Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/afd84ce0-5f94-4882-a58d-e17f6a9668cf.roa
File:                     afd84ce0-5f94-4882-a58d-e17f6a9668cf.roa (raw, json)
Hash identifier:          +fyrckkouRK4XjCdQ0sL0mMxblS7bL9uOHpbaOqT1Vw=
Subject key identifier:   8D:2E:01:23:93:4D:92:44:2D:A7:55:75:4B:4B:BC:25:5E:4F:F5:BD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6AD8E12CA46BBC7384D96290381964DB7E5B6DC5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/afd84ce0-5f94-4882-a58d-e17f6a9668cf.roa
Signing time:             Sun 19 Oct 2025 07:32:39 +0000
ROA not before:           Sun 19 Oct 2025 07:32:39 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.238.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:d8:e1:2c:a4:6b:bc:73:84:d9:62:90:38:19:64:db:7e:5b:6d:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 07:32:39 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=b61976bfc2f257511d0332db2b935be9f60aaa4f0e883a41701c287fd9f2bb90, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:11:20:4c:a7:eb:2a:bc:da:ed:95:7d:b5:52:
                    91:3e:b8:4c:7e:da:b4:81:e3:c4:fb:52:5b:56:17:
                    fb:47:bd:c5:c7:14:37:b5:a9:73:66:f7:65:0f:6c:
                    75:d0:66:dc:d3:08:95:36:73:c7:52:03:55:c6:21:
                    2b:f5:81:aa:60:b3:69:20:f0:7e:2c:bd:9f:db:14:
                    ab:83:2d:bf:19:ce:bb:7f:d7:61:e4:46:d3:5e:ec:
                    86:2e:98:5a:38:98:47:62:ef:0a:9c:4c:5e:07:63:
                    25:70:52:7f:c6:e4:65:42:3a:b7:a6:fa:f7:d5:84:
                    3f:b8:cc:c4:a5:4c:cf:16:d9:1a:58:35:5d:02:ea:
                    53:f8:c5:77:1c:cb:02:57:c3:c2:de:1b:a4:32:94:
                    9e:10:25:46:fe:e9:ea:39:0a:36:f7:c1:fe:37:f4:
                    e7:35:95:24:98:b3:bc:b2:7b:0e:2c:c3:42:60:ee:
                    a9:ef:4b:aa:6c:59:ee:b9:7b:48:90:83:b1:31:2e:
                    9c:06:6e:9e:d5:e5:d0:ce:14:00:ef:4a:cf:4c:7f:
                    02:14:25:ee:9e:7a:e5:b9:42:23:b4:7b:46:41:38:
                    f8:7a:b1:59:47:c4:d2:e3:f9:d9:aa:4f:b7:83:97:
                    07:96:16:4e:3d:fd:78:46:4e:0a:b9:fa:33:6c:18:
                    3d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:2E:01:23:93:4D:92:44:2D:A7:55:75:4B:4B:BC:25:5E:4F:F5:BD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/afd84ce0-5f94-4882-a58d-e17f6a9668cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.238.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         97:03:94:59:32:3b:a1:75:a3:cb:fc:ec:08:10:db:60:be:e3:
         86:49:d6:8a:75:70:b1:a2:4e:4f:33:d8:13:d2:8b:7d:50:54:
         de:7f:4f:fd:37:62:b2:c1:99:37:eb:4f:29:1c:a7:c1:95:0c:
         ff:db:95:ad:be:70:f3:8f:17:f8:a9:aa:a3:f7:41:ce:9e:97:
         3a:1d:d5:b1:a0:a4:35:76:9b:48:1e:e5:7e:13:26:f7:e5:81:
         c2:15:fa:2f:f7:1a:1f:fc:fc:a5:66:8a:78:fd:d7:6d:b1:c4:
         58:31:c7:2c:27:83:f7:c7:ec:2c:e6:73:83:70:a5:48:5d:ba:
         11:5a:71:40:8d:dd:25:79:32:23:89:21:31:ec:ea:10:7d:4d:
         fa:c6:a0:ad:20:59:c3:60:87:e9:9c:ab:20:e6:57:d1:82:bc:
         b0:6e:71:74:df:a8:1b:e2:d8:a3:94:ec:b0:42:d0:c3:74:c7:
         3d:c7:b9:75:0a:38:fc:ea:37:df:fa:6c:bb:89:97:da:66:91:
         52:30:cb:b3:1a:fb:c6:11:40:f7:4e:97:bf:64:c6:ba:44:58:
         d1:cf:d4:ca:21:7d:25:da:32:7d:a5:a3:6a:58:b9:11:27:cb:
         46:5f:86:17:ec:9b:36:10:1c:14:fa:39:70:10:ad:74:21:55:
         68:7b:e6:c7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUatjhLKRrvHOE2WKQOBlk235bbcUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDczMjM5WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNjE5NzZiZmMyZjI1NzUxMWQwMzMyZGIyYjkzNWJlOWY2
MGFhYTRmMGU4ODNhNDE3MDFjMjg3ZmQ5ZjJiYjkwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1ESBMp+sqvNrtlX21UpE+uEx+2rSB48T7UltWF/tHvcXH
FDe1qXNm92UPbHXQZtzTCJU2c8dSA1XGISv1gapgs2kg8H4svZ/bFKuDLb8Zzrt/
12HkRtNe7IYumFo4mEdi7wqcTF4HYyVwUn/G5GVCOrem+vfVhD+4zMSlTM8W2RpY
NV0C6lP4xXccywJXw8LeG6QylJ4QJUb+6eo5Cjb3wf439Oc1lSSYs7yyew4sw0Jg
7qnvS6psWe65e0iQg7ExLpwGbp7V5dDOFADvSs9MfwIUJe6eeuW5QiO0e0ZBOPh6
sVlHxNLj+dmqT7eDlweWFk49/XhGTgq5+jNsGD3bAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjS4BI5NNkkQtp1V1S0u8JV5P9b0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FmZDg0Y2UwLTVmOTQtNDg4Mi1hNThkLWUxN2Y2YTk2NjhjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP7jANBgkqhkiG9w0BAQsFAAOCAQEAlwOUWTI7oXWjy/zsCBDbYL7jhknW
inVwsaJOTzPYE9KLfVBU3n9P/TdissGZN+tPKRynwZUM/9uVrb5w848X+Kmqo/dB
zp6XOh3VsaCkNXabSB7lfhMm9+WBwhX6L/caH/z8pWaKeP3XbbHEWDHHLCeD98fs
LOZzg3ClSF26EVpxQI3dJXkyI4khMezqEH1N+sagrSBZw2CH6ZyrIOZX0YK8sG5x
dN+oG+LYo5TssELQw3THPce5dQo4/Oo33/psu4mX2maRUjDLsxr7xhFA906Xv2TG
ukRY0c/UyiF9JdoyfaWjali5ESfLRl+GF+ybNhAcFPo5cBCtdCFVaHvmxw==
-----END CERTIFICATE-----