Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41502bcd-4333-4a56-b1f5-fae44bdf9efa.roa
File:                     41502bcd-4333-4a56-b1f5-fae44bdf9efa.roa (raw, json)
Hash identifier:          PCqC/3zZoVOioE/2hABsz/aOlnCjR0p8iL2uwopfnOA=
Subject key identifier:   77:4F:C9:53:34:9F:CA:DD:59:3C:4B:40:DA:11:E2:34:7C:8A:EC:17
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       59F111655B1BF12F2C3AA25D1CDD44141FE4AAFD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41502bcd-4333-4a56-b1f5-fae44bdf9efa.roa
Signing time:             Mon 13 Oct 2025 16:49:02 +0000
ROA not before:           Mon 13 Oct 2025 16:49:02 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.158.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:f1:11:65:5b:1b:f1:2f:2c:3a:a2:5d:1c:dd:44:14:1f:e4:aa:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 13 16:49:02 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=3ded33804e959948c5fb8c3c429a7f451e7e3f8c18af65e0440312e7317d3da5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:23:93:11:2f:78:14:03:c0:e8:0c:f7:e5:90:
                    91:0b:f5:ba:d0:09:d1:29:a2:4c:a6:ea:c6:00:80:
                    a1:72:c6:08:8c:54:c2:a0:94:27:ef:49:7a:96:10:
                    b0:ff:63:6d:d5:de:95:ad:76:91:96:0d:ad:ec:1a:
                    f7:41:44:83:de:92:a4:24:5e:c9:05:a7:83:e0:cf:
                    82:25:21:f0:e0:6a:4d:23:a3:da:4a:94:5b:7d:af:
                    7a:cd:21:8b:f7:84:19:49:fe:1c:c6:07:5b:f8:90:
                    86:75:94:fb:24:7c:37:6a:20:76:0a:e4:86:59:66:
                    72:be:95:1b:62:b8:35:c5:75:a4:7b:94:8f:ab:2c:
                    4b:2a:ef:08:72:1f:86:e1:95:00:f8:82:ad:00:f7:
                    67:73:38:30:5c:9a:fc:27:fb:c3:09:0c:a0:91:cc:
                    5b:28:d7:b3:c5:b1:51:e4:5a:02:b5:5c:14:94:73:
                    c0:5e:2d:25:56:96:e7:7e:71:28:77:86:f3:21:b2:
                    f7:89:57:81:24:d7:ea:23:a7:88:a3:b8:72:69:0a:
                    ff:50:e4:bc:ce:a6:cf:37:69:3e:f5:f0:21:b7:e8:
                    5b:65:4e:6a:50:bc:6a:9d:b5:4d:98:06:1d:ff:ef:
                    b4:e1:fa:ad:70:59:d9:76:30:30:be:be:ab:a1:99:
                    ed:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:4F:C9:53:34:9F:CA:DD:59:3C:4B:40:DA:11:E2:34:7C:8A:EC:17
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41502bcd-4333-4a56-b1f5-fae44bdf9efa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.158.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:60:e6:f9:ec:50:6e:38:77:fd:d3:e8:30:0e:fb:0e:5c:c7:
         c2:f2:70:c9:88:5c:24:74:de:08:b7:cd:88:cf:ba:d6:21:a0:
         df:d2:f4:b1:59:4f:3d:b7:6f:52:c1:57:33:60:32:ed:78:2f:
         6e:34:ce:da:2b:27:24:92:94:b7:d5:fd:c3:ad:96:05:f9:f6:
         09:07:39:5f:4b:bb:a7:01:ad:b3:de:12:77:79:56:5e:a5:4f:
         bb:ab:d0:7a:2f:55:86:2e:b5:ef:61:0b:7b:a3:fd:61:74:19:
         26:eb:d0:46:93:40:49:aa:83:29:c1:65:44:9d:c6:14:8f:6b:
         da:9d:a2:9f:d1:56:f4:3d:d5:c3:3e:7f:4a:b9:47:e8:fb:29:
         1b:a2:f1:64:eb:36:0f:a1:9a:8b:c6:46:81:d0:09:d5:19:67:
         2c:02:1f:1c:54:ec:93:5e:0d:93:dd:8a:53:5a:5b:fa:6d:72:
         3d:c6:00:75:12:db:51:ee:fa:86:66:25:c6:9e:27:3a:6a:a6:
         df:33:79:af:8c:23:35:a9:06:e5:f0:3b:a2:d2:1b:65:ca:19:
         37:ab:5b:7c:07:85:ef:fc:b3:b1:bc:cd:4a:d4:98:69:6b:bd:
         a1:fe:d5:ce:db:42:96:33:d4:cc:28:07:8b:80:44:20:82:db:
         ea:de:5d:c6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWfERZVsb8S8sOqJdHN1EFB/kqv0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEzMTY0OTAyWhcNMjUxMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZGVkMzM4MDRlOTU5OTQ4YzVmYjhjM2M0MjlhN2Y0NTFl
N2UzZjhjMThhZjY1ZTA0NDAzMTJlNzMxN2QzZGE1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDI5MRL3gUA8DoDPflkJEL9brQCdEpokym6sYAgKFyxgiM
VMKglCfvSXqWELD/Y23V3pWtdpGWDa3sGvdBRIPekqQkXskFp4Pgz4IlIfDgak0j
o9pKlFt9r3rNIYv3hBlJ/hzGB1v4kIZ1lPskfDdqIHYK5IZZZnK+lRtiuDXFdaR7
lI+rLEsq7whyH4bhlQD4gq0A92dzODBcmvwn+8MJDKCRzFso17PFsVHkWgK1XBSU
c8BeLSVWlud+cSh3hvMhsveJV4Ek1+ojp4ijuHJpCv9Q5LzOps83aT718CG36Ftl
TmpQvGqdtU2YBh3/77Th+q1wWdl2MDC+vquhme3ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUd0/JUzSfyt1ZPEtA2hHiNHyK7BcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQxNTAyYmNkLTQzMzMtNGE1Ni1iMWY1LWZhZTQ0YmRmOWVmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPnnAwDQYJKoZIhvcNAQELBQADggEBAARg5vnsUG44d/3T6DAO+w5cx8Ly
cMmIXCR03gi3zYjPutYhoN/S9LFZTz23b1LBVzNgMu14L240ztorJySSlLfV/cOt
lgX59gkHOV9Lu6cBrbPeEnd5Vl6lT7ur0HovVYYute9hC3uj/WF0GSbr0EaTQEmq
gynBZUSdxhSPa9qdop/RVvQ91cM+f0q5R+j7KRui8WTrNg+hmovGRoHQCdUZZywC
HxxU7JNeDZPdilNaW/ptcj3GAHUS21Hu+oZmJcaeJzpqpt8zea+MIzWpBuXwO6LS
G2XKGTerW3wHhe/8s7G8zUrUmGlrvaH+1c7bQpYz1MwoB4uARCCC2+reXcY=
-----END CERTIFICATE-----