Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3e3c8d4d-f7cf-462c-a667-996983322658.roa
File:                     3e3c8d4d-f7cf-462c-a667-996983322658.roa (raw, json)
Hash identifier:          AxIueikrUE9JJTB0gOo60vWzx/CUSzQ5hEjEgD+Wfcw=
Subject key identifier:   FC:EE:E7:6C:1C:0B:2D:0F:1B:96:C9:9A:4F:98:41:8B:26:21:60:CB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       44F3909A0A96865D91F7CE7E3CD00A050524F84C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3e3c8d4d-f7cf-462c-a667-996983322658.roa
Signing time:             Mon 18 Aug 2025 16:00:17 +0000
ROA not before:           Mon 18 Aug 2025 16:00:17 +0000
ROA not after:            Mon 22 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.54.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:f3:90:9a:0a:96:86:5d:91:f7:ce:7e:3c:d0:0a:05:05:24:f8:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 18 16:00:17 2025 GMT
            Not After : Sep 22 23:59:59 2025 GMT
        Subject: serialNumber=85ba193224c16911f3a2f72461f6e9f9c75a33b5edda7f0e14f27fd23e67b9e0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:05:8f:ed:ef:2e:81:de:0b:af:10:20:b0:a6:
                    8b:16:dd:0a:2e:49:8e:35:47:bd:f1:14:5b:a1:7c:
                    28:87:d4:09:8e:9b:fe:97:ce:de:c5:72:f7:d9:75:
                    0c:ec:bd:5c:1f:86:ee:9c:22:54:a1:f5:7e:9e:7e:
                    dd:3a:6c:8b:e4:84:d9:cc:62:f4:29:b0:87:5b:50:
                    9d:94:f5:a4:b8:c7:2e:62:c5:77:5e:0d:01:b5:96:
                    a4:12:b5:3f:67:06:61:4d:83:01:28:fd:2f:ba:d5:
                    8f:18:e3:21:96:93:81:1d:a3:34:ac:bd:16:38:f0:
                    a7:c0:0e:02:71:3b:4f:9b:78:ff:8d:1e:bb:43:94:
                    76:a8:fe:2e:ce:a3:85:d7:68:4e:a9:b1:f7:65:0e:
                    11:54:ee:05:d7:2a:aa:d6:93:af:ab:21:35:33:fe:
                    54:17:bb:50:fc:fc:00:ba:c5:13:67:db:83:7b:d9:
                    18:69:d6:e1:39:e8:53:3f:70:1d:36:d7:c4:94:d1:
                    33:f9:25:22:3f:73:7f:8e:4a:83:86:f9:f1:0e:06:
                    87:48:67:a1:a9:4f:ca:a1:91:82:4a:b2:95:4e:8c:
                    c4:83:5c:19:05:9c:ec:e7:fc:f0:ba:e4:45:20:66:
                    e4:81:a2:74:c8:1d:91:85:3e:c1:eb:14:84:8f:02:
                    83:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:EE:E7:6C:1C:0B:2D:0F:1B:96:C9:9A:4F:98:41:8B:26:21:60:CB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3e3c8d4d-f7cf-462c-a667-996983322658.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.54.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6f:88:67:6f:12:a5:1c:80:74:5f:07:8e:c5:cb:e5:70:0c:cc:
         88:70:cd:25:ab:fa:03:9a:3d:1a:29:e5:1b:3b:34:ce:4c:42:
         0c:d2:14:2f:15:ca:d8:05:c6:b1:b3:00:83:bd:e0:3c:04:12:
         27:04:45:6b:c0:a3:14:b3:bb:ef:50:e0:a3:6a:1d:97:58:31:
         56:69:f4:45:f3:b3:c0:a9:d4:d2:ed:55:ed:77:c4:f2:d5:20:
         4f:cb:7e:d2:ba:98:5a:73:29:98:13:ba:b7:b4:07:25:c9:c5:
         18:aa:04:91:69:b6:af:78:b9:99:37:bd:a2:f7:0c:67:30:29:
         cf:e5:3b:4e:a2:87:d6:b8:c8:65:ab:1b:83:51:98:06:14:ae:
         ab:1d:6a:48:a9:b7:58:8b:51:48:71:51:e9:55:2c:0e:0b:8a:
         87:b4:be:cd:98:10:09:b3:67:21:a4:92:a6:74:ea:62:8b:c9:
         86:94:02:27:2f:db:1b:1d:72:ff:eb:b1:b3:e1:30:30:71:4f:
         74:64:fd:ec:2c:67:66:fe:da:58:30:06:a8:6a:ef:1e:2f:6b:
         6d:10:97:0b:d0:c1:b9:ef:67:74:66:fe:29:55:a6:33:bc:e8:
         de:89:bf:4e:aa:65:f1:02:64:8e:82:3d:29:14:c1:d0:5b:90:
         41:50:d2:58
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURPOQmgqWhl2R985+PNAKBQUk+EwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE4MTYwMDE3WhcNMjUwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NWJhMTkzMjI0YzE2OTExZjNhMmY3MjQ2MWY2ZTlmOWM3
NWEzM2I1ZWRkYTdmMGUxNGYyN2ZkMjNlNjdiOWUwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPBY/t7y6B3guvECCwposW3QouSY41R73xFFuhfCiH1AmO
m/6Xzt7FcvfZdQzsvVwfhu6cIlSh9X6eft06bIvkhNnMYvQpsIdbUJ2U9aS4xy5i
xXdeDQG1lqQStT9nBmFNgwEo/S+61Y8Y4yGWk4EdozSsvRY48KfADgJxO0+beP+N
HrtDlHao/i7Oo4XXaE6psfdlDhFU7gXXKqrWk6+rITUz/lQXu1D8/AC6xRNn24N7
2Rhp1uE56FM/cB0218SU0TP5JSI/c3+OSoOG+fEOBodIZ6GpT8qhkYJKspVOjMSD
XBkFnOzn/PC65EUgZuSBonTIHZGFPsHrFISPAoMJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/O7nbBwLLQ8blsmaT5hBiyYhYMswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNlM2M4ZDRkLWY3Y2YtNDYyYy1hNjY3LTk5Njk4MzMyMjY1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYNNsAwDQYJKoZIhvcNAQELBQADggEBAG+IZ28SpRyAdF8HjsXL5XAMzIhw
zSWr+gOaPRop5Rs7NM5MQgzSFC8VytgFxrGzAIO94DwEEicERWvAoxSzu+9Q4KNq
HZdYMVZp9EXzs8Cp1NLtVe13xPLVIE/LftK6mFpzKZgTure0ByXJxRiqBJFptq94
uZk3vaL3DGcwKc/lO06ih9a4yGWrG4NRmAYUrqsdakipt1iLUUhxUelVLA4Lioe0
vs2YEAmzZyGkkqZ06mKLyYaUAicv2xsdcv/rsbPhMDBxT3Rk/ewsZ2b+2lgwBqhq
7x4va20QlwvQwbnvZ3Rm/ilVpjO86N6Jv06qZfECZI6CPSkUwdBbkEFQ0lg=
-----END CERTIFICATE-----