Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fa242b33-cbff-4900-adde-f462ee3272af.roa
File:                     fa242b33-cbff-4900-adde-f462ee3272af.roa (raw, json)
Hash identifier:          eueM763Y0zTiLPBMaZQzEw032cv+clC19+iIRwZJTF0=
Subject key identifier:   B4:B6:AE:CA:69:D6:8B:C7:16:81:3A:74:7D:CD:6E:C0:66:DA:75:51
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       04CB8AA61A6960A2EE0098D2FB33775DD5DE16F3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fa242b33-cbff-4900-adde-f462ee3272af.roa
Signing time:             Mon 16 Jun 2025 16:30:19 +0000
ROA not before:           Mon 16 Jun 2025 16:30:19 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.230.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 01 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:cb:8a:a6:1a:69:60:a2:ee:00:98:d2:fb:33:77:5d:d5:de:16:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 16 16:30:19 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=1d07e5f6b47f1c4c3243b5153d05cbccf20538a5f7cbbb864996dbdf63d5e09d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6c:b9:e6:de:f7:18:c8:99:22:8b:91:78:d2:
                    04:e5:ae:33:27:7a:14:f4:76:04:66:fc:dd:c7:48:
                    70:0d:9a:cd:48:2d:02:7d:65:31:69:67:3f:3c:0d:
                    23:bb:ce:16:a9:b0:cc:b6:1f:ac:81:3d:57:3c:82:
                    23:c7:e4:62:06:d4:65:7a:21:53:7c:53:49:19:db:
                    05:e6:86:62:f1:43:08:c2:31:91:c5:8a:47:78:ef:
                    95:d8:e7:42:4e:1e:e6:62:99:a3:4d:e1:0b:cd:51:
                    e6:13:e2:c0:74:54:9e:ea:86:b0:e5:f4:15:11:c8:
                    58:e5:a8:14:bd:1c:7b:2c:6f:2e:64:4a:42:47:78:
                    74:81:f4:f6:07:01:51:fc:74:9e:18:61:7d:76:d9:
                    fe:74:e4:eb:5b:f3:1a:cd:85:78:e0:c9:10:54:de:
                    d7:a6:62:5e:c9:9f:e7:ec:80:0b:6b:c9:1c:a3:07:
                    1d:da:47:9d:81:dd:76:e0:f6:3d:b7:1e:de:0d:98:
                    3b:73:75:b7:92:a4:21:64:d3:32:13:3f:27:13:cb:
                    70:40:5f:53:44:2b:c1:93:6f:45:81:1b:1f:5d:6c:
                    ff:0c:9d:06:a2:87:04:3e:50:af:31:46:4b:98:05:
                    9e:65:6f:8d:d4:b2:3d:5b:10:f9:6e:e5:a4:fa:5b:
                    95:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:B6:AE:CA:69:D6:8B:C7:16:81:3A:74:7D:CD:6E:C0:66:DA:75:51
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fa242b33-cbff-4900-adde-f462ee3272af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:4e:2e:4d:0a:95:06:64:01:96:7c:8c:da:77:30:6e:18:e7:
         a1:da:79:90:07:bf:2d:82:e9:f2:69:cc:72:d6:08:43:50:86:
         a7:e9:b1:2b:14:6b:d6:36:74:20:1b:58:b2:9a:40:4c:64:c8:
         cc:f3:34:48:72:53:c6:cd:6f:07:ed:7a:3f:de:02:3b:9b:f3:
         59:87:ef:f4:03:6e:aa:e5:81:28:82:9b:71:d2:ac:a2:08:9d:
         2d:a5:c9:e3:96:99:e5:8a:90:50:32:6d:24:da:63:5d:41:2e:
         17:6a:29:b7:6e:f6:9a:16:1c:f9:48:1c:e5:5d:48:6f:e2:59:
         b9:87:f9:03:0d:9d:f2:d0:03:a0:7c:9c:6a:12:f3:fd:52:5c:
         3a:8e:6a:b2:8e:20:73:6b:93:97:ab:4e:ca:88:02:db:00:ce:
         54:2a:e2:41:a2:cf:5c:db:fc:bd:a7:b8:69:46:a6:f8:0b:9c:
         d7:9d:de:03:a4:c8:86:9d:cf:83:ba:92:fe:8b:44:6c:0c:db:
         06:ad:36:07:36:87:2f:c3:28:5f:a5:e0:be:71:f0:62:2a:0f:
         7f:dc:b9:b2:b2:05:b3:69:fd:25:27:aa:ba:ea:13:8a:42:00:
         d2:b3:2f:83:a9:9b:7f:e5:20:9c:f7:f3:23:c5:8e:1e:b8:f2:
         e7:eb:71:f0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBMuKphppYKLuAJjS+zN3XdXeFvMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjE2MTYzMDE5WhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZDA3ZTVmNmI0N2YxYzRjMzI0M2I1MTUzZDA1Y2JjY2Yy
MDUzOGE1ZjdjYmJiODY0OTk2ZGJkZjYzZDVlMDlkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNbLnm3vcYyJkii5F40gTlrjMnehT0dgRm/N3HSHANms1I
LQJ9ZTFpZz88DSO7zhapsMy2H6yBPVc8giPH5GIG1GV6IVN8U0kZ2wXmhmLxQwjC
MZHFikd475XY50JOHuZimaNN4QvNUeYT4sB0VJ7qhrDl9BURyFjlqBS9HHssby5k
SkJHeHSB9PYHAVH8dJ4YYX122f505Otb8xrNhXjgyRBU3temYl7Jn+fsgAtryRyj
Bx3aR52B3Xbg9j23Ht4NmDtzdbeSpCFk0zITPycTy3BAX1NEK8GTb0WBGx9dbP8M
nQaihwQ+UK8xRkuYBZ5lb43Usj1bEPlu5aT6W5URAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtLauymnWi8cWgTp0fc1uwGbadVEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZhMjQyYjMzLWNiZmYtNDkwMC1hZGRlLWY0NjJlZTMyNzJhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5hIwDQYJKoZIhvcNAQELBQADggEBABROLk0KlQZkAZZ8jNp3MG4Y56Ha
eZAHvy2C6fJpzHLWCENQhqfpsSsUa9Y2dCAbWLKaQExkyMzzNEhyU8bNbwftej/e
Ajub81mH7/QDbqrlgSiCm3HSrKIInS2lyeOWmeWKkFAybSTaY11BLhdqKbdu9poW
HPlIHOVdSG/iWbmH+QMNnfLQA6B8nGoS8/1SXDqOarKOIHNrk5erTsqIAtsAzlQq
4kGiz1zb/L2nuGlGpvgLnNed3gOkyIadz4O6kv6LRGwM2watNgc2hy/DKF+l4L5x
8GIqD3/cubKyBbNp/SUnqrrqE4pCANKzL4Opm3/lIJz38yPFjh648ufrcfA=
-----END CERTIFICATE-----