Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42f64c9c-867f-4163-be01-3ed7d0a66046.roa
File:                     42f64c9c-867f-4163-be01-3ed7d0a66046.roa (raw, json)
Hash identifier:          uqsd6CBDwG0e5SsU86QgbvezG26XYZyJAMCpcoBOBPA=
Subject key identifier:   22:30:D7:22:5A:0F:4F:05:67:71:96:C4:FC:BC:14:D6:D1:CA:02:A4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2D767F824386B32005E242AF09B5B801F5CD857C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42f64c9c-867f-4163-be01-3ed7d0a66046.roa
Signing time:             Tue 19 Aug 2025 15:21:36 +0000
ROA not before:           Tue 19 Aug 2025 15:21:36 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.208.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:76:7f:82:43:86:b3:20:05:e2:42:af:09:b5:b8:01:f5:cd:85:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 19 15:21:36 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=48a505054e6c413f729089c047f0a15b03a31a0c0b5e5b1b9be763327ba3e285, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:20:5b:a0:87:70:f1:2f:f0:47:a2:68:29:56:
                    7b:1a:eb:8e:17:7d:06:49:85:df:42:b8:c3:f0:58:
                    fd:d5:76:a9:18:09:65:ff:ba:3a:1a:80:f4:41:de:
                    70:01:a5:b8:77:a4:72:86:f3:44:c0:fc:b0:d3:39:
                    ed:19:3c:fe:43:e2:79:02:ee:96:0d:a8:c1:1a:ff:
                    64:0c:4c:93:d4:f0:89:24:c7:0e:44:2f:16:37:95:
                    23:8e:ba:8e:d2:4c:0d:70:c7:aa:cb:bf:f3:47:9b:
                    05:78:d4:93:6c:28:f7:e0:36:7d:67:79:00:1b:40:
                    9d:21:f6:57:45:4f:8d:97:9e:62:7e:71:64:8a:37:
                    45:47:e3:9d:59:e7:2d:5a:f5:57:c0:04:37:35:cd:
                    0d:7d:26:74:da:84:75:1c:e9:cf:08:82:13:3c:c5:
                    39:1b:f7:cc:2b:51:ed:69:9f:80:cc:55:54:99:c8:
                    9c:94:4d:4e:52:1b:55:aa:e1:5e:9e:a7:99:1a:11:
                    b5:53:e3:53:f8:b4:4e:0f:c9:98:13:65:8f:6d:78:
                    18:e9:f9:8d:cf:d3:54:f3:77:71:2f:d0:a8:e9:91:
                    bc:5d:b4:69:47:5e:ab:c1:60:35:98:98:89:50:5c:
                    f6:21:9f:72:e4:86:51:5e:ea:20:33:70:c7:50:1b:
                    eb:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:30:D7:22:5A:0F:4F:05:67:71:96:C4:FC:BC:14:D6:D1:CA:02:A4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42f64c9c-867f-4163-be01-3ed7d0a66046.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.208.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         52:2f:22:5b:3a:0f:1a:dc:48:f6:6a:7e:6e:66:b3:84:99:31:
         02:29:7d:1d:44:44:d2:71:c2:77:85:bc:2a:e0:ec:81:89:d0:
         97:36:eb:e8:35:12:56:b4:a7:a9:02:bc:dc:a5:88:ab:af:d5:
         2b:b3:ea:a1:31:b1:68:6f:77:9f:70:2f:19:d8:d5:7e:aa:a8:
         22:ae:43:27:9f:63:59:c4:c8:66:df:85:99:97:b1:16:cf:07:
         d1:cd:de:01:54:68:06:5d:c5:a3:d9:6d:77:b4:53:23:03:24:
         b6:55:9d:a8:b1:e8:c8:6e:40:1a:8d:d7:8e:fc:8c:f5:32:69:
         cd:cb:23:a7:9d:1b:65:87:e0:b7:04:69:88:c7:96:3e:52:bc:
         93:29:61:ad:df:b5:0d:79:3c:bf:f4:7f:e4:1e:ec:25:05:d1:
         9d:7c:67:9b:f0:a1:08:3e:ea:d0:9e:3b:ba:ac:49:3c:b1:f8:
         f8:c4:87:1c:17:48:1b:b8:0d:ce:fd:13:16:f4:01:d4:af:2f:
         20:33:1a:c6:88:e9:3d:13:c5:c7:cc:d5:2d:4f:b0:27:e4:62:
         36:21:48:fb:e5:bb:5e:ea:02:eb:3a:ea:87:a1:ec:92:92:53:
         15:9f:e0:6a:1c:dc:14:33:7c:0e:6d:16:bd:e2:76:d9:d8:58:
         aa:3e:84:49
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULXZ/gkOGsyAF4kKvCbW4AfXNhXwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE5MTUyMTM2WhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0OGE1MDUwNTRlNmM0MTNmNzI5MDg5YzA0N2YwYTE1YjAz
YTMxYTBjMGI1ZTViMWI5YmU3NjMzMjdiYTNlMjg1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcIFugh3DxL/BHomgpVnsa644XfQZJhd9CuMPwWP3VdqkY
CWX/ujoagPRB3nABpbh3pHKG80TA/LDTOe0ZPP5D4nkC7pYNqMEa/2QMTJPU8Ikk
xw5ELxY3lSOOuo7STA1wx6rLv/NHmwV41JNsKPfgNn1neQAbQJ0h9ldFT42XnmJ+
cWSKN0VH451Z5y1a9VfABDc1zQ19JnTahHUc6c8IghM8xTkb98wrUe1pn4DMVVSZ
yJyUTU5SG1Wq4V6ep5kaEbVT41P4tE4PyZgTZY9teBjp+Y3P01Tzd3Ev0Kjpkbxd
tGlHXqvBYDWYmIlQXPYhn3LkhlFe6iAzcMdQG+txAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUIjDXIloPTwVncZbE/LwU1tHKAqQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQyZjY0YzljLTg2N2YtNDE2My1iZTAxLTNlZDdkMGE2NjA0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAN0DANBgkqhkiG9w0BAQsFAAOCAQEAUi8iWzoPGtxI9mp+bmazhJkxAil9
HURE0nHCd4W8KuDsgYnQlzbr6DUSVrSnqQK83KWIq6/VK7PqoTGxaG93n3AvGdjV
fqqoIq5DJ59jWcTIZt+FmZexFs8H0c3eAVRoBl3Fo9ltd7RTIwMktlWdqLHoyG5A
Go3XjvyM9TJpzcsjp50bZYfgtwRpiMeWPlK8kylhrd+1DXk8v/R/5B7sJQXRnXxn
m/ChCD7q0J47uqxJPLH4+MSHHBdIG7gNzv0TFvQB1K8vIDMaxojpPRPFx8zVLU+w
J+RiNiFI++W7XuoC6zrqh6HskpJTFZ/gahzcFDN8Dm0WveJ22dhYqj6ESQ==
-----END CERTIFICATE-----