Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10d24355-0b61-434b-b063-94f8c266cb0f.roa
File:                     10d24355-0b61-434b-b063-94f8c266cb0f.roa (raw, json)
Hash identifier:          hmR1igqe5w6BaPxrE429Vkz31pT+N3avJKLL4R23G4Y=
Subject key identifier:   D6:55:76:3C:5F:4B:73:24:B7:84:8B:49:27:96:20:07:BE:7A:87:95
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28E34BA269FA30236D5A000633F164F9D7C46314
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10d24355-0b61-434b-b063-94f8c266cb0f.roa
Signing time:             Wed 24 Sep 2025 20:44:48 +0000
ROA not before:           Wed 24 Sep 2025 20:44:48 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.226.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:e3:4b:a2:69:fa:30:23:6d:5a:00:06:33:f1:64:f9:d7:c4:63:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 20:44:48 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=6e1ceab6df2a33783c375e22d1a2e9bdcaa5992279c93a031dc970beeae150e1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:97:26:dd:d9:43:4a:46:ff:de:fa:6a:6a:9d:
                    d5:c8:ca:a3:ee:70:e3:53:20:9c:7f:9e:6c:8c:08:
                    5e:ce:09:5d:29:0e:48:85:50:73:95:98:bc:8a:d1:
                    3d:4c:47:52:77:2c:c3:1f:f9:35:fe:d8:d7:c1:ba:
                    62:57:a2:a4:06:20:45:b2:34:10:4a:16:21:d9:a3:
                    de:33:48:5a:b7:82:78:68:aa:d1:b8:12:69:36:7b:
                    ca:38:73:1f:b2:17:28:24:84:80:ad:38:a2:8e:0a:
                    4f:88:10:a7:a2:57:e8:14:ab:d6:eb:1b:4b:02:eb:
                    c7:10:29:64:e8:c3:11:79:f2:08:40:64:7e:eb:0b:
                    0a:32:3b:9c:f3:9b:b5:0e:4e:b5:43:42:a6:2e:4b:
                    1a:0e:bb:f7:1e:8c:4f:1a:0c:a8:17:1b:31:9c:d4:
                    5f:f2:37:ad:ea:49:b1:52:97:13:5c:a2:9d:9c:3f:
                    d1:c2:53:f9:1d:41:09:98:f1:23:54:fd:da:91:7e:
                    53:bd:6d:73:50:0c:b5:ee:ff:d0:6b:47:c6:6f:87:
                    9b:52:7b:4c:7b:c5:b3:2e:79:b7:30:0d:0d:f4:5b:
                    05:2d:2b:b5:c6:5a:15:a2:ae:8c:35:82:79:14:e7:
                    0d:ac:e1:1d:cc:f6:6a:4f:34:af:57:fd:09:12:57:
                    77:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:55:76:3C:5F:4B:73:24:B7:84:8B:49:27:96:20:07:BE:7A:87:95
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10d24355-0b61-434b-b063-94f8c266cb0f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.226.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:c6:64:79:26:a8:58:08:25:36:52:95:ac:eb:7d:85:42:c6:
         b7:97:59:fb:82:92:f9:01:a8:e3:16:aa:f5:27:54:4f:44:b6:
         80:76:6e:8e:86:54:bf:30:2a:93:01:05:27:91:d0:ee:cb:97:
         e6:cf:fc:27:ee:5b:6e:2a:2d:d9:e6:ce:a0:76:02:75:9f:78:
         d8:58:03:f6:e2:7f:f9:57:e4:5a:23:d8:3a:cc:dc:2c:84:b4:
         78:99:e0:31:5c:31:08:40:68:2f:78:ca:eb:0e:56:2b:28:9a:
         bf:26:04:4c:9e:dc:07:69:ac:91:fc:32:1c:4f:9d:1c:d4:9e:
         77:23:15:1e:6d:af:ef:97:c4:db:2a:9c:2f:e4:7c:b4:45:43:
         0c:75:2f:91:ed:03:ca:cc:8e:31:3f:64:ab:9f:65:9f:79:62:
         21:23:a7:cb:e4:4d:48:12:17:ac:e8:94:5b:43:a4:61:59:08:
         6a:52:02:4b:d9:a5:e2:f9:8c:7a:f2:f0:12:b4:df:88:dd:0d:
         b0:70:1e:45:70:20:6d:0c:f3:0a:2e:db:4b:95:87:58:0a:91:
         3e:10:ed:74:36:2b:75:d0:25:ca:77:cc:9b:12:42:b4:57:33:
         06:c1:06:29:c7:3d:a6:89:9c:a0:f4:70:de:b8:17:25:90:af:
         8b:cb:c1:e4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKONLomn6MCNtWgAGM/Fk+dfEYxQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjA0NDQ4WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZTFjZWFiNmRmMmEzMzc4M2MzNzVlMjJkMWEyZTliZGNh
YTU5OTIyNzljOTNhMDMxZGM5NzBiZWVhZTE1MGUxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9lybd2UNKRv/e+mpqndXIyqPucONTIJx/nmyMCF7OCV0p
DkiFUHOVmLyK0T1MR1J3LMMf+TX+2NfBumJXoqQGIEWyNBBKFiHZo94zSFq3gnho
qtG4Emk2e8o4cx+yFygkhICtOKKOCk+IEKeiV+gUq9brG0sC68cQKWTowxF58ghA
ZH7rCwoyO5zzm7UOTrVDQqYuSxoOu/cejE8aDKgXGzGc1F/yN63qSbFSlxNcop2c
P9HCU/kdQQmY8SNU/dqRflO9bXNQDLXu/9BrR8Zvh5tSe0x7xbMuebcwDQ30WwUt
K7XGWhWirow1gnkU5w2s4R3M9mpPNK9X/QkSV3ffAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1lV2PF9LcyS3hItJJ5YgB756h5UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzEwZDI0MzU1LTBiNjEtNDM0Yi1iMDYzLTk0ZjhjMjY2Y2IwZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIN4igwDQYJKoZIhvcNAQELBQADggEBAIvGZHkmqFgIJTZSlazrfYVCxreX
WfuCkvkBqOMWqvUnVE9EtoB2bo6GVL8wKpMBBSeR0O7Ll+bP/CfuW24qLdnmzqB2
AnWfeNhYA/bif/lX5Foj2DrM3CyEtHiZ4DFcMQhAaC94yusOVisomr8mBEye3Adp
rJH8MhxPnRzUnncjFR5tr++XxNsqnC/kfLRFQwx1L5HtA8rMjjE/ZKufZZ95YiEj
p8vkTUgSF6zolFtDpGFZCGpSAkvZpeL5jHry8BK034jdDbBwHkVwIG0M8wou20uV
h1gKkT4Q7XQ2K3XQJcp3zJsSQrRXMwbBBinHPaaJnKD0cN64FyWQr4vLweQ=
-----END CERTIFICATE-----