Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1fa7c8ec-a63d-4d88-96a7-066bdf3ad539.roa
File:                     1fa7c8ec-a63d-4d88-96a7-066bdf3ad539.roa (raw, json)
Hash identifier:          Gi+P/35TKfY2Yso4fksdbJp9kz3g0o8YbkyOCV4YyT0=
Subject key identifier:   77:0E:0D:A4:D6:8B:14:65:6F:D9:64:08:12:42:53:56:F7:81:31:0D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3BFBDC268C436A6CFE13C13E9446EC08C0867B97
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1fa7c8ec-a63d-4d88-96a7-066bdf3ad539.roa
Signing time:             Wed 24 Sep 2025 20:46:50 +0000
ROA not before:           Wed 24 Sep 2025 20:46:50 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.227.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:fb:dc:26:8c:43:6a:6c:fe:13:c1:3e:94:46:ec:08:c0:86:7b:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 20:46:50 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=d9083b2ed8afc4b35264490e9c63a52cf05993ed7c4d8dfcfb605fcf356a75e5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:fe:c4:70:5f:bc:10:cf:16:5b:bf:9e:23:81:
                    47:c6:8b:3e:22:31:59:5a:cc:53:6c:86:3a:cf:a2:
                    68:61:42:61:10:d5:b0:bc:79:c7:79:4e:d8:d1:4c:
                    9d:60:13:3c:7a:64:3f:ae:4b:31:5d:de:f1:6e:ac:
                    55:fe:df:ad:b3:5e:ef:24:49:ad:10:65:18:6f:82:
                    73:f3:e7:9c:23:47:78:df:ec:a3:b6:73:48:d0:fe:
                    d1:7a:6a:2d:52:fb:a9:82:28:15:11:43:d0:81:61:
                    c1:6b:bc:65:f5:66:4d:20:56:87:4c:c3:0c:95:8a:
                    db:af:2d:fc:7a:76:31:11:80:b5:d7:ca:16:e7:ed:
                    3e:5b:92:c2:c8:56:f9:ca:f2:7e:c7:57:75:78:b7:
                    70:cd:18:b3:d8:54:f0:87:de:1c:0c:ab:a8:21:75:
                    ed:8a:59:b2:f0:a5:e9:ad:8b:c0:aa:39:52:c5:c9:
                    08:6f:fd:b4:36:8d:1e:ea:b9:a4:64:d5:c1:3e:c4:
                    9a:94:2c:5a:53:44:ef:50:42:d8:fa:94:92:a4:45:
                    e5:82:d4:46:d2:ab:00:d1:4d:6d:11:cd:eb:86:e6:
                    31:2b:af:3d:39:0b:d9:73:df:35:ad:4f:49:b7:14:
                    e7:0f:0f:37:03:f6:8c:45:0b:20:59:12:d8:5b:d2:
                    ae:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:0E:0D:A4:D6:8B:14:65:6F:D9:64:08:12:42:53:56:F7:81:31:0D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1fa7c8ec-a63d-4d88-96a7-066bdf3ad539.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.227.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:94:cf:b3:b2:ce:05:dd:fe:30:95:60:7c:18:53:5b:3c:f9:
         13:16:23:86:f2:eb:16:b1:31:60:7f:23:a4:34:84:a5:a9:e9:
         2a:0b:fd:1e:42:6c:b7:0c:ee:10:a3:91:40:90:55:70:05:c9:
         a1:8f:a2:2a:91:c2:34:e1:4d:0e:c6:79:6e:43:39:a4:0b:32:
         1e:ad:24:87:e7:28:c7:94:38:ac:b4:eb:91:da:b6:e0:33:a9:
         36:5e:7a:be:7d:7e:ed:f6:1e:39:2c:cd:86:47:80:d5:cd:af:
         19:13:ce:1b:60:65:13:ac:1a:4a:9c:7e:41:84:df:c7:fc:a5:
         6e:90:64:72:1e:f7:6b:55:38:b3:c3:28:9f:ab:94:4a:71:41:
         98:1a:92:be:2f:a9:e9:9a:08:a7:29:84:b6:96:7d:f0:67:d1:
         f4:66:a5:40:21:fd:d9:5a:fc:84:33:23:53:81:27:9a:e4:f7:
         cb:37:93:17:d5:3c:1a:cf:ba:d3:c8:6d:09:82:cd:6f:fb:0e:
         5f:35:09:52:df:46:4a:19:f9:de:15:9e:de:bc:10:f5:64:05:
         43:74:42:ea:e2:8e:14:ea:32:ae:bc:3e:b1:b6:e0:96:04:9f:
         ed:4e:85:fc:36:ec:e9:1e:cf:b6:ba:77:29:07:05:93:28:2a:
         df:bb:fd:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO/vcJoxDamz+E8E+lEbsCMCGe5cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjA0NjUwWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkOTA4M2IyZWQ4YWZjNGIzNTI2NDQ5MGU5YzYzYTUyY2Yw
NTk5M2VkN2M0ZDhkZmNmYjYwNWZjZjM1NmE3NWU1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCc/sRwX7wQzxZbv54jgUfGiz4iMVlazFNshjrPomhhQmEQ
1bC8ecd5TtjRTJ1gEzx6ZD+uSzFd3vFurFX+362zXu8kSa0QZRhvgnPz55wjR3jf
7KO2c0jQ/tF6ai1S+6mCKBURQ9CBYcFrvGX1Zk0gVodMwwyVituvLfx6djERgLXX
yhbn7T5bksLIVvnK8n7HV3V4t3DNGLPYVPCH3hwMq6ghde2KWbLwpemti8CqOVLF
yQhv/bQ2jR7quaRk1cE+xJqULFpTRO9QQtj6lJKkReWC1EbSqwDRTW0RzeuG5jEr
rz05C9lz3zWtT0m3FOcPDzcD9oxFCyBZEthb0q7LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdw4NpNaLFGVv2WQIEkJTVveBMQ0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFmYTdjOGVjLWE2M2QtNGQ4OC05NmE3LTA2NmJkZjNhZDUzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIN48QwDQYJKoZIhvcNAQELBQADggEBAIGUz7OyzgXd/jCVYHwYU1s8+RMW
I4by6xaxMWB/I6Q0hKWp6SoL/R5CbLcM7hCjkUCQVXAFyaGPoiqRwjThTQ7GeW5D
OaQLMh6tJIfnKMeUOKy065HatuAzqTZeer59fu32HjkszYZHgNXNrxkTzhtgZROs
GkqcfkGE38f8pW6QZHIe92tVOLPDKJ+rlEpxQZgakr4vqemaCKcphLaWffBn0fRm
pUAh/dla/IQzI1OBJ5rk98s3kxfVPBrPutPIbQmCzW/7Dl81CVLfRkoZ+d4Vnt68
EPVkBUN0QurijhTqMq68PrG24JYEn+1Ohfw27Okez7a6dykHBZMoKt+7/W4=
-----END CERTIFICATE-----