Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1ac52887-03d1-4861-83db-c2e4373eecbe.roa
File:                     1ac52887-03d1-4861-83db-c2e4373eecbe.roa (raw, json)
Hash identifier:          o/Cp4JiLQtbF02SNa6ha4YYEv0+cjoM2ugnW337oJw8=
Subject key identifier:   81:61:1A:5C:C8:03:2C:83:2A:27:2E:ED:E9:E2:35:F4:FA:AE:A1:80
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2A250BCF85EC47FA7B6F0BBDD7BD80A79416343A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1ac52887-03d1-4861-83db-c2e4373eecbe.roa
Signing time:             Wed 24 Sep 2025 18:12:41 +0000
ROA not before:           Wed 24 Sep 2025 18:12:41 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.246.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:25:0b:cf:85:ec:47:fa:7b:6f:0b:bd:d7:bd:80:a7:94:16:34:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 18:12:41 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=ced23331a855438d09b4b09aa94e8411db7fef0f449f8c00a56a7f3b963be443, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c8:5b:c6:fe:92:2f:9c:0c:ac:90:3f:29:b5:
                    3d:7a:56:a9:de:07:97:f4:e7:32:77:e3:2d:87:3f:
                    5f:89:bf:bd:db:8e:2a:02:da:45:f2:cb:11:42:79:
                    ce:c1:6f:3c:c1:5b:d0:09:4a:f9:36:d9:3d:12:23:
                    16:5d:95:67:6e:a2:30:58:c4:30:eb:4d:cd:0c:26:
                    0d:49:cb:80:42:6f:be:9c:06:19:c7:9b:80:de:55:
                    9d:e1:f1:80:19:c1:cf:13:f7:5e:3a:f2:64:75:d9:
                    1f:76:86:bc:05:46:ce:d3:39:b6:76:80:a6:d3:da:
                    31:5d:03:5f:02:b9:c8:1e:1f:88:7a:bb:8e:36:97:
                    27:7b:7e:9a:d0:38:53:a3:d2:3e:d1:73:01:28:95:
                    61:7b:11:7d:2f:51:32:6f:43:2f:8a:7e:87:b8:50:
                    af:ee:b6:87:ff:58:6f:ec:73:5d:c8:fc:66:46:30:
                    7c:37:26:d9:b6:e3:74:9d:7b:73:6f:3f:b0:e7:96:
                    1e:4b:2d:29:d3:f6:0f:b7:90:75:17:07:8c:5d:22:
                    6c:0f:ed:e0:0e:96:33:aa:7b:00:ca:d2:eb:6d:bd:
                    11:23:1c:bb:af:fd:7e:ce:fe:17:66:3c:a9:e4:59:
                    4c:e1:9f:b3:3c:ed:f9:42:3c:5d:75:fa:8b:58:0b:
                    ce:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:61:1A:5C:C8:03:2C:83:2A:27:2E:ED:E9:E2:35:F4:FA:AE:A1:80
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1ac52887-03d1-4861-83db-c2e4373eecbe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:bd:fb:39:ee:bc:5c:2d:60:93:a8:9f:42:96:16:8a:c4:44:
         9f:4e:0b:9c:2f:47:71:07:d7:03:a8:08:73:02:28:11:0c:ea:
         d2:73:19:5c:41:6b:ad:81:30:7c:54:45:1f:36:a6:6e:f8:e4:
         ce:5e:9b:12:7f:30:f0:95:c1:0f:f5:15:9b:ed:d4:8f:14:38:
         d5:ed:8d:15:e0:34:be:cd:d7:a0:d3:27:d1:7c:ea:5e:84:7b:
         01:33:9d:25:4b:67:90:a6:4b:9a:99:8f:57:f1:3d:51:95:8d:
         43:2f:37:16:ae:67:fc:20:6e:2d:a2:03:0b:a8:2d:fa:59:f2:
         39:f3:ef:fd:ee:66:f0:33:33:4f:22:a3:34:4b:b9:e7:52:95:
         b2:84:8d:ef:0a:ba:00:b0:31:df:90:76:0d:bb:5b:e1:58:96:
         c0:6e:fe:a4:e0:97:21:f0:df:74:8e:dc:43:74:21:06:ae:ad:
         55:3b:01:84:fb:72:17:7b:18:8a:f3:ed:c1:af:cc:83:d4:8b:
         c5:77:8b:64:75:10:e6:7d:07:ad:c6:90:57:aa:b6:7a:de:87:
         51:9a:6f:7f:1f:c2:0d:26:89:38:68:0c:25:e1:24:96:70:91:
         06:6c:95:ac:3c:cf:79:e5:fa:e0:9a:5e:10:fc:df:48:b6:a4:
         c8:41:84:93
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKiULz4XsR/p7bwu9172Ap5QWNDowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTgxMjQxWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZWQyMzMzMWE4NTU0MzhkMDliNGIwOWFhOTRlODQxMWRi
N2ZlZjBmNDQ5ZjhjMDBhNTZhN2YzYjk2M2JlNDQzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWyFvG/pIvnAyskD8ptT16VqneB5f05zJ34y2HP1+Jv73b
jioC2kXyyxFCec7BbzzBW9AJSvk22T0SIxZdlWduojBYxDDrTc0MJg1Jy4BCb76c
BhnHm4DeVZ3h8YAZwc8T91468mR12R92hrwFRs7TObZ2gKbT2jFdA18CucgeH4h6
u442lyd7fprQOFOj0j7RcwEolWF7EX0vUTJvQy+Kfoe4UK/utof/WG/sc13I/GZG
MHw3Jtm243Sde3NvP7Dnlh5LLSnT9g+3kHUXB4xdImwP7eAOljOqewDK0uttvREj
HLuv/X7O/hdmPKnkWUzhn7M87flCPF11+otYC86PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgWEaXMgDLIMqJy7t6eI19PquoYAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFhYzUyODg3LTAzZDEtNDg2MS04M2RiLWMyZTQzNzNlZWNiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAENIPYwDQYJKoZIhvcNAQELBQADggEBAHG9+znuvFwtYJOon0KWForERJ9O
C5wvR3EH1wOoCHMCKBEM6tJzGVxBa62BMHxURR82pm745M5emxJ/MPCVwQ/1FZvt
1I8UONXtjRXgNL7N16DTJ9F86l6EewEznSVLZ5CmS5qZj1fxPVGVjUMvNxauZ/wg
bi2iAwuoLfpZ8jnz7/3uZvAzM08iozRLuedSlbKEje8KugCwMd+Qdg27W+FYlsBu
/qTglyHw33SO3EN0IQaurVU7AYT7chd7GIrz7cGvzIPUi8V3i2R1EOZ9B63GkFeq
tnreh1Gab38fwg0miThoDCXhJJZwkQZslaw8z3nl+uCaXhD830i2pMhBhJM=
-----END CERTIFICATE-----