Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ba0964c-6637-4c75-84ac-6effbdd4a420.roa
File:                     3ba0964c-6637-4c75-84ac-6effbdd4a420.roa (raw, json)
Hash identifier:          Vy0sO/b6yr+6aJ3dZWTpWjYYECEHMW5IsM44d7OXC80=
Subject key identifier:   B7:2B:18:0A:A8:89:04:4C:E2:A8:D0:A8:8B:CB:E0:A1:A4:39:4D:DB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       74892AC026B8DD2BA4F9000B10A3F3E2559EFFF1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ba0964c-6637-4c75-84ac-6effbdd4a420.roa
Signing time:             Wed 24 Sep 2025 20:26:19 +0000
ROA not before:           Wed 24 Sep 2025 20:26:19 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.227.130.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:89:2a:c0:26:b8:dd:2b:a4:f9:00:0b:10:a3:f3:e2:55:9e:ff:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 20:26:19 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=c9b96c9e53489e5cf0290e2734869388343f48a03ab86835ca4d00ba512311bb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f6:17:cb:b4:21:32:35:75:9f:17:84:48:9c:
                    e8:96:4a:69:7c:76:96:10:20:6c:c8:aa:5e:20:ee:
                    5e:73:51:4b:ab:02:75:6f:71:de:bb:65:7e:2a:50:
                    60:24:c7:36:23:13:13:47:ba:21:b0:d2:75:0c:cd:
                    a2:d1:be:5c:ae:24:6b:2b:d0:87:eb:35:5d:b8:a1:
                    bd:c0:2f:3d:ac:0b:2c:c8:2b:80:61:c0:29:ef:5a:
                    bc:53:17:f3:98:fd:f6:86:dc:f3:49:70:de:db:0f:
                    fd:eb:14:c5:69:ee:14:77:50:b9:24:19:85:d8:1b:
                    fe:91:a3:45:76:4f:b3:08:7f:f5:b3:d3:f9:08:68:
                    4a:e7:fd:0c:c7:7f:54:21:fe:f2:26:77:04:e2:00:
                    b8:9e:af:1c:6c:1f:60:c6:71:6f:dd:0c:9c:f8:eb:
                    23:d8:9a:c3:69:c8:a4:f0:11:42:fd:9c:9a:25:ed:
                    b7:1e:e2:bb:89:0e:13:32:45:24:3a:ab:75:7e:59:
                    af:94:ef:8c:9e:20:ca:df:03:d4:52:84:92:54:8d:
                    ca:be:18:7a:b6:ab:b4:1e:aa:39:f5:a7:51:fb:7f:
                    e9:b1:00:4f:8b:97:a9:ee:83:d5:24:a3:2f:04:ba:
                    af:22:68:b9:23:71:78:47:1b:c3:f1:c4:d6:cb:5c:
                    75:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:2B:18:0A:A8:89:04:4C:E2:A8:D0:A8:8B:CB:E0:A1:A4:39:4D:DB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ba0964c-6637-4c75-84ac-6effbdd4a420.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.227.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:ef:07:e2:07:6f:49:be:33:8b:8c:a5:8c:25:09:a2:cf:10:
         cf:59:79:7c:e5:7f:49:75:cb:bf:f6:89:43:b0:04:ea:4e:0a:
         69:5a:69:ef:35:ab:84:ea:7a:28:8f:51:4b:71:4b:12:af:0c:
         46:02:57:ae:9c:b9:6e:81:2e:40:d6:8b:c7:87:1a:c5:29:e5:
         8c:c4:6a:62:a4:b4:79:2e:cd:30:25:ff:05:78:f7:7a:04:cd:
         d2:ec:4c:3a:cf:b2:fb:8a:b8:7c:0e:c9:a2:87:0f:e0:1c:62:
         e0:7a:f4:1e:62:37:03:0a:1c:be:31:db:81:1e:32:4c:4c:78:
         30:50:61:d6:56:be:54:98:31:7e:a5:c6:7e:4f:3d:44:8d:93:
         c5:6d:bd:9a:66:d1:cc:9e:e1:52:c7:78:c3:45:98:93:35:00:
         41:7f:cb:44:7d:69:31:82:ea:a4:fd:f4:f1:74:9e:3e:bc:c6:
         d3:f4:f2:a0:7d:ff:47:63:c8:d7:46:2b:02:89:8d:cb:e3:b8:
         74:8c:df:35:39:f5:b8:d9:6f:e2:6d:56:e3:cd:dc:90:1e:90:
         9b:cc:2e:30:17:99:70:b6:3e:7c:bf:55:20:4f:30:b9:83:e9:
         ef:a6:60:4b:69:4c:05:1e:01:89:b9:2b:bb:dd:91:af:1b:fe:
         9e:67:b6:f2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdIkqwCa43Suk+QALEKPz4lWe//EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjAyNjE5WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOWI5NmM5ZTUzNDg5ZTVjZjAyOTBlMjczNDg2OTM4ODM0
M2Y0OGEwM2FiODY4MzVjYTRkMDBiYTUxMjMxMWJiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCp9hfLtCEyNXWfF4RInOiWSml8dpYQIGzIql4g7l5zUUur
AnVvcd67ZX4qUGAkxzYjExNHuiGw0nUMzaLRvlyuJGsr0IfrNV24ob3ALz2sCyzI
K4BhwCnvWrxTF/OY/faG3PNJcN7bD/3rFMVp7hR3ULkkGYXYG/6Ro0V2T7MIf/Wz
0/kIaErn/QzHf1Qh/vImdwTiALierxxsH2DGcW/dDJz46yPYmsNpyKTwEUL9nJol
7bce4ruJDhMyRSQ6q3V+Wa+U74yeIMrfA9RShJJUjcq+GHq2q7Qeqjn1p1H7f+mx
AE+Ll6nug9Ukoy8Euq8iaLkjcXhHG8PxxNbLXHVFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtysYCqiJBEziqNCoi8vgoaQ5TdswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiYTA5NjRjLTY2MzctNGM3NS04NGFjLTZlZmZiZGQ0YTQyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEN44IwDQYJKoZIhvcNAQELBQADggEBAGDvB+IHb0m+M4uMpYwlCaLPEM9Z
eXzlf0l1y7/2iUOwBOpOCmlaae81q4TqeiiPUUtxSxKvDEYCV66cuW6BLkDWi8eH
GsUp5YzEamKktHkuzTAl/wV493oEzdLsTDrPsvuKuHwOyaKHD+AcYuB69B5iNwMK
HL4x24EeMkxMeDBQYdZWvlSYMX6lxn5PPUSNk8VtvZpm0cye4VLHeMNFmJM1AEF/
y0R9aTGC6qT99PF0nj68xtP08qB9/0djyNdGKwKJjcvjuHSM3zU59bjZb+JtVuPN
3JAekJvMLjAXmXC2Pny/VSBPMLmD6e+mYEtpTAUeAYm5K7vdka8b/p5ntvI=
-----END CERTIFICATE-----