Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29b1a67e-6c27-49d6-98f3-82e4a234f06d.roa
File:                     29b1a67e-6c27-49d6-98f3-82e4a234f06d.roa (raw, json)
Hash identifier:          L2U986Qv1ejtih3Vk9qqUKiYLXzT+998AuVjdCg1V4c=
Subject key identifier:   D9:72:82:15:2C:ED:69:1F:0C:B0:BF:CB:CD:7C:D6:0E:D8:50:1F:13
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2B565149D64BCC133DFB100108B327021EAE1EA2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29b1a67e-6c27-49d6-98f3-82e4a234f06d.roa
Signing time:             Wed 24 Sep 2025 19:58:11 +0000
ROA not before:           Wed 24 Sep 2025 19:58:11 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.227.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:56:51:49:d6:4b:cc:13:3d:fb:10:01:08:b3:27:02:1e:ae:1e:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 19:58:11 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=386ac53e6034970040e9bf2771e6314633345a06651d81088cc6358aa15fcd59, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:5d:d5:3e:8a:12:e0:6d:c3:5d:f5:ff:4f:0b:
                    15:f2:f3:ae:b1:a4:e3:fc:4e:bc:f6:c4:19:cc:07:
                    52:c9:bc:1c:97:22:ca:71:7d:e8:a1:db:d1:1e:9e:
                    ab:57:c3:25:e5:73:e0:c4:a3:1e:ac:43:34:39:63:
                    ce:9a:70:bd:ca:91:6e:ca:aa:54:32:e2:fc:d3:b1:
                    94:52:87:b6:8c:82:3b:2a:5f:fc:e5:1c:aa:19:60:
                    57:6e:ab:52:e3:1f:e1:92:d2:31:8b:61:28:73:08:
                    a1:2e:57:99:6f:3a:18:8d:20:07:b4:1e:f0:64:97:
                    a3:49:05:95:c0:e2:07:aa:bb:0a:a5:99:ff:db:ac:
                    ed:2f:77:49:a9:d3:92:f4:21:f7:88:21:a5:96:93:
                    64:04:01:a4:79:d2:d3:93:0b:80:ba:2a:47:2f:2d:
                    7b:d4:ce:12:66:6d:79:90:f8:2b:28:ea:4b:3f:32:
                    09:d8:12:dd:68:6e:ef:53:05:9c:09:14:4c:3b:be:
                    51:cc:0b:47:0f:e5:ee:a5:ed:f0:dd:99:54:b1:66:
                    3f:5b:97:29:e4:16:17:ed:d1:cf:d4:fe:9c:16:e0:
                    ab:f1:39:4e:e1:1d:a3:92:d4:6d:71:73:cf:1e:d2:
                    66:43:77:f2:fb:26:72:b2:8e:41:45:1c:a4:98:e0:
                    fa:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:72:82:15:2C:ED:69:1F:0C:B0:BF:CB:CD:7C:D6:0E:D8:50:1F:13
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29b1a67e-6c27-49d6-98f3-82e4a234f06d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.227.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:45:a6:f8:65:80:ec:e5:a9:54:23:c8:d6:4c:6b:44:f2:8b:
         89:e3:c9:5d:32:47:fe:6a:3b:58:e9:71:e5:88:d4:ba:3b:b2:
         fb:b5:c5:e2:cd:af:44:b8:a3:f9:fb:15:36:cc:c3:68:02:0c:
         61:80:a9:b6:b9:ff:01:9d:be:47:8b:29:79:c5:11:fb:f6:4f:
         1f:4e:c2:eb:0f:94:39:75:1b:a0:1b:2f:3f:79:22:23:15:84:
         15:02:db:b3:8c:34:63:34:b6:42:4a:96:ba:ae:28:1a:19:84:
         ef:74:5b:39:2b:41:21:86:f7:04:1c:85:68:8a:b4:37:95:60:
         a9:f0:29:4d:06:8c:3e:f3:79:4d:4d:e5:99:05:67:58:21:6a:
         7d:a4:cd:c5:80:2b:ac:98:2f:59:97:06:b2:03:3e:c0:20:40:
         3f:9a:8e:33:b0:51:23:03:31:7e:12:40:3a:7e:c1:0a:49:3f:
         46:a3:e4:22:63:ea:59:5f:2c:ba:a5:3f:f2:9d:c6:5a:62:be:
         0b:59:2b:75:4e:db:f1:34:bb:6a:5c:b2:94:82:ec:21:e1:ab:
         24:25:93:de:fb:d4:17:7e:54:9f:1b:64:4d:90:ba:09:43:41:
         a1:1a:68:c3:52:be:77:d1:0b:87:eb:2e:46:4c:2f:9b:eb:ee:
         52:20:f4:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK1ZRSdZLzBM9+xABCLMnAh6uHqIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTk1ODExWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzODZhYzUzZTYwMzQ5NzAwNDBlOWJmMjc3MWU2MzE0NjMz
MzQ1YTA2NjUxZDgxMDg4Y2M2MzU4YWExNWZjZDU5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYXdU+ihLgbcNd9f9PCxXy866xpOP8Trz2xBnMB1LJvByX
Ispxfeih29EenqtXwyXlc+DEox6sQzQ5Y86acL3KkW7KqlQy4vzTsZRSh7aMgjsq
X/zlHKoZYFduq1LjH+GS0jGLYShzCKEuV5lvOhiNIAe0HvBkl6NJBZXA4gequwql
mf/brO0vd0mp05L0IfeIIaWWk2QEAaR50tOTC4C6KkcvLXvUzhJmbXmQ+Cso6ks/
MgnYEt1obu9TBZwJFEw7vlHMC0cP5e6l7fDdmVSxZj9blynkFhft0c/U/pwW4Kvx
OU7hHaOS1G1xc88e0mZDd/L7JnKyjkFFHKSY4Pr7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2XKCFSztaR8MsL/LzXzWDthQHxMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI5YjFhNjdlLTZjMjctNDlkNi05OGYzLTgyZTRhMjM0ZjA2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN4z8wDQYJKoZIhvcNAQELBQADggEBAIBFpvhlgOzlqVQjyNZMa0Tyi4nj
yV0yR/5qO1jpceWI1Lo7svu1xeLNr0S4o/n7FTbMw2gCDGGAqba5/wGdvkeLKXnF
Efv2Tx9OwusPlDl1G6AbLz95IiMVhBUC27OMNGM0tkJKlrquKBoZhO90WzkrQSGG
9wQchWiKtDeVYKnwKU0GjD7zeU1N5ZkFZ1ghan2kzcWAK6yYL1mXBrIDPsAgQD+a
jjOwUSMDMX4SQDp+wQpJP0aj5CJj6llfLLqlP/KdxlpivgtZK3VO2/E0u2pcspSC
7CHhqyQlk9771Bd+VJ8bZE2QuglDQaEaaMNSvnfRC4frLkZML5vr7lIg9P8=
-----END CERTIFICATE-----