Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fdecee65-c952-4f49-9973-5248d6a502de.roa
File:                     fdecee65-c952-4f49-9973-5248d6a502de.roa (raw, json)
Hash identifier:          nVQx4CSVqmsw1hA0XCACU2qntEhfug8O9fUhiu2qGWg=
Subject key identifier:   1C:BF:16:50:0B:A6:06:E9:1C:61:96:CE:E8:7B:B3:CD:24:21:E1:05
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5A71623C3D948667724262ADEE19A8422FE18B35
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fdecee65-c952-4f49-9973-5248d6a502de.roa
Signing time:             Fri 26 Sep 2025 15:23:35 +0000
ROA not before:           Fri 26 Sep 2025 15:23:35 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.141.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:71:62:3c:3d:94:86:67:72:42:62:ad:ee:19:a8:42:2f:e1:8b:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 15:23:35 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=48248cac4b474879ccc6b4aa5935c68f1ed9b885f7ac26173c1986e4697ea4da, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:07:5e:07:91:37:76:91:51:34:3a:fa:d9:9d:
                    12:e7:6e:a9:9a:ca:7f:91:90:25:42:d2:40:1e:78:
                    b5:f0:3e:00:7b:91:29:14:e1:bf:eb:af:5a:10:04:
                    8d:2e:ba:c6:c4:16:59:da:94:2e:63:8e:22:a3:85:
                    89:21:42:fd:32:0f:99:ad:f7:d6:b9:10:a5:77:95:
                    87:7a:e5:77:34:02:f1:50:de:f6:50:99:4f:83:1f:
                    5d:3a:6e:9d:13:51:00:63:d6:2e:bb:57:61:89:d0:
                    fc:2b:12:1e:52:7c:c2:0e:a1:dc:d9:08:f5:fa:ee:
                    d0:df:7f:78:f4:5c:e3:7c:1d:e8:e3:67:2c:3c:37:
                    49:f1:a5:58:5d:44:55:19:89:cf:5f:8a:03:3a:03:
                    27:70:e4:af:3d:ec:07:ab:f7:94:8b:9f:c2:d5:99:
                    ac:81:28:9f:bd:1e:f0:45:82:08:78:0a:96:c5:df:
                    b4:a9:23:95:dc:12:6a:02:a3:c9:53:c8:5f:e7:29:
                    e0:68:6d:68:ca:9a:2a:99:ce:46:2b:1e:25:03:28:
                    39:23:fa:30:62:10:36:5e:3b:f0:ad:fe:0f:d5:1a:
                    ee:6c:5a:0b:9c:77:02:21:5f:24:b3:7f:db:66:4c:
                    9e:ed:1c:34:cb:fb:ca:61:ff:c4:37:44:83:ca:f9:
                    fb:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:BF:16:50:0B:A6:06:E9:1C:61:96:CE:E8:7B:B3:CD:24:21:E1:05
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fdecee65-c952-4f49-9973-5248d6a502de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.141.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9f:d0:ff:1f:b1:d4:d1:1f:8a:98:60:6e:b6:bd:5b:6f:4a:05:
         22:c0:98:80:41:06:ee:11:92:e8:d9:bc:31:3c:4f:11:8c:06:
         64:d2:15:14:4e:88:61:df:ed:ed:3c:25:ac:19:77:d4:fe:2f:
         d1:d7:56:00:04:b7:d2:e7:16:dd:bc:0d:96:90:ef:27:a4:2b:
         4b:1f:67:69:d9:1e:e1:05:9a:95:80:c5:ff:33:8e:4d:df:24:
         1f:d6:59:48:a4:cc:8c:32:dc:3e:8f:04:72:8f:5e:3d:0e:ba:
         ba:00:e6:7b:b6:a5:b8:dc:08:94:15:04:50:1e:28:35:1d:26:
         15:74:89:9a:cd:06:6d:3d:fd:44:40:bb:07:fe:24:74:d8:5f:
         5a:ee:12:ed:6a:f3:df:6f:38:08:6e:c0:6d:29:81:cb:19:ca:
         23:f9:c1:80:07:41:8b:6c:3e:a2:43:3c:a9:8c:df:18:3d:03:
         46:a7:32:1a:b9:87:31:70:f8:e4:9c:c3:87:71:08:ca:86:d9:
         83:9b:ec:13:b1:c2:a4:71:a8:4a:c9:46:6f:d0:e9:52:f6:cc:
         e4:9e:d2:a4:4d:e1:0f:a3:d8:b4:8b:8e:5b:d5:00:3a:2c:23:
         fc:16:b3:ea:07:47:c8:23:65:d1:df:71:b5:2b:ae:f0:29:96:
         1e:ac:bd:33
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWnFiPD2UhmdyQmKt7hmoQi/hizUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTUyMzM1WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODI0OGNhYzRiNDc0ODc5Y2NjNmI0YWE1OTM1YzY4ZjFl
ZDliODg1ZjdhYzI2MTczYzE5ODZlNDY5N2VhNGRhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpB14HkTd2kVE0OvrZnRLnbqmayn+RkCVC0kAeeLXwPgB7
kSkU4b/rr1oQBI0uusbEFlnalC5jjiKjhYkhQv0yD5mt99a5EKV3lYd65Xc0AvFQ
3vZQmU+DH106bp0TUQBj1i67V2GJ0PwrEh5SfMIOodzZCPX67tDff3j0XON8Hejj
Zyw8N0nxpVhdRFUZic9figM6Aydw5K897Aer95SLn8LVmayBKJ+9HvBFggh4CpbF
37SpI5XcEmoCo8lTyF/nKeBobWjKmiqZzkYrHiUDKDkj+jBiEDZeO/Ct/g/VGu5s
WgucdwIhXySzf9tmTJ7tHDTL+8ph/8Q3RIPK+ftpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHL8WUAumBukcYZbO6HuzzSQh4QUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZkZWNlZTY1LWM5NTItNGY0OS05OTczLTUyNDhkNmE1MDJkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAPjTANBgkqhkiG9w0BAQsFAAOCAQEAn9D/H7HU0R+KmGButr1bb0oFIsCY
gEEG7hGS6Nm8MTxPEYwGZNIVFE6IYd/t7TwlrBl31P4v0ddWAAS30ucW3bwNlpDv
J6QrSx9nadke4QWalYDF/zOOTd8kH9ZZSKTMjDLcPo8Eco9ePQ66ugDme7aluNwI
lBUEUB4oNR0mFXSJms0GbT39REC7B/4kdNhfWu4S7Wrz3284CG7AbSmByxnKI/nB
gAdBi2w+okM8qYzfGD0DRqcyGrmHMXD45JzDh3EIyobZg5vsE7HCpHGoSslGb9Dp
UvbM5J7SpE3hD6PYtIuOW9UAOiwj/Baz6gdHyCNl0d9xtSuu8CmWHqy9Mw==
-----END CERTIFICATE-----