Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fa242b33-cbff-4900-adde-f462ee3272af.roa
File:                     fa242b33-cbff-4900-adde-f462ee3272af.roa (raw, json)
Hash identifier:          dC5SeJ1co/XWKS6/c5KebQMNwMLALU1zccCql1cSTp4=
Subject key identifier:   72:E2:CE:F7:72:D4:57:7E:29:E6:BE:FA:04:0F:60:3F:3A:87:D2:78
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2B5134465F7EA3DAA96D883EE43A08358FAF0EE5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fa242b33-cbff-4900-adde-f462ee3272af.roa
Signing time:             Fri 25 Apr 2025 15:51:41 +0000
ROA not before:           Fri 25 Apr 2025 15:51:41 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.230.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 06 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:51:34:46:5f:7e:a3:da:a9:6d:88:3e:e4:3a:08:35:8f:af:0e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 25 15:51:41 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=325715752842f7f495cca534e5c3697192c0de9b8c5b3e49ae5a186a94e400a9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fa:68:2f:b6:33:3c:6c:95:9a:0e:5a:b7:3b:
                    42:7e:bd:10:ac:ac:31:2e:f1:f3:c6:68:cb:55:59:
                    94:12:51:f0:b2:b8:ac:b3:e3:50:a6:9c:1a:c9:a2:
                    c5:75:a6:b5:74:58:7d:8d:0e:e4:b2:ab:61:3c:25:
                    ef:c9:83:81:e3:e0:6e:af:9d:11:b8:df:93:4c:ca:
                    bf:00:45:b4:2e:09:e6:f2:b6:ed:1d:86:9e:42:ef:
                    a4:7a:6e:1c:39:e4:bd:11:90:4e:87:e3:22:18:7e:
                    c4:17:9e:a3:dc:b4:d2:86:86:db:0c:4a:d6:b9:2f:
                    1c:5c:8c:02:fa:ad:06:d5:0e:02:7f:53:8c:64:1c:
                    d6:82:b5:8c:da:e4:bd:e9:cc:d3:3e:1f:50:bf:91:
                    77:64:c2:d1:6a:4c:a9:e8:51:da:01:7b:55:90:c7:
                    98:db:fb:2d:6f:73:2e:d6:fb:df:6b:1a:91:26:6f:
                    d8:bd:7d:d2:07:bb:be:9d:e5:f4:21:8e:57:dc:7f:
                    28:21:33:2f:e5:9a:45:12:ff:7e:ee:e8:bd:ca:a2:
                    4c:ad:62:dc:99:6a:28:d6:79:d6:45:e6:f0:28:ec:
                    f7:c6:6c:35:fd:7f:fa:13:d3:2c:12:d8:ea:e1:1c:
                    a0:46:83:37:99:f3:9d:a7:e1:2e:ae:47:7f:69:c4:
                    b8:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:E2:CE:F7:72:D4:57:7E:29:E6:BE:FA:04:0F:60:3F:3A:87:D2:78
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fa242b33-cbff-4900-adde-f462ee3272af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.230.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:03:90:73:2e:2d:4d:95:c6:3f:64:b8:2f:ca:d7:2c:cd:85:
         1d:98:4e:0c:74:6b:62:cb:df:0a:35:3d:f8:e8:e7:9f:5c:94:
         ef:ed:4c:f9:5b:fb:75:18:4e:e0:1d:21:56:85:7d:d9:a3:25:
         a3:a7:bc:f9:e5:ce:3e:c1:d1:cb:38:d6:fe:67:f6:48:57:00:
         9b:ab:a0:e8:f2:36:74:bd:e6:01:0b:26:ac:9f:ba:a5:e7:f4:
         a3:6e:d5:47:e2:15:e1:e4:3c:7a:78:4e:ae:ec:72:d5:1d:d1:
         a5:c8:d4:23:64:d3:ad:bc:65:d4:bd:85:17:13:fe:26:b4:56:
         c6:7b:6d:90:ae:1a:1c:af:46:7f:3d:4a:db:f0:b1:3c:ed:91:
         51:48:6e:cf:37:a9:95:07:9f:74:94:a8:0b:09:cb:64:4a:59:
         cc:2a:4b:c1:80:40:a6:8a:72:1b:ac:6b:01:fc:9b:7b:63:e6:
         76:70:a7:5a:4d:19:fd:1e:c8:e5:62:0e:05:99:0b:fc:30:db:
         80:da:0e:c5:23:4b:e1:82:73:07:ac:e3:04:f3:4b:af:42:97:
         ca:29:ef:57:5f:59:cd:0c:4f:7b:2e:43:ea:00:09:c5:54:9e:
         09:2b:7c:7a:94:87:c9:f6:63:0a:8d:be:3a:b4:a6:f2:22:47:
         8a:8f:4f:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK1E0Rl9+o9qpbYg+5DoINY+vDuUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDI1MTU1MTQxWhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjU3MTU3NTI4NDJmN2Y0OTVjY2E1MzRlNWMzNjk3MTky
YzBkZTliOGM1YjNlNDlhZTVhMTg2YTk0ZTQwMGE5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7+mgvtjM8bJWaDlq3O0J+vRCsrDEu8fPGaMtVWZQSUfCy
uKyz41CmnBrJosV1prV0WH2NDuSyq2E8Je/Jg4Hj4G6vnRG435NMyr8ARbQuCeby
tu0dhp5C76R6bhw55L0RkE6H4yIYfsQXnqPctNKGhtsMSta5LxxcjAL6rQbVDgJ/
U4xkHNaCtYza5L3pzNM+H1C/kXdkwtFqTKnoUdoBe1WQx5jb+y1vcy7W+99rGpEm
b9i9fdIHu76d5fQhjlfcfyghMy/lmkUS/37u6L3KokytYtyZaijWedZF5vAo7PfG
bDX9f/oT0ywS2OrhHKBGgzeZ852n4S6uR39pxLjlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcuLO93LUV34p5r76BA9gPzqH0ngwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZhMjQyYjMzLWNiZmYtNDkwMC1hZGRlLWY0NjJlZTMyNzJhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP5hIwDQYJKoZIhvcNAQELBQADggEBAHEDkHMuLU2Vxj9kuC/K1yzNhR2Y
Tgx0a2LL3wo1Pfjo559clO/tTPlb+3UYTuAdIVaFfdmjJaOnvPnlzj7B0cs41v5n
9khXAJuroOjyNnS95gELJqyfuqXn9KNu1UfiFeHkPHp4Tq7sctUd0aXI1CNk0628
ZdS9hRcT/ia0VsZ7bZCuGhyvRn89StvwsTztkVFIbs83qZUHn3SUqAsJy2RKWcwq
S8GAQKaKchusawH8m3tj5nZwp1pNGf0eyOViDgWZC/ww24DaDsUjS+GCcwes4wTz
S69Cl8op71dfWc0MT3suQ+oACcVUngkrfHqUh8n2YwqNvjq0pvIiR4qPTy4=
-----END CERTIFICATE-----