Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2221fc5b-76eb-4a01-83b2-3beb27d6fac3.roa
File:                     2221fc5b-76eb-4a01-83b2-3beb27d6fac3.roa (raw, json)
Hash identifier:          z43080fkB/8ZZm4mQQKjzK3dw3b9Hg3UMmReV5EUwqA=
Subject key identifier:   A2:CE:FE:81:F1:9F:72:6F:73:5C:F8:55:F9:56:24:E5:EF:3D:A7:F5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2FEB527596BA64D3CEFD6C175C5B25B501D01784
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2221fc5b-76eb-4a01-83b2-3beb27d6fac3.roa
Signing time:             Wed 24 Sep 2025 17:30:40 +0000
ROA not before:           Wed 24 Sep 2025 17:30:40 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.25.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:eb:52:75:96:ba:64:d3:ce:fd:6c:17:5c:5b:25:b5:01:d0:17:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 17:30:40 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=5d3f371495fcf737885c7b5c3be878429747dde897d62518f1f8c49c119afc5e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:bd:a9:53:c3:bf:cb:00:3e:6a:bb:0c:6a:1b:
                    89:a7:b2:f4:45:7f:48:c5:e0:5e:2d:9b:dd:07:76:
                    fc:30:33:40:07:a2:53:86:63:88:f1:eb:70:37:23:
                    ff:26:fe:c1:9d:a8:60:df:26:5d:12:38:c5:86:00:
                    89:18:b3:f9:2d:94:28:7e:a7:a5:0a:bf:51:4d:b7:
                    60:c7:a1:05:1a:3a:c0:16:07:b2:fc:ed:6d:0f:3e:
                    8e:e8:99:86:8d:b1:02:67:17:24:e0:97:54:b0:f8:
                    e2:ec:4b:7e:99:1a:52:9f:0d:8e:35:7d:a6:5f:9a:
                    0c:3f:6f:e7:c4:47:f6:53:70:9a:33:04:08:85:83:
                    b8:56:da:55:37:7e:b7:7d:9d:99:49:f8:44:38:3d:
                    9e:47:07:65:df:90:02:6e:0f:fe:82:cc:97:2d:64:
                    90:14:a4:ea:56:82:57:c7:8d:04:8e:0d:ae:04:15:
                    81:25:55:70:4f:e1:33:ba:c2:af:78:cf:62:8d:04:
                    7c:a2:59:64:2d:e8:42:f8:1f:f0:8f:6e:01:19:a6:
                    1a:7a:eb:fa:68:91:48:cd:82:8c:c1:36:e8:e4:ef:
                    2b:d2:35:7f:8f:87:f9:1f:2d:24:f0:0c:0c:38:b2:
                    c5:52:c4:08:1d:8d:cf:e8:c9:10:c9:28:e5:e1:fd:
                    19:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:CE:FE:81:F1:9F:72:6F:73:5C:F8:55:F9:56:24:E5:EF:3D:A7:F5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2221fc5b-76eb-4a01-83b2-3beb27d6fac3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:5f:61:c0:f6:1f:da:02:e5:99:fa:8c:af:29:15:72:40:6a:
         86:68:5e:52:52:ad:3b:4a:82:0f:5a:d2:6a:5e:7d:9a:47:d1:
         51:45:fc:d2:2f:cf:74:36:05:7f:ba:3d:0a:3e:e7:0a:cb:f9:
         a4:7b:c6:6e:64:98:40:b2:14:ed:39:b4:cb:a0:9f:51:62:af:
         45:9e:34:04:7b:39:c3:db:3c:04:fe:b5:1e:27:9f:ff:bc:fe:
         22:57:b2:dd:93:b4:9f:00:b6:4f:40:66:90:c7:a0:e5:bf:7e:
         6f:16:55:41:23:17:16:cb:f5:db:29:f4:d4:4f:03:65:71:b2:
         9b:3e:e0:14:1b:d7:1c:55:34:e2:5c:6f:7d:ee:be:0a:21:3f:
         90:20:56:97:9b:73:e9:e9:e0:a7:15:04:2b:3e:46:9c:0f:38:
         8d:27:3e:47:de:c3:04:52:69:8e:5c:2f:14:39:b4:77:11:26:
         78:18:cf:cf:23:e6:fd:bf:97:0e:fe:03:ee:c0:56:2c:7b:31:
         14:9f:02:1b:49:1e:c8:2a:f9:85:aa:4e:5e:f9:e6:dd:56:a8:
         21:4c:24:0e:dd:a2:74:a1:ce:89:bd:61:f8:ed:77:25:34:a2:
         62:d1:d3:94:87:12:5a:b8:42:bb:e7:23:a5:d6:10:e9:c8:73:
         04:b2:7f:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL+tSdZa6ZNPO/WwXXFsltQHQF4QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTczMDQwWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZDNmMzcxNDk1ZmNmNzM3ODg1YzdiNWMzYmU4Nzg0Mjk3
NDdkZGU4OTdkNjI1MThmMWY4YzQ5YzExOWFmYzVlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYvalTw7/LAD5quwxqG4mnsvRFf0jF4F4tm90HdvwwM0AH
olOGY4jx63A3I/8m/sGdqGDfJl0SOMWGAIkYs/ktlCh+p6UKv1FNt2DHoQUaOsAW
B7L87W0PPo7omYaNsQJnFyTgl1Sw+OLsS36ZGlKfDY41faZfmgw/b+fER/ZTcJoz
BAiFg7hW2lU3frd9nZlJ+EQ4PZ5HB2XfkAJuD/6CzJctZJAUpOpWglfHjQSODa4E
FYElVXBP4TO6wq94z2KNBHyiWWQt6EL4H/CPbgEZphp66/pokUjNgozBNujk7yvS
NX+Ph/kfLSTwDAw4ssVSxAgdjc/oyRDJKOXh/RlBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUos7+gfGfcm9zXPhV+VYk5e89p/UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzIyMjFmYzViLTc2ZWItNGEwMS04M2IyLTNiZWIyN2Q2ZmFjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANIBkwDQYJKoZIhvcNAQELBQADggEBAJtfYcD2H9oC5Zn6jK8pFXJAaoZo
XlJSrTtKgg9a0mpefZpH0VFF/NIvz3Q2BX+6PQo+5wrL+aR7xm5kmECyFO05tMug
n1Fir0WeNAR7OcPbPAT+tR4nn/+8/iJXst2TtJ8Atk9AZpDHoOW/fm8WVUEjFxbL
9dsp9NRPA2Vxsps+4BQb1xxVNOJcb33uvgohP5AgVpebc+np4KcVBCs+RpwPOI0n
PkfewwRSaY5cLxQ5tHcRJngYz88j5v2/lw7+A+7AVix7MRSfAhtJHsgq+YWqTl75
5t1WqCFMJA7donShzom9YfjtdyU0omLR05SHElq4QrvnI6XWEOnIcwSyf8M=
-----END CERTIFICATE-----