Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4861bb50-138b-44c5-90c8-95e3d51519d4.roa
File:                     4861bb50-138b-44c5-90c8-95e3d51519d4.roa (raw, json)
Hash identifier:          W5cKwXh9Lq7bdBoN/hZ1aOnhETUFVuH/jG1y+AnRyro=
Subject key identifier:   68:E4:15:9E:84:FA:40:EF:A4:00:67:8D:0B:02:D6:A7:12:C5:F9:BB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       25BE8AE8DE05A87280C5113B723E25E48D24C0BC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4861bb50-138b-44c5-90c8-95e3d51519d4.roa
Signing time:             Mon 13 Oct 2025 16:49:02 +0000
ROA not before:           Mon 13 Oct 2025 16:49:02 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.158.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:be:8a:e8:de:05:a8:72:80:c5:11:3b:72:3e:25:e4:8d:24:c0:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 13 16:49:02 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=eab3cd93be720594d116973a1817c7af5bfd222d25d238c2f33ffc3b616a57e5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4d:c7:1b:2d:c1:a7:30:af:f1:ee:d9:17:b4:
                    8c:ab:55:f5:b7:e0:74:6f:c8:15:3e:8e:f5:43:73:
                    63:32:8b:95:80:c2:b7:b0:1d:6a:53:7b:de:53:71:
                    9e:fb:5b:51:93:ef:56:f4:24:70:5b:90:cc:28:a8:
                    ef:94:bf:05:0f:e2:bf:0c:ed:94:4f:67:0d:2c:04:
                    b5:71:cd:af:9a:fe:73:ab:84:19:da:97:8c:04:97:
                    47:9b:fd:67:c0:f4:d4:a4:8c:a7:81:21:8c:89:52:
                    a2:84:8e:33:b6:4c:b8:12:a7:d4:58:93:49:64:d1:
                    9d:d7:2c:44:76:75:9a:c2:43:94:64:2d:a4:fc:06:
                    65:95:e7:0b:82:87:fe:b7:20:8d:8b:5c:28:86:35:
                    9e:0f:02:cf:11:05:c2:96:58:ad:1b:2e:a3:4f:d6:
                    30:e4:32:d0:0c:d0:98:6b:73:f8:f5:c5:88:d5:2b:
                    27:ba:1b:01:c8:52:40:d1:cb:83:92:50:09:cb:71:
                    cd:ce:f2:86:22:fb:59:c0:98:63:01:aa:cd:ed:eb:
                    39:6e:ed:20:17:07:bd:eb:5e:93:55:e7:be:d0:f0:
                    cd:c8:c3:ca:6a:32:70:be:7c:80:4c:1e:7a:07:31:
                    b8:d3:43:b3:e9:52:d0:bd:86:91:29:01:0b:b7:e3:
                    bc:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E4:15:9E:84:FA:40:EF:A4:00:67:8D:0B:02:D6:A7:12:C5:F9:BB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4861bb50-138b-44c5-90c8-95e3d51519d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.158.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:ea:72:d5:66:59:80:3c:a7:7a:4f:a1:d6:3e:0c:cc:a8:33:
         ae:a4:1c:49:69:5b:2c:cf:89:4b:a6:7a:94:70:8b:e1:78:aa:
         d9:41:68:7b:a6:de:f5:27:52:40:c6:c1:a4:a1:6b:48:c8:9d:
         1e:11:6d:6d:6a:7d:1e:a3:e5:c6:d9:5c:f6:d8:f8:66:0e:6a:
         cf:cb:14:d2:0f:5f:7f:e3:1d:5a:fc:8b:ae:8a:04:51:7d:08:
         6c:42:6d:85:0d:5f:be:27:26:47:51:69:34:80:b7:93:de:fd:
         b6:38:94:8d:b5:8f:25:ac:7d:9c:bf:c2:be:d1:8b:dc:8e:a5:
         7b:d6:8c:e8:3a:73:04:5d:c5:f3:a2:32:27:8d:22:2e:ed:33:
         d7:94:66:f6:43:84:5c:93:9f:66:7d:f6:88:32:c5:d4:8c:1b:
         dd:f7:4e:f8:f1:63:d8:48:87:d8:bf:d6:4f:78:9d:2a:9a:23:
         0e:60:b3:f5:cc:f2:70:45:0f:9d:64:f5:0c:83:fb:72:1a:62:
         e0:2a:94:ac:71:f1:70:5a:fd:39:8b:c2:e1:84:21:1c:e3:f1:
         ee:9a:de:92:14:d3:17:97:9c:db:37:1f:5e:0b:ea:3b:5f:83:
         60:2c:4c:f0:a4:73:13:59:9e:68:68:3a:0f:4b:a3:bc:7f:4b:
         bd:c5:1c:89
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJb6K6N4FqHKAxRE7cj4l5I0kwLwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEzMTY0OTAyWhcNMjUxMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYWIzY2Q5M2JlNzIwNTk0ZDExNjk3M2ExODE3YzdhZjVi
ZmQyMjJkMjVkMjM4YzJmMzNmZmMzYjYxNmE1N2U1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/TccbLcGnMK/x7tkXtIyrVfW34HRvyBU+jvVDc2Myi5WA
wrewHWpTe95TcZ77W1GT71b0JHBbkMwoqO+UvwUP4r8M7ZRPZw0sBLVxza+a/nOr
hBnal4wEl0eb/WfA9NSkjKeBIYyJUqKEjjO2TLgSp9RYk0lk0Z3XLER2dZrCQ5Rk
LaT8BmWV5wuCh/63II2LXCiGNZ4PAs8RBcKWWK0bLqNP1jDkMtAM0Jhrc/j1xYjV
Kye6GwHIUkDRy4OSUAnLcc3O8oYi+1nAmGMBqs3t6zlu7SAXB73rXpNV577Q8M3I
w8pqMnC+fIBMHnoHMbjTQ7PpUtC9hpEpAQu347xZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaOQVnoT6QO+kAGeNCwLWpxLF+bswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ4NjFiYjUwLTEzOGItNDRjNS05MGM4LTk1ZTNkNTE1MTlkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPnukwDQYJKoZIhvcNAQELBQADggEBAEDqctVmWYA8p3pPodY+DMyoM66k
HElpWyzPiUumepRwi+F4qtlBaHum3vUnUkDGwaSha0jInR4RbW1qfR6j5cbZXPbY
+GYOas/LFNIPX3/jHVr8i66KBFF9CGxCbYUNX74nJkdRaTSAt5Pe/bY4lI21jyWs
fZy/wr7Ri9yOpXvWjOg6cwRdxfOiMieNIi7tM9eUZvZDhFyTn2Z99ogyxdSMG933
TvjxY9hIh9i/1k94nSqaIw5gs/XM8nBFD51k9QyD+3IaYuAqlKxx8XBa/TmLwuGE
IRzj8e6a3pIU0xeXnNs3H14L6jtfg2AsTPCkcxNZnmhoOg9Lo7x/S73FHIk=
-----END CERTIFICATE-----