Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/62d6bf45-c69e-4fcb-bee1-400c9277854b.roa
File:                     62d6bf45-c69e-4fcb-bee1-400c9277854b.roa (raw, json)
Hash identifier:          fWiehY2F7hDLwpbLXIp2iTUpFdHLTF5DXjL6Y9/q3Sc=
Subject key identifier:   81:F3:CD:86:0C:E7:3F:F4:D1:2A:8B:45:3E:3E:19:D0:00:94:B8:33
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28121112D7E6B530C39828A5CFC66CAE07E8BC9F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/62d6bf45-c69e-4fcb-bee1-400c9277854b.roa
Signing time:             Mon 13 Oct 2025 17:21:06 +0000
ROA not before:           Mon 13 Oct 2025 17:21:06 +0000
ROA not after:            Mon 17 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.158.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:12:11:12:d7:e6:b5:30:c3:98:28:a5:cf:c6:6c:ae:07:e8:bc:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 13 17:21:06 2025 GMT
            Not After : Nov 17 23:59:59 2025 GMT
        Subject: serialNumber=0e646875d3968ac52e46a9e1b778720bc041804c76dbf3cf20445250543a987f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:84:d7:b2:c7:de:12:f2:6c:62:fc:5d:90:7c:
                    15:a8:08:11:e4:17:2b:5f:ea:83:d1:10:4a:7d:10:
                    f8:ba:b6:f9:b5:db:c8:e7:fe:7c:90:62:65:51:10:
                    36:29:83:6a:38:8a:fd:af:4e:ff:bf:7d:d5:f9:4d:
                    6a:62:96:8a:2c:ef:6f:8d:1e:29:0b:bd:00:8c:65:
                    ae:56:83:0d:a0:70:f8:8d:a9:24:a2:5d:d9:87:ae:
                    34:77:04:b5:06:54:13:d7:3f:3d:c4:17:15:6c:1b:
                    da:f1:fd:a1:7c:e9:35:e4:32:2d:f4:b7:33:74:f9:
                    d3:fd:59:4a:46:14:0c:e3:4c:bb:59:5e:c5:3e:02:
                    a0:95:85:ef:4e:85:b3:53:33:20:a0:b3:00:b2:54:
                    f1:32:71:5d:19:0e:7b:fb:7f:64:e5:15:f5:47:5f:
                    55:cc:fd:db:f2:8c:41:81:76:9c:7d:71:ac:d4:b3:
                    ee:c4:0d:2b:63:da:01:ed:b7:30:6d:9f:9a:91:12:
                    4a:60:26:eb:12:0c:1a:95:1d:ef:05:85:2c:71:0f:
                    73:5e:f6:22:eb:eb:92:2e:d1:05:69:36:c5:89:f0:
                    11:fb:62:b7:6b:b6:11:61:83:60:18:ff:82:0e:c8:
                    21:3a:4d:b9:88:50:b3:8e:99:07:73:91:36:28:5e:
                    ac:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:F3:CD:86:0C:E7:3F:F4:D1:2A:8B:45:3E:3E:19:D0:00:94:B8:33
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/62d6bf45-c69e-4fcb-bee1-400c9277854b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.158.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:18:a1:74:1e:a6:ee:c5:6a:30:de:a6:31:c0:a6:19:ef:09:
         d0:bf:77:59:92:66:2e:a0:0e:eb:23:e4:ba:99:33:41:e7:3f:
         c5:2f:47:d0:19:8b:23:46:fe:ef:69:21:90:3a:6f:c6:78:fd:
         81:cc:67:c4:f8:1c:e5:52:b4:a6:39:89:04:9a:c6:ff:cd:b7:
         61:c1:1e:35:e1:ee:07:fe:ed:ef:d8:4e:5a:61:39:d0:f3:9b:
         43:64:3b:14:b8:25:95:36:8b:20:5f:2c:38:13:d5:1c:90:e4:
         20:8e:2a:f0:2d:47:3f:50:94:36:b2:e6:b4:14:e4:07:f0:38:
         ad:0c:ad:36:33:c5:94:2c:cf:15:d1:cf:8a:b4:0c:d7:e0:d9:
         64:73:28:78:4f:2f:c9:9e:c1:af:1e:34:52:ed:e9:b6:c9:29:
         02:be:46:06:31:7f:5f:9c:dc:fd:11:7f:22:ac:56:b6:dd:1a:
         7d:b5:be:85:d5:c9:e9:9a:ed:13:40:bb:79:a3:6f:35:f7:31:
         ba:fd:0a:63:ce:72:16:40:f4:d2:15:14:c6:b5:5f:3c:d0:a4:
         a0:71:86:19:e5:99:88:d8:5a:61:45:a0:4d:22:be:c1:7c:74:
         bc:34:70:60:85:b8:d3:f2:ed:c3:44:fb:1d:88:9d:d3:7b:92:
         93:7f:ed:f6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKBIREtfmtTDDmCilz8ZsrgfovJ8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEzMTcyMTA2WhcNMjUxMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZTY0Njg3NWQzOTY4YWM1MmU0NmE5ZTFiNzc4NzIwYmMw
NDE4MDRjNzZkYmYzY2YyMDQ0NTI1MDU0M2E5ODdmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRhNeyx94S8mxi/F2QfBWoCBHkFytf6oPREEp9EPi6tvm1
28jn/nyQYmVREDYpg2o4iv2vTv+/fdX5TWpiloos72+NHikLvQCMZa5Wgw2gcPiN
qSSiXdmHrjR3BLUGVBPXPz3EFxVsG9rx/aF86TXkMi30tzN0+dP9WUpGFAzjTLtZ
XsU+AqCVhe9OhbNTMyCgswCyVPEycV0ZDnv7f2TlFfVHX1XM/dvyjEGBdpx9cazU
s+7EDStj2gHttzBtn5qREkpgJusSDBqVHe8FhSxxD3Ne9iLr65Iu0QVpNsWJ8BH7
YrdrthFhg2AY/4IOyCE6TbmIULOOmQdzkTYoXqwzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgfPNhgznP/TRKotFPj4Z0ACUuDMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzYyZDZiZjQ1LWM2OWUtNGZjYi1iZWUxLTQwMGM5Mjc3ODU0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPnu4wDQYJKoZIhvcNAQELBQADggEBAEYYoXQepu7FajDepjHAphnvCdC/
d1mSZi6gDusj5LqZM0HnP8UvR9AZiyNG/u9pIZA6b8Z4/YHMZ8T4HOVStKY5iQSa
xv/Nt2HBHjXh7gf+7e/YTlphOdDzm0NkOxS4JZU2iyBfLDgT1RyQ5CCOKvAtRz9Q
lDay5rQU5AfwOK0MrTYzxZQszxXRz4q0DNfg2WRzKHhPL8mewa8eNFLt6bbJKQK+
RgYxf1+c3P0RfyKsVrbdGn21voXVyema7RNAu3mjbzX3Mbr9CmPOchZA9NIVFMa1
XzzQpKBxhhnlmYjYWmFFoE0ivsF8dLw0cGCFuNPy7cNE+x2IndN7kpN/7fY=
-----END CERTIFICATE-----