Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b44145ba-3a97-461d-bd54-05497f4841be.roa
File:                     b44145ba-3a97-461d-bd54-05497f4841be.roa (raw, json)
Hash identifier:          NPWjsdlLWbBVMHz+d8XGgblue/3FlJdu+hGTx6NphjM=
Subject key identifier:   87:55:16:EE:43:C8:0E:B8:F8:2C:0B:2F:D2:54:B0:75:BF:4B:02:39
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       237C4C0D319EE3725BD155060CA80B7ACD5E440E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b44145ba-3a97-461d-bd54-05497f4841be.roa
Signing time:             Wed 15 Oct 2025 23:51:07 +0000
ROA not before:           Wed 15 Oct 2025 23:51:07 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        144.220.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:7c:4c:0d:31:9e:e3:72:5b:d1:55:06:0c:a8:0b:7a:cd:5e:44:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 15 23:51:07 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=aac6b30bf9d4463578212255d737a89d0e7dff1e6c83c78acdef138cfbef079a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f2:b6:0f:01:40:44:62:b6:71:08:13:f1:94:
                    04:ec:7c:87:ba:f9:eb:fe:43:c8:bd:99:dc:6a:cc:
                    3a:df:db:53:ff:7b:86:5a:86:c5:e9:3d:9d:82:e0:
                    55:ec:5b:99:dc:56:9c:21:bc:a6:9d:cc:b6:85:2d:
                    84:5d:f8:2f:6c:31:e3:62:af:ad:66:5d:84:5e:09:
                    7f:57:a5:07:65:28:2b:c0:5e:be:b9:38:89:ff:e8:
                    d0:8c:82:25:18:0b:55:47:b9:c5:1b:6c:05:5d:fb:
                    c9:f7:8c:04:2f:e0:77:5d:86:7b:54:98:00:c6:07:
                    0e:f7:29:bf:49:f3:32:f8:7b:79:2c:97:5a:9a:b7:
                    f4:c9:32:71:2f:92:3a:dd:36:a0:15:99:ba:5f:a0:
                    12:66:2c:d9:ce:47:ae:a2:0c:04:30:14:a1:02:c1:
                    2c:36:e8:da:c7:bf:47:bf:ca:45:81:2e:da:b7:e5:
                    01:fa:f0:a2:f0:1c:e0:1d:49:f4:a9:22:e2:85:cd:
                    27:f7:47:57:68:6c:b5:07:92:63:2a:b2:ab:99:8b:
                    b7:d7:8f:11:f4:61:0e:b5:4f:2f:4f:2c:ae:1f:5e:
                    18:7e:30:6b:19:16:fe:e7:9a:47:de:2f:91:da:e6:
                    75:f6:18:3b:0f:8b:79:7b:2c:75:9b:cd:2b:57:ea:
                    85:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:55:16:EE:43:C8:0E:B8:F8:2C:0B:2F:D2:54:B0:75:BF:4B:02:39
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b44145ba-3a97-461d-bd54-05497f4841be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.220.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:73:68:3c:bc:50:40:f9:13:4b:97:05:05:93:04:51:94:3e:
         8b:96:3f:e4:96:11:60:25:2d:3e:e0:e5:d8:6f:5a:ed:01:da:
         09:f7:db:11:5a:96:3b:98:c6:f3:c9:5b:aa:07:2d:7d:21:1e:
         19:2d:bd:85:6f:1e:be:43:93:a2:86:df:cb:79:2e:8e:4f:97:
         19:11:5b:08:c3:da:d6:d4:92:0c:13:10:0e:df:dd:f9:f0:38:
         5b:c4:22:8a:b2:ed:e7:82:82:23:1d:0d:31:0b:8d:ef:68:16:
         0b:74:43:e6:49:d2:a1:d0:de:93:1c:40:41:fc:6b:78:72:ba:
         ac:14:af:7d:f1:a3:c4:cb:5a:bb:de:cb:f9:41:46:4f:85:88:
         9a:a2:cd:43:17:0a:ad:e3:7e:23:eb:66:81:a2:b3:5d:23:0a:
         6e:62:62:d0:a4:3a:78:a5:ef:bb:99:77:d9:63:7d:8c:db:c6:
         01:de:29:0b:0c:92:92:2b:73:1f:59:67:a5:87:e2:d4:77:10:
         73:d6:75:5a:97:49:d4:f3:09:5c:9a:00:7e:4c:b8:5f:ee:28:
         03:55:82:cc:dc:fc:15:60:a2:02:9f:6d:96:31:c4:89:94:9a:
         c9:05:55:4e:a0:db:6a:6a:21:f1:e8:80:53:c3:c9:d0:ee:0c:
         5d:f2:b6:38
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI3xMDTGe43Jb0VUGDKgLes1eRA4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE1MjM1MTA3WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYWM2YjMwYmY5ZDQ0NjM1NzgyMTIyNTVkNzM3YTg5ZDBl
N2RmZjFlNmM4M2M3OGFjZGVmMTM4Y2ZiZWYwNzlhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC58rYPAUBEYrZxCBPxlATsfIe6+ev+Q8i9mdxqzDrf21P/
e4ZahsXpPZ2C4FXsW5ncVpwhvKadzLaFLYRd+C9sMeNir61mXYReCX9XpQdlKCvA
Xr65OIn/6NCMgiUYC1VHucUbbAVd+8n3jAQv4HddhntUmADGBw73Kb9J8zL4e3ks
l1qat/TJMnEvkjrdNqAVmbpfoBJmLNnOR66iDAQwFKECwSw26NrHv0e/ykWBLtq3
5QH68KLwHOAdSfSpIuKFzSf3R1dobLUHkmMqsquZi7fXjxH0YQ61Ty9PLK4fXhh+
MGsZFv7nmkfeL5Ha5nX2GDsPi3l7LHWbzStX6oXxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUh1UW7kPIDrj4LAsv0lSwdb9LAjkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I0NDE0NWJhLTNhOTctNDYxZC1iZDU0LTA1NDk3ZjQ4NDFiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACQ3DwwDQYJKoZIhvcNAQELBQADggEBACBzaDy8UED5E0uXBQWTBFGUPouW
P+SWEWAlLT7g5dhvWu0B2gn32xFaljuYxvPJW6oHLX0hHhktvYVvHr5Dk6KG38t5
Lo5PlxkRWwjD2tbUkgwTEA7f3fnwOFvEIoqy7eeCgiMdDTELje9oFgt0Q+ZJ0qHQ
3pMcQEH8a3hyuqwUr33xo8TLWrvey/lBRk+FiJqizUMXCq3jfiPrZoGis10jCm5i
YtCkOnil77uZd9ljfYzbxgHeKQsMkpIrcx9ZZ6WH4tR3EHPWdVqXSdTzCVyaAH5M
uF/uKANVgszc/BVgogKfbZYxxImUmskFVU6g22pqIfHogFPDydDuDF3ytjg=
-----END CERTIFICATE-----