Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10524bce-f067-4f89-8c21-061714f95a02.roa
File:                     10524bce-f067-4f89-8c21-061714f95a02.roa (raw, json)
Hash identifier:          n5zKdgg1X0WaMJov2A0Yt18JikmNTrIZhzDd4XFljCU=
Subject key identifier:   3B:D0:10:E6:7B:15:79:5A:06:AC:F3:6F:7A:CA:8C:E7:33:A3:AD:D4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       73C7926FB293568E8D0AA16B1F5F98D1CB0EC4CB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10524bce-f067-4f89-8c21-061714f95a02.roa
Signing time:             Wed 24 Sep 2025 20:48:46 +0000
ROA not before:           Wed 24 Sep 2025 20:48:46 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.227.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:c7:92:6f:b2:93:56:8e:8d:0a:a1:6b:1f:5f:98:d1:cb:0e:c4:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 20:48:46 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=03c93f3223302f24403cb8477c1c615f7ed9930c9f3bf28a2bbc7b6888eaa115, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:92:c1:92:bf:56:78:ad:40:67:79:c5:a0:7c:
                    44:30:b9:99:6b:86:0f:16:c2:2a:e2:3b:c3:73:b0:
                    33:0b:64:ff:48:06:78:5a:8d:80:f2:5e:ad:55:e4:
                    58:0c:c4:e5:67:bf:e4:00:da:9e:35:88:fe:4a:e0:
                    9e:91:0b:69:8d:75:06:f9:2d:cc:a9:be:72:87:d5:
                    57:a5:47:e9:e5:88:e8:05:f5:bf:8b:2e:33:31:62:
                    7a:2d:0e:07:48:3f:70:55:8c:60:c5:5b:6b:2d:aa:
                    d9:51:b9:4c:51:49:62:dc:a4:4d:90:ae:33:ba:a8:
                    30:92:aa:39:3f:ce:e5:26:b2:4d:bf:8c:0c:7b:e2:
                    2b:cc:5a:36:c3:f2:ae:75:ec:08:da:b4:4e:67:00:
                    fd:93:5e:04:b4:17:24:aa:65:66:6f:92:3f:3e:fa:
                    31:35:40:2a:a1:69:e4:cc:3c:19:fb:11:2b:ef:64:
                    35:80:3c:8f:70:3d:83:f5:2b:e8:d9:54:2c:a7:3a:
                    32:02:e2:9f:5c:21:e5:2f:e2:81:db:31:f9:d9:c1:
                    cc:5e:d5:7b:5c:9c:64:5c:94:e3:fa:88:75:1f:65:
                    a4:b3:13:e3:5a:62:a2:41:7f:0c:e5:9e:61:f7:de:
                    9a:f0:44:65:0e:a7:fb:d5:38:3f:0a:91:70:73:ff:
                    8a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D0:10:E6:7B:15:79:5A:06:AC:F3:6F:7A:CA:8C:E7:33:A3:AD:D4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10524bce-f067-4f89-8c21-061714f95a02.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.227.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:44:c8:da:71:3f:47:a9:24:10:d8:0f:53:be:4d:98:ca:66:
         07:af:0c:d1:9d:33:cd:6c:12:8f:b1:23:74:71:55:0d:97:17:
         2c:c2:01:86:b2:01:38:ab:b0:90:50:d8:3e:7c:51:b1:7d:0f:
         d4:e8:11:8f:71:0d:9d:f0:1f:81:63:54:e2:3e:64:48:ca:71:
         c1:64:39:ce:9f:4e:a4:a8:df:bb:66:be:a5:67:b9:a3:23:f8:
         5e:7b:f9:ab:ca:08:39:85:4e:65:af:5f:ed:a9:6c:b3:13:3a:
         ee:8d:d8:db:cd:5d:60:25:16:56:37:93:d0:bc:69:93:1a:a3:
         2f:ab:c7:e7:3c:0d:4f:1c:12:ef:d2:31:02:85:2f:65:eb:70:
         ca:be:63:c3:e3:94:e6:72:cb:5b:76:40:4e:27:7d:a0:ec:02:
         ba:91:47:ec:ed:59:74:89:a0:a1:e6:f1:5c:6b:59:4c:7e:a0:
         1f:53:12:3d:d4:18:ba:45:8b:75:3e:20:50:15:ce:ce:5f:a3:
         b3:79:e6:54:31:7d:82:8c:91:c2:5f:af:a6:12:35:0e:b7:6e:
         63:0d:72:8a:9e:ff:21:5e:5c:91:ec:90:a8:23:fc:a0:84:d6:
         e9:09:eb:05:0d:e1:6c:37:74:60:c3:9c:10:8b:08:e7:c4:02:
         ae:1f:ee:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc8eSb7KTVo6NCqFrH1+Y0csOxMswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjA0ODQ2WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwM2M5M2YzMjIzMzAyZjI0NDAzY2I4NDc3YzFjNjE1Zjdl
ZDk5MzBjOWYzYmYyOGEyYmJjN2I2ODg4ZWFhMTE1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3ksGSv1Z4rUBnecWgfEQwuZlrhg8WwiriO8NzsDMLZP9I
BnhajYDyXq1V5FgMxOVnv+QA2p41iP5K4J6RC2mNdQb5LcypvnKH1VelR+nliOgF
9b+LLjMxYnotDgdIP3BVjGDFW2stqtlRuUxRSWLcpE2QrjO6qDCSqjk/zuUmsk2/
jAx74ivMWjbD8q517AjatE5nAP2TXgS0FySqZWZvkj8++jE1QCqhaeTMPBn7ESvv
ZDWAPI9wPYP1K+jZVCynOjIC4p9cIeUv4oHbMfnZwcxe1XtcnGRclOP6iHUfZaSz
E+NaYqJBfwzlnmH33prwRGUOp/vVOD8KkXBz/4rxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUO9AQ5nsVeVoGrPNvesqM5zOjrdQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzEwNTI0YmNlLWYwNjctNGY4OS04YzIxLTA2MTcxNGY5NWEwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIN4yQwDQYJKoZIhvcNAQELBQADggEBAF9EyNpxP0epJBDYD1O+TZjKZgev
DNGdM81sEo+xI3RxVQ2XFyzCAYayATirsJBQ2D58UbF9D9ToEY9xDZ3wH4FjVOI+
ZEjKccFkOc6fTqSo37tmvqVnuaMj+F57+avKCDmFTmWvX+2pbLMTOu6N2NvNXWAl
FlY3k9C8aZMaoy+rx+c8DU8cEu/SMQKFL2XrcMq+Y8PjlOZyy1t2QE4nfaDsArqR
R+ztWXSJoKHm8VxrWUx+oB9TEj3UGLpFi3U+IFAVzs5fo7N55lQxfYKMkcJfr6YS
NQ63bmMNcoqe/yFeXJHskKgj/KCE1ukJ6wUN4Ww3dGDDnBCLCOfEAq4f7hQ=
-----END CERTIFICATE-----