Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc9009b0-19f7-4ca9-911b-e035c960f977.roa
File:                     bc9009b0-19f7-4ca9-911b-e035c960f977.roa (raw, json)
Hash identifier:          SzxU9TwASsK67JSb1fKZ2T8997OVxGYuE57A+b54E1I=
Subject key identifier:   5B:0A:AA:CC:28:A4:31:14:D0:45:B0:C5:9A:1E:2F:DD:1C:9B:02:FC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       79890593103FE0F379C8DCCDD915524C043485E0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc9009b0-19f7-4ca9-911b-e035c960f977.roa
Signing time:             Mon 16 Jun 2025 17:01:27 +0000
ROA not before:           Mon 16 Jun 2025 17:01:27 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.206.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 03 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:89:05:93:10:3f:e0:f3:79:c8:dc:cd:d9:15:52:4c:04:34:85:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 16 17:01:27 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=61631c2c6db6e42a40b3513d86f53f591965aea24612a66c13d1a6f6633d0837, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:25:00:5e:5a:ba:02:14:ce:6a:dd:56:bf:5e:
                    c7:9e:0d:34:89:04:6e:57:97:08:a4:99:35:80:9f:
                    59:ce:96:b8:d0:dc:96:1a:d4:fa:ff:d2:49:f8:f1:
                    f6:fe:ef:b6:27:86:c0:02:c2:da:f0:48:89:3c:d8:
                    43:0c:fc:cb:cf:c7:fc:76:48:22:14:c2:4a:d8:be:
                    db:e6:d8:da:62:67:bb:3e:11:d8:5f:5c:e4:86:d1:
                    ce:df:8b:01:43:21:65:a5:53:ac:c0:fe:cb:b8:25:
                    f3:3a:95:f0:cf:c4:47:ad:9d:be:5e:99:bf:e6:6b:
                    54:95:09:2b:b1:da:a8:9f:c8:73:82:1c:1a:38:0e:
                    16:af:5a:fe:41:ab:56:f7:aa:2a:87:6d:52:33:29:
                    c1:ce:a9:49:f4:41:69:5b:9f:85:a2:5f:ae:a8:94:
                    fa:a7:45:e6:d2:38:7b:7c:1c:45:13:13:c7:81:1c:
                    74:cb:42:d9:0d:4e:75:9e:4b:85:bd:8e:49:6a:ca:
                    59:c6:0d:32:55:25:d8:8e:d1:6c:d8:a4:9b:a7:dd:
                    02:21:b1:3b:23:f1:5a:e7:b1:4b:94:a7:57:07:2f:
                    c2:33:f4:86:d3:cb:70:6c:42:ba:86:33:f9:17:44:
                    09:29:24:c2:ac:9d:5e:25:4b:f1:35:ae:30:99:74:
                    22:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:0A:AA:CC:28:A4:31:14:D0:45:B0:C5:9A:1E:2F:DD:1C:9B:02:FC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc9009b0-19f7-4ca9-911b-e035c960f977.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.206.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         85:00:c4:a4:52:bf:23:66:38:4f:15:0b:d3:82:61:29:34:a2:
         46:f0:1d:f2:9a:69:e9:5e:57:97:9f:b1:24:dc:09:79:c8:6e:
         60:94:3b:b1:c0:f2:60:c1:2c:ae:79:cd:4f:52:5f:8b:11:02:
         7e:92:e2:65:05:24:73:45:c9:74:d7:cd:01:b0:ad:f7:b4:18:
         db:36:bb:d1:42:5b:7c:3d:34:19:54:4c:f4:36:9d:d3:ff:b4:
         d6:bb:d3:c8:0a:49:9c:37:6c:4d:a4:ff:3d:c6:ba:eb:18:8e:
         a8:2e:24:11:7a:2d:db:55:e7:a3:a6:17:cd:ae:ff:16:d4:1c:
         e5:29:79:4a:3c:d3:3c:db:2f:f3:27:1f:6a:fb:09:06:40:8d:
         2e:82:bd:8c:48:0a:fb:d4:f9:2e:19:6a:c0:8c:ed:b1:6a:4e:
         d3:b5:10:e2:ff:eb:2c:b7:f4:e0:45:86:8a:dd:7c:c6:e7:07:
         69:8d:24:5c:c9:60:e2:55:be:24:b1:64:5e:5c:2a:b5:c5:77:
         4e:cb:80:e4:d3:75:cc:cc:3d:27:09:c4:b0:c0:df:4d:cc:eb:
         bc:c9:fa:ad:1a:de:b9:f1:26:3c:26:51:e3:e1:7d:3e:52:6f:
         4e:f9:51:d2:bf:19:99:d9:c1:f8:1e:ae:bb:b2:59:75:d8:36:
         ca:58:6b:2d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeYkFkxA/4PN5yNzN2RVSTAQ0heAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjE2MTcwMTI3WhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTYzMWMyYzZkYjZlNDJhNDBiMzUxM2Q4NmY1M2Y1OTE5
NjVhZWEyNDYxMmE2NmMxM2QxYTZmNjYzM2QwODM3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCLJQBeWroCFM5q3Va/XseeDTSJBG5XlwikmTWAn1nOlrjQ
3JYa1Pr/0kn48fb+77YnhsACwtrwSIk82EMM/MvPx/x2SCIUwkrYvtvm2NpiZ7s+
EdhfXOSG0c7fiwFDIWWlU6zA/su4JfM6lfDPxEetnb5emb/ma1SVCSux2qifyHOC
HBo4DhavWv5Bq1b3qiqHbVIzKcHOqUn0QWlbn4WiX66olPqnRebSOHt8HEUTE8eB
HHTLQtkNTnWeS4W9jklqylnGDTJVJdiO0WzYpJun3QIhsTsj8VrnsUuUp1cHL8Iz
9IbTy3BsQrqGM/kXRAkpJMKsnV4lS/E1rjCZdCJpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUWwqqzCikMRTQRbDFmh4v3RybAvwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JjOTAwOWIwLTE5ZjctNGNhOS05MTFiLWUwMzVjOTYwZjk3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEPzjANBgkqhkiG9w0BAQsFAAOCAQEAhQDEpFK/I2Y4TxUL04JhKTSiRvAd
8ppp6V5Xl5+xJNwJechuYJQ7scDyYMEsrnnNT1JfixECfpLiZQUkc0XJdNfNAbCt
97QY2za70UJbfD00GVRM9Dad0/+01rvTyApJnDdsTaT/Pca66xiOqC4kEXot21Xn
o6YXza7/FtQc5Sl5SjzTPNsv8ycfavsJBkCNLoK9jEgK+9T5LhlqwIztsWpO07UQ
4v/rLLf04EWGit18xucHaY0kXMlg4lW+JLFkXlwqtcV3TsuA5NN1zMw9JwnEsMDf
TczrvMn6rRreufEmPCZR4+F9PlJvTvlR0r8ZmdnB+B6uu7JZddg2ylhrLQ==
-----END CERTIFICATE-----