Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/35d28483-2f14-4f29-95ca-198305c8068d.roa
File:                     35d28483-2f14-4f29-95ca-198305c8068d.roa (raw, json)
Hash identifier:          feffCZ5H7BkaiuJtSer+fZt1Dlgen4LUezQx5DZ4RJo=
Subject key identifier:   62:87:E1:12:52:B8:15:5B:22:4C:C4:CE:B3:C1:92:2B:08:91:ED:EF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7BDD67D78CA3AB755C18F0C738498AF3AEFF490C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/35d28483-2f14-4f29-95ca-198305c8068d.roa
Signing time:             Wed 24 Sep 2025 18:08:28 +0000
ROA not before:           Wed 24 Sep 2025 18:08:28 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.35.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:dd:67:d7:8c:a3:ab:75:5c:18:f0:c7:38:49:8a:f3:ae:ff:49:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 18:08:28 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=ae72ef1fd4c5b28b97bc25a6b2dcd4f0637b85f5e8171f7e77f08b3ea9eb6a9a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3c:e9:43:46:ad:75:61:e6:8d:37:bb:dc:06:
                    f1:0e:5a:0c:31:61:9b:8b:71:85:f0:6f:29:24:ea:
                    43:a9:1d:56:59:8c:4b:bb:69:6d:c0:f4:df:a9:b8:
                    e4:62:64:5d:e5:69:1c:b2:c8:f4:47:18:9e:18:c0:
                    cf:a1:9b:96:d3:b3:58:b4:28:ef:54:e8:ac:f5:5c:
                    ba:f4:77:23:ee:1e:78:ea:7d:f2:86:2a:e9:61:57:
                    ca:9a:23:f1:30:6f:ca:b4:41:f5:d3:50:3c:ac:53:
                    fa:e5:3e:de:28:60:25:9e:39:36:20:d6:f7:74:4a:
                    e5:70:15:3d:3a:fa:61:1c:8f:c7:0f:e0:43:86:c2:
                    aa:ef:36:2a:79:98:bb:35:b1:92:ea:ba:b6:b9:71:
                    20:e3:3f:60:a6:90:ce:20:f5:63:4d:f3:d4:09:1d:
                    c0:1a:24:8f:b8:8d:a5:8c:9d:da:e1:d1:69:44:be:
                    a7:c8:25:76:3c:2d:db:50:4a:04:6c:b2:93:cb:8a:
                    0b:fd:14:11:66:27:ff:ea:e4:73:1f:24:13:48:4e:
                    86:34:f6:69:3d:d8:7b:84:3b:1d:3d:dc:cc:f4:0e:
                    fd:c6:81:26:4b:b4:6c:cc:39:74:82:53:d4:44:3f:
                    da:79:17:eb:8b:b4:39:18:f9:0a:56:b7:19:a6:12:
                    c0:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:87:E1:12:52:B8:15:5B:22:4C:C4:CE:B3:C1:92:2B:08:91:ED:EF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/35d28483-2f14-4f29-95ca-198305c8068d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.35.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:82:7b:6c:7a:0d:5e:a7:92:10:f6:f3:2e:2e:2a:3b:d3:c3:
         e1:e8:7c:22:7d:97:b8:ec:f4:e1:bf:c0:5b:0e:7d:0a:79:92:
         e9:03:06:b0:66:d5:98:f3:78:6f:93:10:c5:f5:9d:20:14:b4:
         e0:ba:c4:95:01:b7:f6:3d:ef:1e:ab:e5:9b:a5:bf:e6:a6:ee:
         a9:9c:85:77:61:af:7b:01:b2:a3:f2:34:8e:04:e5:39:3a:19:
         c3:e4:fd:ce:69:48:21:94:99:18:d5:13:6a:f8:2f:8c:18:5e:
         fd:a3:fe:f9:66:ff:cf:bf:6f:0d:ec:8c:d9:57:82:4e:34:3c:
         07:ce:94:f0:e7:49:ed:8f:0a:1f:56:7a:94:2a:f2:1d:6f:aa:
         c2:e8:ca:5e:15:2c:e2:72:4a:1e:8e:2e:5c:2c:b9:bc:f4:0e:
         36:fb:90:12:81:2c:0b:65:6c:a3:48:ae:9f:1d:82:0e:3a:73:
         a6:22:ae:71:79:ed:ce:c9:75:7f:27:46:ce:30:54:4b:a0:fe:
         69:f5:55:eb:61:36:2e:bc:97:c8:66:1a:f3:fc:04:00:fa:d2:
         e6:ab:29:a1:72:96:fd:5a:b6:bf:13:63:b5:ba:ea:b9:0b:52:
         d9:9e:c3:3e:7f:49:83:03:ff:18:cc:6f:46:75:09:43:4b:d9:
         9e:65:50:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe91n14yjq3VcGPDHOEmK867/SQwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTgwODI4WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZTcyZWYxZmQ0YzViMjhiOTdiYzI1YTZiMmRjZDRmMDYz
N2I4NWY1ZTgxNzFmN2U3N2YwOGIzZWE5ZWI2YTlhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6POlDRq11YeaNN7vcBvEOWgwxYZuLcYXwbykk6kOpHVZZ
jEu7aW3A9N+puORiZF3laRyyyPRHGJ4YwM+hm5bTs1i0KO9U6Kz1XLr0dyPuHnjq
ffKGKulhV8qaI/Ewb8q0QfXTUDysU/rlPt4oYCWeOTYg1vd0SuVwFT06+mEcj8cP
4EOGwqrvNip5mLs1sZLqura5cSDjP2CmkM4g9WNN89QJHcAaJI+4jaWMndrh0WlE
vqfIJXY8LdtQSgRsspPLigv9FBFmJ//q5HMfJBNIToY09mk92HuEOx093Mz0Dv3G
gSZLtGzMOXSCU9REP9p5F+uLtDkY+QpWtxmmEsBbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYofhElK4FVsiTMTOs8GSKwiR7e8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM1ZDI4NDgzLTJmMTQtNGYyOS05NWNhLTE5ODMwNWM4MDY4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANI2AwDQYJKoZIhvcNAQELBQADggEBAB2Ce2x6DV6nkhD28y4uKjvTw+Ho
fCJ9l7js9OG/wFsOfQp5kukDBrBm1ZjzeG+TEMX1nSAUtOC6xJUBt/Y97x6r5Zul
v+am7qmchXdhr3sBsqPyNI4E5Tk6GcPk/c5pSCGUmRjVE2r4L4wYXv2j/vlm/8+/
bw3sjNlXgk40PAfOlPDnSe2PCh9WepQq8h1vqsLoyl4VLOJySh6OLlwsubz0Djb7
kBKBLAtlbKNIrp8dgg46c6YirnF57c7JdX8nRs4wVEug/mn1VethNi68l8hmGvP8
BAD60uarKaFylv1atr8TY7W66rkLUtmewz5/SYMD/xjMb0Z1CUNL2Z5lUEg=
-----END CERTIFICATE-----