Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0c8cadeb-865b-42fe-884c-4bbbea22939c.roa
File:                     0c8cadeb-865b-42fe-884c-4bbbea22939c.roa (raw, json)
Hash identifier:          voanQehdDX9bh0vmNfS/HpgB5aBxF5CcMllrMUBAt04=
Subject key identifier:   7A:13:04:F3:79:98:A9:A8:D0:6D:32:FA:18:F2:A0:DB:15:9E:13:61
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       716F171AFCF49EC18F68A829331DAEC436FE561F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0c8cadeb-865b-42fe-884c-4bbbea22939c.roa
Signing time:             Fri 10 Oct 2025 00:56:37 +0000
ROA not before:           Fri 10 Oct 2025 00:56:37 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.230.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:6f:17:1a:fc:f4:9e:c1:8f:68:a8:29:33:1d:ae:c4:36:fe:56:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 00:56:37 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=1106d25bb2754878fd34beaed6876757a29cc58e715563216600fb27591f521c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:9a:03:b8:62:e8:1f:19:a8:5f:5a:4a:99:c2:
                    a8:c5:74:de:7e:a8:92:a1:45:17:79:de:bf:88:ad:
                    29:37:13:73:a1:99:98:02:29:46:95:6e:9e:5d:0c:
                    c8:d0:a1:d7:79:b6:f7:44:8b:d4:9e:04:1d:8b:fe:
                    78:ad:d8:e9:48:e8:fc:95:c0:18:c6:21:3d:f4:38:
                    ea:50:5b:a3:cd:62:48:6f:ba:91:ab:5b:d4:d1:e1:
                    b5:a6:28:e3:8b:c3:67:37:57:a6:2b:a8:d4:96:70:
                    45:2f:e5:4f:f0:0f:d8:ef:1a:8c:8e:be:06:6c:c4:
                    b2:91:1f:d0:53:1f:ae:c1:73:57:f4:07:bc:13:24:
                    ab:af:33:ee:6b:00:3e:02:97:17:f9:69:c7:23:b3:
                    86:db:2f:a2:71:d9:9e:fc:b8:55:43:e2:58:bd:ae:
                    3f:15:c7:43:e4:1a:7d:ee:ff:aa:33:8d:2c:ac:95:
                    79:89:24:84:b3:b3:7c:dd:52:6f:ef:76:23:31:97:
                    8d:35:23:4f:b2:32:cd:05:71:5c:91:bf:1e:f0:13:
                    ce:98:d8:43:e3:30:79:79:39:f7:a1:10:70:df:15:
                    c9:9d:cd:b7:78:53:44:4d:fb:68:73:22:45:5a:75:
                    59:c9:f8:45:c4:94:d6:c4:b4:d9:31:01:c9:e9:b5:
                    bc:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:13:04:F3:79:98:A9:A8:D0:6D:32:FA:18:F2:A0:DB:15:9E:13:61
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0c8cadeb-865b-42fe-884c-4bbbea22939c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:78:9a:aa:c3:df:12:47:ad:70:fc:7d:e1:ed:f6:a9:8a:6b:
         b6:d8:84:eb:41:b3:77:93:e8:8c:df:62:8d:f7:1f:83:90:73:
         e7:72:c2:ce:00:55:53:9a:01:2b:73:54:d9:6c:65:26:20:55:
         63:b1:f3:d2:80:b5:8a:ef:b8:ba:0f:de:0b:27:66:8b:3c:5d:
         bd:2b:65:81:24:b9:f7:27:6a:80:c1:96:fc:ab:0b:fb:3f:25:
         7e:e7:ed:c9:03:12:55:ab:75:80:8d:fe:29:e0:f4:69:0e:83:
         27:73:7f:e3:54:28:ee:64:dd:b8:19:87:45:c8:4c:53:72:0d:
         74:55:8a:24:43:47:5d:9b:74:cd:b0:33:bd:7a:43:de:f3:72:
         4a:98:65:cf:f4:70:b5:4f:bb:45:70:4b:33:1e:b2:3e:a9:1f:
         c6:b0:16:b2:8d:5b:d7:fd:3c:73:c1:0b:47:bc:14:f5:29:36:
         cd:b7:64:14:bd:30:16:ac:17:2c:fd:9f:26:4c:0f:41:7b:0b:
         9a:d3:96:52:4d:b6:c9:fa:1f:77:9b:01:4a:a7:91:3f:62:45:
         1a:13:05:73:7c:da:b0:92:b7:9c:6c:5c:f9:d0:65:80:84:f7:
         c2:ea:3a:ef:8e:6e:8e:cc:92:35:1d:77:92:02:3a:46:de:2a:
         de:05:3a:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcW8XGvz0nsGPaKgpMx2uxDb+Vh8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMDA1NjM3WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMTA2ZDI1YmIyNzU0ODc4ZmQzNGJlYWVkNjg3Njc1N2Ey
OWNjNThlNzE1NTYzMjE2NjAwZmIyNzU5MWY1MjFjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvmgO4YugfGahfWkqZwqjFdN5+qJKhRRd53r+IrSk3E3Oh
mZgCKUaVbp5dDMjQodd5tvdEi9SeBB2L/nit2OlI6PyVwBjGIT30OOpQW6PNYkhv
upGrW9TR4bWmKOOLw2c3V6YrqNSWcEUv5U/wD9jvGoyOvgZsxLKRH9BTH67Bc1f0
B7wTJKuvM+5rAD4Clxf5accjs4bbL6Jx2Z78uFVD4li9rj8Vx0PkGn3u/6ozjSys
lXmJJISzs3zdUm/vdiMxl401I0+yMs0FcVyRvx7wE86Y2EPjMHl5OfehEHDfFcmd
zbd4U0RN+2hzIkVadVnJ+EXElNbEtNkxAcnptby/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUehME83mYqajQbTL6GPKg2xWeE2EwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBjOGNhZGViLTg2NWItNDJmZS04ODRjLTRiYmJlYTIyOTM5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5jkwDQYJKoZIhvcNAQELBQADggEBAJR4mqrD3xJHrXD8feHt9qmKa7bY
hOtBs3eT6IzfYo33H4OQc+dyws4AVVOaAStzVNlsZSYgVWOx89KAtYrvuLoP3gsn
Zos8Xb0rZYEkufcnaoDBlvyrC/s/JX7n7ckDElWrdYCN/ing9GkOgydzf+NUKO5k
3bgZh0XITFNyDXRViiRDR12bdM2wM716Q97zckqYZc/0cLVPu0VwSzMesj6pH8aw
FrKNW9f9PHPBC0e8FPUpNs23ZBS9MBasFyz9nyZMD0F7C5rTllJNtsn6H3ebAUqn
kT9iRRoTBXN82rCSt5xsXPnQZYCE98LqOu+Obo7MkjUdd5ICOkbeKt4FOkY=
-----END CERTIFICATE-----