Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a903758-2696-4354-8472-ca655b20d494.roa
File:                     4a903758-2696-4354-8472-ca655b20d494.roa (raw, json)
Hash identifier:          prpUsuPYb7z1jv1Pu+F4YPT5mGg6H3cWYYjxmgMIOg4=
Subject key identifier:   C5:63:27:CB:5E:C6:38:87:58:A1:E4:83:9A:70:82:09:AE:20:C1:02
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       43C6E4047A0FB21D6125D15022553C2B26C7B5D7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a903758-2696-4354-8472-ca655b20d494.roa
Signing time:             Tue 06 May 2025 00:20:15 +0000
ROA not before:           Tue 06 May 2025 00:20:15 +0000
ROA not after:            Tue 10 Jun 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.181.104.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 14 May 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:c6:e4:04:7a:0f:b2:1d:61:25:d1:50:22:55:3c:2b:26:c7:b5:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May  6 00:20:15 2025 GMT
            Not After : Jun 10 23:59:59 2025 GMT
        Subject: serialNumber=16fec49f1bae0fdf798d9894be65b3d9205d40053e6e78df8ece9a9b5fff7a68, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f2:c2:c7:ea:00:66:0d:aa:9b:9d:3e:ab:f6:
                    a2:d8:02:b2:be:6a:6f:9c:87:09:da:53:45:a3:46:
                    e7:c1:99:87:3b:9a:47:62:95:8d:f4:1b:a4:ff:05:
                    ff:1b:02:b1:3a:9c:08:81:b1:ba:b7:49:29:17:15:
                    b3:7a:54:a2:cd:62:fa:de:b4:43:10:a6:ec:13:98:
                    72:34:43:4a:4a:2c:e5:90:51:77:59:4f:1c:ef:78:
                    96:93:e2:34:75:28:d1:79:58:31:8d:60:3c:db:56:
                    45:ef:a8:60:d8:b4:c4:99:a0:67:5f:c3:a2:cf:6b:
                    32:7b:75:9b:8c:e2:5c:f6:8c:6d:df:6f:4e:4e:54:
                    80:cc:f5:80:7a:66:4a:da:29:2d:03:98:71:0b:05:
                    3d:e2:c2:cd:c2:2e:fe:81:1e:74:bd:33:e5:41:16:
                    72:96:ce:93:94:61:2d:44:2b:8d:d2:ec:f4:cc:64:
                    97:11:e3:78:d3:0b:f3:3d:69:19:25:9e:10:ee:41:
                    5c:d1:c8:49:c3:ef:af:57:a7:07:1d:26:b3:43:b3:
                    0a:37:02:fc:6b:62:46:20:f3:c2:50:c4:a5:cf:8f:
                    69:2f:86:bd:d7:84:5a:24:44:2b:3a:86:c7:aa:7e:
                    43:21:bc:de:b0:74:b2:72:4a:65:e4:a1:70:e8:97:
                    f1:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:63:27:CB:5E:C6:38:87:58:A1:E4:83:9A:70:82:09:AE:20:C1:02
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a903758-2696-4354-8472-ca655b20d494.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.181.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6d:da:57:49:f5:05:f9:cf:95:3a:a6:0e:d2:11:1f:00:c6:98:
         5a:59:52:68:c9:b5:c4:83:ec:1a:c0:b8:6c:66:6e:e5:00:4c:
         99:db:e7:28:51:89:b7:e7:5f:f8:bc:0c:bb:32:14:d9:c3:80:
         04:4f:36:01:77:05:22:c8:45:c0:dc:33:56:8d:97:a8:c8:fc:
         ae:44:42:dd:fc:02:59:fa:d8:44:10:8f:3c:2c:29:2f:b8:38:
         7b:dc:70:e0:e2:09:32:3d:8e:20:e0:ba:0f:c4:36:12:15:41:
         6b:a8:9d:9a:81:dd:f9:1f:c4:a8:ff:e6:4c:5e:43:6a:ee:c3:
         05:ce:0a:6b:df:9a:58:95:b0:7b:db:0d:dd:2b:13:83:91:55:
         a2:41:67:9b:1a:ee:24:a9:38:69:1f:11:56:98:5a:14:83:e8:
         2b:24:d9:74:f2:12:9f:83:62:09:f2:6e:ed:50:55:01:99:3f:
         4e:10:6f:50:4a:1a:d1:03:82:57:03:3a:28:9d:e3:f1:d9:8c:
         44:f3:40:e0:7d:3c:1a:ae:76:e7:58:31:2d:2f:a3:ae:6c:68:
         15:76:c4:f2:a9:94:85:6c:af:8c:e6:b0:32:4d:01:76:f4:7f:
         9e:ca:b3:7b:4c:4a:be:c9:21:f5:d2:86:e2:72:fa:89:d1:a0:
         90:a8:94:97
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ8bkBHoPsh1hJdFQIlU8KybHtdcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTA2MDAyMDE1WhcNMjUwNjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNmZlYzQ5ZjFiYWUwZmRmNzk4ZDk4OTRiZTY1YjNkOTIw
NWQ0MDA1M2U2ZTc4ZGY4ZWNlOWE5YjVmZmY3YTY4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC08sLH6gBmDaqbnT6r9qLYArK+am+chwnaU0WjRufBmYc7
mkdilY30G6T/Bf8bArE6nAiBsbq3SSkXFbN6VKLNYvretEMQpuwTmHI0Q0pKLOWQ
UXdZTxzveJaT4jR1KNF5WDGNYDzbVkXvqGDYtMSZoGdfw6LPazJ7dZuM4lz2jG3f
b05OVIDM9YB6ZkraKS0DmHELBT3iws3CLv6BHnS9M+VBFnKWzpOUYS1EK43S7PTM
ZJcR43jTC/M9aRklnhDuQVzRyEnD769XpwcdJrNDswo3AvxrYkYg88JQxKXPj2kv
hr3XhFokRCs6hseqfkMhvN6wdLJySmXkoXDol/FVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxWMny17GOIdYoeSDmnCCCa4gwQIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRhOTAzNzU4LTI2OTYtNDM1NC04NDcyLWNhNjU1YjIwZDQ5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMPtWgwDQYJKoZIhvcNAQELBQADggEBAG3aV0n1BfnPlTqmDtIRHwDGmFpZ
UmjJtcSD7BrAuGxmbuUATJnb5yhRibfnX/i8DLsyFNnDgARPNgF3BSLIRcDcM1aN
l6jI/K5EQt38Aln62EQQjzwsKS+4OHvccODiCTI9jiDgug/ENhIVQWuonZqB3fkf
xKj/5kxeQ2ruwwXOCmvfmliVsHvbDd0rE4ORVaJBZ5sa7iSpOGkfEVaYWhSD6Csk
2XTyEp+DYgnybu1QVQGZP04Qb1BKGtEDglcDOiid4/HZjETzQOB9PBqududYMS0v
o65saBV2xPKplIVsr4zmsDJNAXb0f57Ks3tMSr7JIfXShuJy+onRoJColJc=
-----END CERTIFICATE-----