Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc9009b0-19f7-4ca9-911b-e035c960f977.roa
File:                     bc9009b0-19f7-4ca9-911b-e035c960f977.roa (raw, json)
Hash identifier:          TI4M8xPYwmajMWj7wPGGZPSdF0hBZp/JtUe1ouseFlg=
Subject key identifier:   3D:D3:81:B4:08:13:28:AE:1D:85:86:21:01:22:73:4F:FD:1E:02:36
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7D6F7CC6970766924DEF703BDD50A51E91DE675F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc9009b0-19f7-4ca9-911b-e035c960f977.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.206.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 07 Feb 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:6f:7c:c6:97:07:66:92:4d:ef:70:3b:dd:50:a5:1e:91:de:67:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ba:e4:15:94:01:53:e5:53:d5:81:5f:de:c5:
                    0a:9f:a9:d6:f3:60:8f:2c:0a:36:54:e0:6a:14:b4:
                    b5:16:17:d9:31:14:a6:14:29:ad:f6:1e:c7:e2:5b:
                    11:bf:9f:54:a6:e1:37:59:de:b7:41:11:f5:2b:f3:
                    1c:12:fd:c2:d4:f3:33:34:1b:60:1c:8c:1a:cf:e1:
                    63:e2:33:83:1c:e9:a3:08:39:2f:d2:48:f7:a0:db:
                    a9:cb:c2:47:50:cb:7a:09:f2:80:74:54:a7:3a:e1:
                    f4:0a:b6:9e:a0:8b:da:42:53:22:54:6b:d9:5c:9f:
                    74:c5:3b:ac:96:6d:49:85:d1:62:2b:e5:c6:81:40:
                    a1:c8:4a:a9:f2:fe:b4:94:bb:e3:e3:71:2a:ae:55:
                    38:75:3f:15:e6:6f:8c:89:45:ab:d5:c2:f5:c4:a5:
                    2d:2f:44:9f:2a:28:6f:1d:a6:c4:63:13:64:23:c3:
                    4a:60:af:a0:17:9a:74:ea:de:00:99:50:5e:f8:43:
                    c4:46:c1:e3:5e:d8:1b:04:8c:e1:f3:ff:27:24:06:
                    c4:ca:de:a4:ce:f7:74:1a:05:8d:2e:0d:3a:be:00:
                    6b:f8:d9:96:34:b1:0e:9f:db:fb:66:07:fd:ce:6b:
                    a0:91:6d:c0:80:36:51:ea:51:b8:7a:8b:c4:1e:3c:
                    62:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:D3:81:B4:08:13:28:AE:1D:85:86:21:01:22:73:4F:FD:1E:02:36
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bc9009b0-19f7-4ca9-911b-e035c960f977.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.206.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         0b:e0:c1:70:53:40:b4:18:ed:35:92:e3:dc:07:9d:a4:88:82:
         46:ee:90:84:5a:80:98:37:9f:f8:34:b3:77:e6:a4:4a:04:a6:
         30:15:93:ff:ba:92:ef:55:51:97:d1:b7:2d:1b:d4:bc:57:34:
         f1:b8:49:4a:9f:19:42:fc:9d:c1:b0:56:f3:7b:bb:1c:69:c0:
         54:e5:77:e3:8c:6f:09:74:8b:2d:9c:2f:53:4e:56:b0:8d:78:
         a3:e0:39:b9:de:db:91:76:de:53:fb:4b:72:1f:5f:4d:96:64:
         40:66:a3:51:28:79:a5:f6:fd:7e:1f:b4:38:68:2b:1b:8d:61:
         85:82:cc:f1:c4:9e:06:a3:06:da:44:83:29:55:42:8c:13:e7:
         3d:42:e1:f1:ee:f1:36:7c:d4:04:6e:a5:fe:ae:2d:bb:6b:b1:
         3d:ac:f5:bf:9f:b6:d8:b9:b4:b9:5e:3e:7d:b0:15:bf:76:aa:
         c7:a0:5c:74:b9:9b:0f:ae:24:6e:ea:80:cb:2a:72:8b:fe:cd:
         f0:03:86:2d:90:8e:7c:c7:27:a2:93:db:f4:bd:f4:c2:25:b9:
         9c:3f:86:37:e7:5f:15:1d:ff:cd:12:51:be:e0:a4:10:48:f6:
         dc:3e:3d:01:05:f6:54:c8:06:a8:d5:e3:e5:72:14:31:3e:50:
         b2:45:4d:73
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfW98xpcHZpJN73A73VClHpHeZ18wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4M2Y5ZDk4NGY3NTc3OTA3NGI2YWYwNGU3ODMzNzk1MDk5
MjA4ZDIzYWQ4MWUwMDJhNmJiNmFhYmU1OGVkOTQxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiuuQVlAFT5VPVgV/exQqfqdbzYI8sCjZU4GoUtLUWF9kx
FKYUKa32HsfiWxG/n1Sm4TdZ3rdBEfUr8xwS/cLU8zM0G2AcjBrP4WPiM4Mc6aMI
OS/SSPeg26nLwkdQy3oJ8oB0VKc64fQKtp6gi9pCUyJUa9lcn3TFO6yWbUmF0WIr
5caBQKHISqny/rSUu+PjcSquVTh1PxXmb4yJRavVwvXEpS0vRJ8qKG8dpsRjE2Qj
w0pgr6AXmnTq3gCZUF74Q8RGweNe2BsEjOHz/yckBsTK3qTO93QaBY0uDTq+AGv4
2ZY0sQ6f2/tmB/3Oa6CRbcCANlHqUbh6i8QePGJTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUPdOBtAgTKK4dhYYhASJzT/0eAjYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JjOTAwOWIwLTE5ZjctNGNhOS05MTFiLWUwMzVjOTYwZjk3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEPzjANBgkqhkiG9w0BAQsFAAOCAQEAC+DBcFNAtBjtNZLj3AedpIiCRu6Q
hFqAmDef+DSzd+akSgSmMBWT/7qS71VRl9G3LRvUvFc08bhJSp8ZQvydwbBW83u7
HGnAVOV344xvCXSLLZwvU05WsI14o+A5ud7bkXbeU/tLch9fTZZkQGajUSh5pfb9
fh+0OGgrG41hhYLM8cSeBqMG2kSDKVVCjBPnPULh8e7xNnzUBG6l/q4tu2uxPaz1
v5+22Lm0uV4+fbAVv3aqx6BcdLmbD64kbuqAyypyi/7N8AOGLZCOfMcnopPb9L30
wiW5nD+GN+dfFR3/zRJRvuCkEEj23D49AQX2VMgGqNXj5XIUMT5QskVNcw==
-----END CERTIFICATE-----