Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f3258fb5-90ca-480b-9923-260e8ad61e8d.roa
File:                     f3258fb5-90ca-480b-9923-260e8ad61e8d.roa (raw, json)
Hash identifier:          X+lxfUdJCFmrl8z3tan6bY4L5mS32MdFTlBhY4Qr+18=
Subject key identifier:   23:B8:33:74:91:BB:F5:7C:21:03:62:E3:B3:44:96:9F:69:A4:0B:2F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2B11A15301709F48816D93DAC498239A5B71BD46
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f3258fb5-90ca-480b-9923-260e8ad61e8d.roa
Signing time:             Sat 28 Jun 2025 00:50:55 +0000
ROA not before:           Sat 28 Jun 2025 00:50:55 +0000
ROA not after:            Sat 02 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.181.32.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 01 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:11:a1:53:01:70:9f:48:81:6d:93:da:c4:98:23:9a:5b:71:bd:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 28 00:50:55 2025 GMT
            Not After : Aug  2 23:59:59 2025 GMT
        Subject: serialNumber=13f8141e677294a2ae3d622dd1d3ee7aada768ae83d75f128dbacfa07885bdf3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ab:d3:b6:0d:4c:89:ab:79:f0:52:ec:1e:b5:
                    95:eb:e7:ad:33:af:6c:5b:5e:3c:99:53:21:f0:ee:
                    72:d7:6c:36:99:8e:be:b8:79:fe:85:02:58:80:ef:
                    7a:d3:2b:54:2b:d6:5b:10:f4:7b:c9:e5:1a:0a:38:
                    a4:5d:bc:50:a4:1d:f5:3d:53:88:28:fc:9d:6b:7c:
                    06:a0:a2:23:e7:76:6d:6f:3b:5f:8e:fa:13:41:07:
                    15:cd:1f:5a:bb:43:06:91:df:b9:c6:a0:2f:a6:c5:
                    d2:08:0f:12:0a:66:ac:6b:34:99:0c:ab:52:d3:f4:
                    3d:71:99:05:23:a6:2f:76:af:4e:3f:25:fe:bf:bb:
                    87:4d:6b:df:4f:f8:fe:19:47:c7:24:6e:5d:7b:26:
                    10:90:57:38:90:64:b5:67:92:0c:48:64:99:1c:bc:
                    2a:7c:33:73:71:b6:fd:c3:35:c4:8f:8b:4c:89:c6:
                    33:3a:a8:92:33:15:62:2d:40:96:97:3d:7a:ed:38:
                    80:90:5e:9d:6f:29:d8:2e:da:39:b8:50:09:f9:43:
                    2e:20:d4:26:05:6b:64:5c:43:ce:ff:77:22:29:3c:
                    da:2d:55:2b:ca:10:e9:4b:44:d0:ca:60:03:76:7e:
                    32:fa:42:6c:98:4b:02:cb:1d:24:77:ea:86:91:f2:
                    3a:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:B8:33:74:91:BB:F5:7C:21:03:62:E3:B3:44:96:9F:69:A4:0B:2F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f3258fb5-90ca-480b-9923-260e8ad61e8d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.181.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         79:12:70:fb:82:00:a9:1a:3a:0a:75:42:1d:f7:8c:a7:f5:7b:
         9d:2f:99:b4:e7:6e:b6:92:3c:15:bc:12:3e:7f:f0:59:27:9d:
         5e:4f:85:21:8e:7e:34:49:19:db:ad:da:20:d1:15:06:5d:e7:
         9c:21:24:1c:fc:f6:fe:b4:9d:93:a2:72:5b:43:19:e2:0f:29:
         38:53:8c:bd:44:ac:5c:79:9a:38:19:f7:7b:8a:d8:1e:40:0a:
         54:00:d1:fc:db:61:bf:39:f1:43:0e:a8:33:1b:81:b9:ef:65:
         1f:6f:e4:05:65:88:54:19:3a:cd:a1:ef:b7:06:4b:3b:ec:24:
         f6:1a:b8:ea:d1:00:d2:4f:4c:68:b0:fa:91:be:13:db:9b:0e:
         c3:49:9b:6b:9e:9d:73:86:c0:bd:a2:c8:b5:1d:c5:d2:4c:4a:
         48:a5:8f:a0:6f:ba:53:99:62:c0:49:68:e6:74:e7:2b:55:a5:
         28:29:72:c9:46:22:24:64:48:4e:b0:cd:e6:7b:bc:b1:c9:ce:
         44:e8:6b:21:b9:de:d5:9d:eb:6e:61:10:d2:38:46:43:c7:d3:
         d3:1e:8f:f2:56:a2:18:8a:a1:e1:1b:28:dd:da:78:40:4f:12:
         89:c8:04:53:02:56:36:8a:52:33:41:ea:61:45:9f:fd:20:d6:
         26:1d:76:c5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKxGhUwFwn0iBbZPaxJgjmltxvUYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjI4MDA1MDU1WhcNMjUwODAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxM2Y4MTQxZTY3NzI5NGEyYWUzZDYyMmRkMWQzZWU3YWFk
YTc2OGFlODNkNzVmMTI4ZGJhY2ZhMDc4ODViZGYzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEq9O2DUyJq3nwUuwetZXr560zr2xbXjyZUyHw7nLXbDaZ
jr64ef6FAliA73rTK1Qr1lsQ9HvJ5RoKOKRdvFCkHfU9U4go/J1rfAagoiPndm1v
O1+O+hNBBxXNH1q7QwaR37nGoC+mxdIIDxIKZqxrNJkMq1LT9D1xmQUjpi92r04/
Jf6/u4dNa99P+P4ZR8ckbl17JhCQVziQZLVnkgxIZJkcvCp8M3Nxtv3DNcSPi0yJ
xjM6qJIzFWItQJaXPXrtOICQXp1vKdgu2jm4UAn5Qy4g1CYFa2RcQ87/dyIpPNot
VSvKEOlLRNDKYAN2fjL6QmyYSwLLHSR36oaR8jqzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUI7gzdJG79XwhA2Ljs0SWn2mkCy8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YzMjU4ZmI1LTkwY2EtNDgwYi05OTIzLTI2MGU4YWQ2MWU4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMPtSAwDQYJKoZIhvcNAQELBQADggEBAHkScPuCAKkaOgp1Qh33jKf1e50v
mbTnbraSPBW8Ej5/8FknnV5PhSGOfjRJGdut2iDRFQZd55whJBz89v60nZOicltD
GeIPKThTjL1ErFx5mjgZ93uK2B5AClQA0fzbYb858UMOqDMbgbnvZR9v5AVliFQZ
Os2h77cGSzvsJPYauOrRANJPTGiw+pG+E9ubDsNJm2uenXOGwL2iyLUdxdJMSkil
j6BvulOZYsBJaOZ05ytVpSgpcslGIiRkSE6wzeZ7vLHJzkToayG53tWd625hENI4
RkPH09Mej/JWohiKoeEbKN3aeEBPEonIBFMCVjaKUjNB6mFFn/0g1iYddsU=
-----END CERTIFICATE-----