Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4947950c-fef4-4643-baef-2b162182ce63.roa
File:                     4947950c-fef4-4643-baef-2b162182ce63.roa (raw, json)
Hash identifier:          BpAdjx6lPUvG/3NG4riS6MyEbY5Fa6T6K3DK/abg/Jk=
Subject key identifier:   48:18:B4:57:D1:52:39:BD:AC:CA:AB:5E:D0:9D:48:28:58:7F:65:9A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1D1A3DEAF1CD02A8591909ADA79F69580FDEC65A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4947950c-fef4-4643-baef-2b162182ce63.roa
Signing time:             Wed 24 Sep 2025 18:07:00 +0000
ROA not before:           Wed 24 Sep 2025 18:07:00 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.35.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:1a:3d:ea:f1:cd:02:a8:59:19:09:ad:a7:9f:69:58:0f:de:c6:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 18:07:00 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=fc2c36ba8b1d2154b4956a87a73c20afb67033f6fc98634873d222439df99c4a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:6f:9c:23:3f:5b:4d:77:d3:33:6b:37:e6:a3:
                    18:af:cd:04:1f:95:d1:0a:d1:b8:90:d7:70:f4:20:
                    49:77:cb:5c:37:de:5e:fd:83:74:a9:72:b8:b0:7a:
                    b6:20:d2:3d:96:fb:b9:a5:eb:cd:9e:fa:93:8b:a8:
                    99:52:09:31:82:92:f8:f6:c3:07:a9:9a:c9:5a:e8:
                    5f:f1:82:3a:d1:5c:5e:b3:d6:26:f5:75:7d:26:f1:
                    89:d2:e9:36:ed:c7:51:15:ef:87:18:04:59:60:45:
                    b5:50:39:97:51:a3:be:83:2e:25:3d:c7:b2:9e:8a:
                    8d:89:88:ad:fc:67:5f:1c:ed:58:6b:a3:d0:bc:cb:
                    ca:5e:83:10:11:aa:d4:e3:a1:a6:e4:83:21:0a:03:
                    c5:2d:1e:11:d7:62:5b:f0:27:93:1a:8e:5c:1b:18:
                    77:39:27:e4:fe:2c:85:fe:c3:5d:3e:08:dd:32:91:
                    ee:e7:81:0d:19:f3:0e:23:67:25:36:78:f6:bb:62:
                    3e:f3:b3:1a:1e:ae:50:e0:da:05:62:eb:1f:0d:1a:
                    0a:67:0f:26:f9:c7:f8:64:90:d8:11:e2:31:ba:2a:
                    26:ba:cf:82:67:9e:9d:e5:64:23:ee:77:a6:85:a1:
                    26:2f:6a:4f:d9:b0:8f:f5:cb:2b:52:7b:d4:81:17:
                    23:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:18:B4:57:D1:52:39:BD:AC:CA:AB:5E:D0:9D:48:28:58:7F:65:9A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4947950c-fef4-4643-baef-2b162182ce63.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.35.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:d8:b4:b2:94:eb:d3:45:ac:a1:4f:9c:b3:7c:7b:f6:fb:a0:
         75:e1:9c:7a:8c:95:7f:20:8e:34:2f:f3:e3:82:62:7c:9e:ba:
         39:96:24:ea:b4:93:31:a0:c5:35:60:53:02:c6:ea:dd:d7:d9:
         4f:5f:0f:c5:f0:36:38:37:d7:3d:74:bc:d3:df:b5:10:ab:72:
         57:76:81:b7:81:96:0d:6c:c1:11:63:40:c3:25:57:bc:ef:71:
         04:40:1d:4a:a5:ef:4e:bf:1c:5c:6b:92:7a:9a:13:92:1a:d4:
         5c:1e:86:70:b6:19:c9:bc:f6:eb:4d:71:f7:55:48:9a:09:7b:
         2a:82:60:67:c3:f8:32:33:91:b8:5b:40:4a:7a:cd:c4:01:c8:
         c0:22:f3:c8:50:24:ff:4b:ff:4d:4f:b0:49:69:0b:3b:75:39:
         59:41:18:3b:ce:41:d2:86:d9:d0:8b:67:8a:39:01:b6:c8:72:
         fd:45:e1:6e:df:0b:33:de:11:02:75:77:77:9c:cb:2e:78:21:
         9f:30:dc:63:7c:7b:41:f1:15:ce:5b:5a:d6:65:e6:f3:30:65:
         a0:56:9c:ae:49:bb:85:49:5c:95:e4:23:97:2d:71:8b:70:f7:
         2e:25:88:90:c4:a8:4b:c6:60:72:2f:e5:9c:8a:b3:a6:a3:d8:
         4b:25:0a:f0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHRo96vHNAqhZGQmtp59pWA/exlowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTgwNzAwWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYzJjMzZiYThiMWQyMTU0YjQ5NTZhODdhNzNjMjBhZmI2
NzAzM2Y2ZmM5ODYzNDg3M2QyMjI0MzlkZjk5YzRhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeb5wjP1tNd9MzazfmoxivzQQfldEK0biQ13D0IEl3y1w3
3l79g3SpcriwerYg0j2W+7ml682e+pOLqJlSCTGCkvj2wwepmsla6F/xgjrRXF6z
1ib1dX0m8YnS6Tbtx1EV74cYBFlgRbVQOZdRo76DLiU9x7Keio2JiK38Z18c7Vhr
o9C8y8pegxARqtTjoabkgyEKA8UtHhHXYlvwJ5MajlwbGHc5J+T+LIX+w10+CN0y
ke7ngQ0Z8w4jZyU2ePa7Yj7zsxoerlDg2gVi6x8NGgpnDyb5x/hkkNgR4jG6Kia6
z4Jnnp3lZCPud6aFoSYvak/ZsI/1yytSe9SBFyNjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSBi0V9FSOb2syqte0J1IKFh/ZZowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ5NDc5NTBjLWZlZjQtNDY0My1iYWVmLTJiMTYyMTgyY2U2My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANI1owDQYJKoZIhvcNAQELBQADggEBADXYtLKU69NFrKFPnLN8e/b7oHXh
nHqMlX8gjjQv8+OCYnyeujmWJOq0kzGgxTVgUwLG6t3X2U9fD8XwNjg31z10vNPf
tRCrcld2gbeBlg1swRFjQMMlV7zvcQRAHUql706/HFxrknqaE5Ia1FwehnC2Gcm8
9utNcfdVSJoJeyqCYGfD+DIzkbhbQEp6zcQByMAi88hQJP9L/01PsElpCzt1OVlB
GDvOQdKG2dCLZ4o5AbbIcv1F4W7fCzPeEQJ1d3ecyy54IZ8w3GN8e0HxFc5bWtZl
5vMwZaBWnK5Ju4VJXJXkI5ctcYtw9y4liJDEqEvGYHIv5ZyKs6aj2EslCvA=
-----END CERTIFICATE-----