Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/145e4472-905d-4302-95fb-16fc6daf3523.roa
File:                     145e4472-905d-4302-95fb-16fc6daf3523.roa (raw, json)
Hash identifier:          fNLgE8E7c+C5bd0iNnb0eFHDneaTMb4LsLLO9Uu6+MM=
Subject key identifier:   2E:FD:32:E6:18:81:B6:B8:B3:2D:B2:8E:5B:63:4A:AD:78:C2:8B:79
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2580194790FC55CECF5D3A03A41473BFB482A1F6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/145e4472-905d-4302-95fb-16fc6daf3523.roa
Signing time:             Wed 24 Sep 2025 18:56:09 +0000
ROA not before:           Wed 24 Sep 2025 18:56:09 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:80:19:47:90:fc:55:ce:cf:5d:3a:03:a4:14:73:bf:b4:82:a1:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 18:56:09 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=f394474cd601f5aeb2041a94276336b7b09888fbdf1e0255a9a12898bf916091, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:96:da:c3:b2:9b:87:62:8a:e0:4a:b9:64:55:
                    88:50:0d:18:f8:e5:7d:2f:66:90:cc:82:a4:f8:0f:
                    be:0b:9a:7a:98:50:4f:3d:4e:0a:6e:e6:c6:93:54:
                    b1:c9:bf:83:fa:76:fd:fb:3c:a3:bf:16:18:fc:78:
                    43:80:30:8d:b9:e0:aa:16:67:83:38:10:01:8a:69:
                    98:a8:ab:6f:bf:71:3c:3a:fa:8d:36:32:7a:f7:d2:
                    d1:f6:c9:82:df:b4:ca:a8:26:7b:bf:be:66:ad:53:
                    32:95:17:05:14:47:0a:d7:ac:40:23:f1:e0:4c:f6:
                    9d:48:97:ad:dd:33:6d:22:9e:15:bc:06:5b:8d:6b:
                    c6:1c:97:36:0b:8c:87:ff:28:40:a9:71:79:11:97:
                    e4:7c:5c:7d:eb:80:7b:ce:59:0c:21:93:a7:84:a4:
                    ba:b0:33:e0:9f:1b:1b:50:4b:90:24:8d:2b:61:26:
                    19:f5:25:aa:cb:62:f5:ea:7d:c4:0f:bf:39:79:6b:
                    41:f0:1f:0f:84:f5:71:c7:e9:e4:07:86:2b:1a:9d:
                    64:de:00:b0:87:5e:b9:45:3f:3d:12:1f:d8:40:bd:
                    34:cc:84:fd:9d:b8:22:a2:6b:bb:84:74:48:c3:44:
                    60:40:e2:22:fa:3c:a8:97:56:35:bb:44:06:f1:7a:
                    e6:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:FD:32:E6:18:81:B6:B8:B3:2D:B2:8E:5B:63:4A:AD:78:C2:8B:79
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/145e4472-905d-4302-95fb-16fc6daf3523.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         09:7e:fe:97:58:48:6a:43:d6:f2:a0:bd:19:f9:59:50:2e:dd:
         d7:7a:b9:72:81:e1:77:76:91:17:d2:f2:13:e8:54:b2:b9:54:
         46:43:f8:9f:13:9f:59:13:ca:93:fe:0a:c8:f2:cf:65:27:14:
         16:12:28:c8:c3:0b:ba:54:25:26:a7:6a:93:76:71:af:10:5a:
         16:12:41:e4:f9:38:40:0f:f8:9d:cf:b7:4f:7f:a4:d5:a8:21:
         05:11:c2:d1:ac:97:4a:77:40:f7:ae:ef:58:ca:2d:cb:5a:d6:
         d7:8d:6d:0b:91:84:29:17:91:50:95:19:7c:82:97:0a:2e:4b:
         bc:a9:36:fc:a6:e2:f6:a3:2c:fc:1f:11:fd:47:18:c9:be:2a:
         cb:11:35:90:22:96:6d:e8:92:9e:c7:08:ed:dd:4b:ec:05:f8:
         90:73:54:2e:0d:9b:8c:94:d3:3f:31:32:8c:ab:8d:c8:e0:a7:
         a8:27:25:c0:5e:e9:88:aa:20:b6:f9:39:8d:ea:98:3a:8b:1b:
         80:ab:bf:09:88:c0:25:a9:00:77:35:13:7f:08:26:73:f8:06:
         7d:60:6d:89:db:05:fd:ae:d1:6c:bd:da:2d:62:71:4e:a7:5b:
         e0:cd:28:9a:9b:fc:5d:38:7a:68:c2:a0:7a:10:89:9c:68:1f:
         5f:78:fb:2d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJYAZR5D8Vc7PXToDpBRzv7SCofYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTg1NjA5WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMzk0NDc0Y2Q2MDFmNWFlYjIwNDFhOTQyNzYzMzZiN2Iw
OTg4OGZiZGYxZTAyNTVhOWExMjg5OGJmOTE2MDkxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQColtrDspuHYorgSrlkVYhQDRj45X0vZpDMgqT4D74LmnqY
UE89Tgpu5saTVLHJv4P6dv37PKO/Fhj8eEOAMI254KoWZ4M4EAGKaZioq2+/cTw6
+o02Mnr30tH2yYLftMqoJnu/vmatUzKVFwUURwrXrEAj8eBM9p1Il63dM20inhW8
BluNa8YclzYLjIf/KECpcXkRl+R8XH3rgHvOWQwhk6eEpLqwM+CfGxtQS5AkjSth
Jhn1JarLYvXqfcQPvzl5a0HwHw+E9XHH6eQHhisanWTeALCHXrlFPz0SH9hAvTTM
hP2duCKia7uEdEjDRGBA4iL6PKiXVjW7RAbxeubJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQULv0y5hiBtrizLbKOW2NKrXjCi3kwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE0NWU0NDcyLTkwNWQtNDMwMi05NWZiLTE2ZmM2ZGFmMzUyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwANIDANBgkqhkiG9w0BAQsFAAOCAQEACX7+l1hIakPW8qC9GflZUC7d13q5
coHhd3aRF9LyE+hUsrlURkP4nxOfWRPKk/4KyPLPZScUFhIoyMMLulQlJqdqk3Zx
rxBaFhJB5Pk4QA/4nc+3T3+k1aghBRHC0ayXSndA967vWMoty1rW141tC5GEKReR
UJUZfIKXCi5LvKk2/Kbi9qMs/B8R/UcYyb4qyxE1kCKWbeiSnscI7d1L7AX4kHNU
Lg2bjJTTPzEyjKuNyOCnqCclwF7piKogtvk5jeqYOosbgKu/CYjAJakAdzUTfwgm
c/gGfWBtidsF/a7RbL3aLWJxTqdb4M0ompv8XTh6aMKgehCJnGgfX3j7LQ==
-----END CERTIFICATE-----