Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00d9fc11-51ce-43e5-9948-cda203ed3512.roa
File:                     00d9fc11-51ce-43e5-9948-cda203ed3512.roa (raw, json)
Hash identifier:          Mee5aQj2m1WekdzVVSMVskcEt9gjDEykiyHqzjkyHSI=
Subject key identifier:   4A:62:3A:77:83:B3:97:BB:7F:D0:0B:45:16:6A:4B:2B:95:31:5E:BD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       73C08EE65D246CC779E06063A23467A7C12AE33D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00d9fc11-51ce-43e5-9948-cda203ed3512.roa
Signing time:             Fri 26 Sep 2025 15:30:47 +0000
ROA not before:           Fri 26 Sep 2025 15:30:47 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.212.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:c0:8e:e6:5d:24:6c:c7:79:e0:60:63:a2:34:67:a7:c1:2a:e3:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 15:30:47 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=babf9613cd19616c61d0ef65fd6911c806cb19ed03aff2c7508227e16ade0920, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:4b:41:2a:a7:ec:6a:9f:4d:00:a0:24:a5:86:
                    fa:b3:a5:b2:f6:a6:32:da:ee:aa:12:86:ff:a8:34:
                    b4:91:60:ce:a9:11:c8:df:af:31:9e:75:4f:54:06:
                    28:06:a6:87:92:d0:61:61:eb:c5:42:9a:03:8e:09:
                    b8:4d:af:7f:e9:b7:28:19:21:d5:e9:24:2c:7c:85:
                    f3:3f:42:b7:51:3e:22:ee:63:5c:a3:82:93:c3:81:
                    c4:bb:3f:58:01:b1:d1:f0:8b:4e:7b:62:55:27:df:
                    05:ed:c4:74:1b:74:1d:0d:35:da:a3:25:7d:7a:fe:
                    7b:2c:4a:03:e0:0c:b9:91:8f:15:d8:8e:4d:02:13:
                    8b:f2:48:9a:2c:cf:71:f9:0c:03:c0:b7:99:e6:7d:
                    fe:34:6f:a0:49:e4:b8:56:2a:da:f9:80:8d:55:79:
                    9f:70:a7:7a:8f:6d:00:1e:30:5f:78:3e:66:07:bf:
                    cc:d1:f2:11:c6:5a:85:ee:ce:f6:ab:9e:91:a7:a5:
                    34:f0:13:02:52:3f:53:ae:69:39:39:1f:4c:12:13:
                    3b:29:ce:ae:72:25:a6:9a:14:f3:cb:fa:09:22:b0:
                    ba:6b:56:7b:d3:b7:1e:19:7b:90:12:a9:ad:ea:81:
                    7d:7b:57:dc:be:fa:0d:be:d5:c7:75:bb:d2:d0:b1:
                    4c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:62:3A:77:83:B3:97:BB:7F:D0:0B:45:16:6A:4B:2B:95:31:5E:BD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00d9fc11-51ce-43e5-9948-cda203ed3512.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.212.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         93:93:56:24:fc:26:ff:f6:96:a3:80:d0:cd:84:2d:ad:28:51:
         f2:25:89:49:7f:36:3c:7c:b6:d5:eb:ba:62:ea:5f:d2:04:a2:
         c3:56:70:3f:35:82:6e:30:a4:fa:a3:79:6e:3d:69:81:ee:1e:
         8a:69:9b:8a:a7:d2:9f:9e:4c:cb:c0:fb:5c:cd:78:4d:5c:99:
         90:b7:c0:f6:b3:19:3f:e3:3b:07:a1:d1:21:1f:1e:26:6b:42:
         c2:ae:a4:fa:c7:d4:33:bc:3a:bc:85:41:2e:30:52:98:97:72:
         a2:b8:55:ea:d8:c7:95:61:4f:77:c5:75:de:fe:52:6c:a9:60:
         a8:62:19:a5:f9:75:e2:4d:1b:1f:07:1b:04:cb:ef:74:5f:0a:
         13:31:5d:bf:84:4d:b6:d9:a7:b3:06:e3:42:42:03:fd:fc:fd:
         19:06:b5:34:d4:38:3b:86:8f:8b:15:38:02:8f:d4:64:79:c3:
         86:44:61:b5:0d:55:98:6d:26:d8:30:46:54:83:d4:e8:ce:06:
         f4:bf:72:c2:d8:bd:6a:ec:f9:e3:37:80:7d:13:d3:fd:fb:91:
         9c:72:30:81:3c:0d:1b:30:f0:09:5c:82:97:89:95:95:26:b0:
         f1:08:42:94:08:f7:59:c6:c4:df:7c:12:e2:d2:3d:43:93:44:
         71:79:7f:2b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUc8CO5l0kbMd54GBjojRnp8Eq4z0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTUzMDQ3WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYWJmOTYxM2NkMTk2MTZjNjFkMGVmNjVmZDY5MTFjODA2
Y2IxOWVkMDNhZmYyYzc1MDgyMjdlMTZhZGUwOTIwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnS0Eqp+xqn00AoCSlhvqzpbL2pjLa7qoShv+oNLSRYM6p
EcjfrzGedU9UBigGpoeS0GFh68VCmgOOCbhNr3/ptygZIdXpJCx8hfM/QrdRPiLu
Y1yjgpPDgcS7P1gBsdHwi057YlUn3wXtxHQbdB0NNdqjJX16/nssSgPgDLmRjxXY
jk0CE4vySJosz3H5DAPAt5nmff40b6BJ5LhWKtr5gI1VeZ9wp3qPbQAeMF94PmYH
v8zR8hHGWoXuzvarnpGnpTTwEwJSP1OuaTk5H0wSEzspzq5yJaaaFPPL+gkisLpr
VnvTtx4Ze5ASqa3qgX17V9y++g2+1cd1u9LQsUz9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUSmI6d4Ozl7t/0AtFFmpLK5UxXr0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAwZDlmYzExLTUxY2UtNDNlNS05OTQ4LWNkYTIwM2VkMzUxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP1DANBgkqhkiG9w0BAQsFAAOCAQEAk5NWJPwm//aWo4DQzYQtrShR8iWJ
SX82PHy21eu6Yupf0gSiw1ZwPzWCbjCk+qN5bj1pge4eimmbiqfSn55My8D7XM14
TVyZkLfA9rMZP+M7B6HRIR8eJmtCwq6k+sfUM7w6vIVBLjBSmJdyorhV6tjHlWFP
d8V13v5SbKlgqGIZpfl14k0bHwcbBMvvdF8KEzFdv4RNttmnswbjQkID/fz9GQa1
NNQ4O4aPixU4Ao/UZHnDhkRhtQ1VmG0m2DBGVIPU6M4G9L9ywti9auz54zeAfRPT
/fuRnHIwgTwNGzDwCVyCl4mVlSaw8QhClAj3WcbE33wS4tI9Q5NEcXl/Kw==
-----END CERTIFICATE-----