B:1B:B9:D2:29:6A:3A:C7:6A:3B:66:0F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc9009b0-19f7-4ca9-911b-e035c960f977.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.206.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         49:3e:64:68:83:fd:10:26:21:c6:f1:c1:47:82:0a:d4:6d:72:
         ea:0e:76:1d:e2:25:78:19:48:2c:10:91:f1:48:ff:c6:1c:1a:
         91:7c:60:26:61:fc:2d:2d:69:6d:a5:a0:1c:c8:5b:36:c4:b7:
         59:7c:c2:30:99:56:00:59:2b:92:17:4d:28:91:9d:42:ec:28:
         e5:8b:c7:e9:36:de:cf:e5:65:e8:a5:8e:b5:81:b0:45:f3:06:
         7a:76:b9:a9:4f:5b:59:a0:31:ab:98:c3:2e:e1:d0:e8:66:44:
         6b:4b:31:6d:dc:80:36:49:d6:17:c2:00:60:d7:28:f6:4d:af:
         f6:88:16:2e:dd:ea:3f:34:59:c6:34:2f:b0:0c:f9:00:fa:aa:
         8f:e2:ce:b7:c0:d9:18:6c:65:2f:87:ab:60:70:fb:06:7d:56:
         a0:81:40:e9:b1:22:f2:40:5c:35:57:d1:9f:82:f3:b4:25:5c:
         24:4f:ab:34:83:6b:06:c9:9c:79:cc:4d:7b:1b:b5:3e:a6:3d:
         cd:da:e3:0f:0e:67:07:f7:0f:2e:67:ed:da:bf:86:da:3d:5d:
         f5:23:6f:16:75:6c:8c:a2:12:e9:87:d4:4a:40:85:45:9a:64:
         5e:b6:b7:91:b3:5e:43:d9:04:01:48:1b:19:f3:ed:13:69:b7:
         28:6e:79:a7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUWKSwCaxJQ1Z55winlDnz3XU9BwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA1MTYzMTMwWhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZmEyYTMxZjM3ZDk0M2Q3OWQ2ZjFjZDFhZjgyMzhjNzlk
ZWQxMzJkMmZlOGQxOWRkM2E4Y2ViM2JlMTBiNmVhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaoffqxXkYt9DDK7GZioEQSVnOdeRSazaHAOOTcsRbOU9K
3UH41Bcp3w9Uxyx6u7eSawwAsA/m1C0W9vI056SwjBZZ0ubg+w7/u01U9fSn4Byr
ZfGJmGzzL5wn/4rjuLIM13d4Vz5Y0PIzKYtpzJ6uoixc8aDQ8+cj6wgkSGobKhhv
iXsbVtGuNMt1h440UojUQbWaNu2uhcfGGTICDdNWhlGj94okE0JFz99Zt8v6si1+
OZt3Zl0y7/eS5NEmQkEpb30AgEjH8JIz8f4RUY1rNRBRGqH8Te1GwFeDEfxWB7zW
3Cmmz2u8jPl2z8RPXwoBgHu9fN4fD5lBW0Bdx8FxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMBzNBhYtF3JbG7nSKWo6x2o7Zg8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JjOTAwOWIwLTE5ZjctNGNhOS05MTFiLWUwMzVjOTYwZjk3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEPzjANBgkqhkiG9w0BAQsFAAOCAQEAST5kaIP9ECYhxvHBR4IK1G1y6g52
HeIleBlILBCR8Uj/xhwakXxgJmH8LS1pbaWgHMhbNsS3WXzCMJlWAFkrkhdNKJGd
Quwo5YvH6Tbez+Vl6KWOtYGwRfMGena5qU9bWaAxq5jDLuHQ6GZEa0sxbdyANknW
F8IAYNco9k2v9ogWLt3qPzRZxjQvsAz5APqqj+LOt8DZGGxlL4erYHD7Bn1WoIFA
6bEi8kBcNVfRn4LztCVcJE+rNINrBsmcecxNexu1PqY9zdrjDw5nB/cPLmft2r+G
2j1d9SNvFnVsjKIS6YfUSkCFRZpkXra3kbNeQ9kEAUgbGfPtE2m3KG55pw==
-----END CERTIFICATE-----