Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3a9c0a75-ca83-48b4-8a52-064ac3484cac.roa
File:                     3a9c0a75-ca83-48b4-8a52-064ac3484cac.roa (raw, json)
Hash identifier:          YJ5/xmLJbgOq+Qkf3lYZQsR++O5pQ/Yp1/DWEVaY0Wc=
Subject key identifier:   64:34:15:63:91:24:81:55:A9:04:EE:AE:1A:D5:E7:C3:70:41:C6:2F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       364FE837B0C5D03B479E7242D03829EEC934E169
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3a9c0a75-ca83-48b4-8a52-064ac3484cac.roa
Signing time:             Mon 22 Sep 2025 16:51:46 +0000
ROA not before:           Mon 22 Sep 2025 16:51:46 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.249.110.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:4f:e8:37:b0:c5:d0:3b:47:9e:72:42:d0:38:29:ee:c9:34:e1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 16:51:46 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=2980e322c6bec60af9de14d35fe058a396030b7320334d2e0d284b89f3e2e068, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:41:94:e3:9e:5f:23:c6:7f:bb:e5:2c:fb:df:
                    06:f0:da:92:25:3b:97:da:19:2e:94:01:71:15:7f:
                    d0:df:7d:47:3e:a1:4a:3a:90:79:b2:66:af:14:70:
                    3a:f3:81:52:4c:05:dc:18:dd:5f:64:c6:d0:62:32:
                    2f:09:cc:2e:f8:89:b1:16:ef:8d:43:61:cc:c7:9d:
                    54:43:59:b9:64:24:92:f6:6a:8f:fb:59:3a:a8:2a:
                    c2:4b:3d:22:4d:ae:fe:56:26:45:86:bf:17:9e:cc:
                    e9:33:ac:35:51:1b:a9:8b:a7:a5:6a:98:83:fc:cf:
                    e8:14:e4:9c:ce:be:cd:c5:de:e9:87:3f:f2:df:3c:
                    a7:6c:d3:ef:20:f3:49:04:fa:ef:76:eb:6e:83:bb:
                    ef:9b:99:b4:52:ca:9d:65:e3:0e:03:e9:f7:92:0f:
                    05:48:17:6b:a1:92:d3:d5:53:2f:5a:97:32:6b:06:
                    e9:84:06:2b:6c:68:9c:cb:a5:8e:ce:49:26:ee:11:
                    b2:4d:ab:f3:99:f9:ad:13:12:ff:1c:d2:49:52:70:
                    b4:2a:05:49:01:33:7e:23:a6:70:12:06:86:37:4b:
                    eb:41:f2:09:37:17:3e:0b:86:52:52:18:e2:36:4d:
                    15:7c:bf:7f:28:fb:3e:6f:57:e8:a7:8f:9c:ea:d9:
                    92:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:34:15:63:91:24:81:55:A9:04:EE:AE:1A:D5:E7:C3:70:41:C6:2F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3a9c0a75-ca83-48b4-8a52-064ac3484cac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.249.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:e8:4b:49:5e:61:aa:de:f5:a1:88:08:3d:b8:7f:4b:2b:52:
         7d:e1:9c:08:f9:f1:db:7b:0e:be:a0:0e:24:0c:58:af:26:eb:
         38:1e:d0:06:01:ac:11:bb:12:9d:3e:a5:fd:22:8d:e4:7d:30:
         a6:83:25:0a:c9:31:c0:bf:92:4b:c2:5c:77:11:da:b3:32:a4:
         23:16:35:2b:5b:98:2f:c2:05:2a:af:3e:23:0d:bc:c7:3c:0e:
         7a:a0:7a:26:2f:20:91:ee:32:e6:84:86:1f:bc:bc:5b:f2:e7:
         ba:44:0b:bb:ef:b9:b5:d7:79:73:f3:c4:2a:6a:6c:56:d7:fe:
         9c:ff:c9:5b:4c:f7:c4:5a:77:29:1f:b6:14:43:38:f7:89:d7:
         2e:b3:a6:f0:5b:58:36:2c:99:ae:03:14:d7:a4:5b:f9:1a:d4:
         3b:22:10:2d:2d:16:0b:cb:11:4c:0b:8f:be:5e:dc:89:68:a6:
         2f:55:be:c6:4d:f5:3c:53:36:26:a7:8d:33:9a:c1:70:30:89:
         df:2f:15:c8:1d:42:f6:b4:ab:e6:b5:4a:42:a8:e2:9d:11:34:
         18:50:e6:34:d7:13:4a:b7:96:61:f7:b7:93:bd:e2:a6:0c:6e:
         0d:c3:81:2a:f4:61:83:96:cd:64:33:ff:dd:be:07:0a:81:cb:
         ce:50:b2:d5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNk/oN7DF0DtHnnJC0Dgp7sk04WkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTY1MTQ2WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyOTgwZTMyMmM2YmVjNjBhZjlkZTE0ZDM1ZmUwNThhMzk2
MDMwYjczMjAzMzRkMmUwZDI4NGI4OWYzZTJlMDY4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7QZTjnl8jxn+75Sz73wbw2pIlO5faGS6UAXEVf9DffUc+
oUo6kHmyZq8UcDrzgVJMBdwY3V9kxtBiMi8JzC74ibEW741DYczHnVRDWblkJJL2
ao/7WTqoKsJLPSJNrv5WJkWGvxeezOkzrDVRG6mLp6VqmIP8z+gU5JzOvs3F3umH
P/LfPKds0+8g80kE+u92626Du++bmbRSyp1l4w4D6feSDwVIF2uhktPVUy9alzJr
BumEBitsaJzLpY7OSSbuEbJNq/OZ+a0TEv8c0klScLQqBUkBM34jpnASBoY3S+tB
8gk3Fz4LhlJSGOI2TRV8v38o+z5vV+inj5zq2ZLJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZDQVY5EkgVWpBO6uGtXnw3BBxi8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNhOWMwYTc1LWNhODMtNDhiNC04YTUyLTA2NGFjMzQ4NGNhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEN+W4wDQYJKoZIhvcNAQELBQADggEBABboS0leYare9aGICD24f0srUn3h
nAj58dt7Dr6gDiQMWK8m6zge0AYBrBG7Ep0+pf0ijeR9MKaDJQrJMcC/kkvCXHcR
2rMypCMWNStbmC/CBSqvPiMNvMc8DnqgeiYvIJHuMuaEhh+8vFvy57pEC7vvubXX
eXPzxCpqbFbX/pz/yVtM98RadykfthRDOPeJ1y6zpvBbWDYsma4DFNekW/ka1Dsi
EC0tFgvLEUwLj75e3Ilopi9VvsZN9TxTNianjTOawXAwid8vFcgdQva0q+a1SkKo
4p0RNBhQ5jTXE0q3lmH3t5O94qYMbg3DgSr0YYOWzWQz/92+BwqBy85QstU=
-----END CERTIFICATE-----