Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/587a9033-3a99-4233-8910-ced5bf578729.roa
File:                     587a9033-3a99-4233-8910-ced5bf578729.roa (raw, json)
Hash identifier:          3P/RvzRVkeXVH1eW+oiCivKqkHM8ESyvV5UyzvpcYHA=
Subject key identifier:   85:13:6E:A3:F8:9E:A4:CA:C2:69:38:4D:D2:74:30:3B:68:5A:9E:3B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       456DF539F5DD0445E5FA9AD2365E443B5A460CE1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/587a9033-3a99-4233-8910-ced5bf578729.roa
Signing time:             Wed 24 Sep 2025 18:51:53 +0000
ROA not before:           Wed 24 Sep 2025 18:51:53 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.33.112.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:6d:f5:39:f5:dd:04:45:e5:fa:9a:d2:36:5e:44:3b:5a:46:0c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 18:51:53 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=46d12baf1a82ce45205cbfb728672aad44e99772d844435cf804ad567ba744ec, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8f:11:7c:49:14:83:94:76:af:9d:76:e1:54:
                    b3:d1:85:bf:87:c0:ce:d5:f8:cd:75:ea:88:01:88:
                    83:a4:c5:f4:ac:ab:8b:28:8d:03:54:e4:89:7f:19:
                    b4:6d:02:b5:7b:69:f0:dc:0e:ba:7f:40:83:d6:b3:
                    54:86:6c:96:fc:60:e2:86:a4:ec:fb:94:cd:ff:ec:
                    21:5c:80:d7:ed:5e:91:60:7d:85:30:c0:59:36:81:
                    8d:93:d8:d0:14:39:29:ce:ed:24:b8:06:94:21:10:
                    86:1d:2e:6a:76:ee:bb:1f:0a:b0:25:f9:b6:bf:5a:
                    4f:3f:8e:17:45:60:c3:f6:80:88:ef:4a:b6:52:42:
                    3f:c3:30:f8:67:94:ad:ac:42:6f:9b:83:3e:95:ba:
                    4c:02:a9:6c:5a:7d:91:11:3a:08:d0:9a:48:36:e9:
                    d7:f5:45:cf:72:d1:67:f1:ff:03:b1:74:27:63:69:
                    3e:f2:88:b7:67:af:a5:c5:28:3d:98:04:9b:f6:56:
                    4d:75:fa:a5:01:31:91:ba:54:81:49:2b:bf:78:2f:
                    1b:bc:ed:71:32:54:a3:b0:ae:57:23:28:02:9c:56:
                    7e:c6:c8:b4:a3:e3:28:d5:44:57:d4:3d:a8:f7:0b:
                    44:a0:34:e6:33:c9:c1:08:9f:3e:d0:91:c1:1d:db:
                    c5:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:13:6E:A3:F8:9E:A4:CA:C2:69:38:4D:D2:74:30:3B:68:5A:9E:3B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/587a9033-3a99-4233-8910-ced5bf578729.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.33.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         41:29:fb:aa:ee:87:36:1e:e3:a1:64:a8:09:c1:3f:fb:7c:fe:
         71:17:75:0a:09:4b:84:13:3e:3c:40:0e:5a:87:09:d2:ee:62:
         64:27:d0:92:e1:f8:fe:fa:fa:62:d2:59:59:bc:06:9b:80:86:
         54:cf:3a:ea:39:3a:c7:3e:9f:9f:46:f4:c7:8e:77:6a:c1:b5:
         44:15:7b:a9:23:fa:2b:3e:19:81:09:7b:0d:87:11:a3:e4:da:
         91:9d:8d:e4:d6:ea:a3:cf:8f:0b:cd:5c:df:c0:b0:ff:dc:f5:
         c8:a4:b2:f0:14:33:cc:d3:40:6f:fd:2a:48:35:d1:eb:d7:6e:
         19:96:3e:e1:6f:6f:2d:81:4e:ba:66:40:4e:a6:1c:48:3d:a5:
         85:76:b5:c9:ec:5b:05:0a:fd:f3:41:dc:8e:aa:78:ae:ce:6c:
         39:42:0c:5f:bb:23:ff:ee:0c:9f:cb:44:b2:88:2e:52:f4:05:
         49:7b:3e:80:84:f6:67:c2:9c:0d:19:02:46:1a:70:86:98:54:
         65:8f:67:50:17:74:1b:04:33:80:0f:21:59:49:7b:92:78:e6:
         df:4e:82:55:2f:ea:76:69:ec:02:83:42:5f:57:07:5b:8d:90:
         9f:00:f9:c8:be:8a:05:02:a3:8e:f2:67:32:96:8f:53:4b:8e:
         e4:61:97:ca
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURW31OfXdBEXl+prSNl5EO1pGDOEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTg1MTUzWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NmQxMmJhZjFhODJjZTQ1MjA1Y2JmYjcyODY3MmFhZDQ0
ZTk5NzcyZDg0NDQzNWNmODA0YWQ1NjdiYTc0NGVjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtjxF8SRSDlHavnXbhVLPRhb+HwM7V+M116ogBiIOkxfSs
q4sojQNU5Il/GbRtArV7afDcDrp/QIPWs1SGbJb8YOKGpOz7lM3/7CFcgNftXpFg
fYUwwFk2gY2T2NAUOSnO7SS4BpQhEIYdLmp27rsfCrAl+ba/Wk8/jhdFYMP2gIjv
SrZSQj/DMPhnlK2sQm+bgz6VukwCqWxafZEROgjQmkg26df1Rc9y0Wfx/wOxdCdj
aT7yiLdnr6XFKD2YBJv2Vk11+qUBMZG6VIFJK794Lxu87XEyVKOwrlcjKAKcVn7G
yLSj4yjVRFfUPaj3C0SgNOYzycEInz7QkcEd28WJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhRNuo/iepMrCaThN0nQwO2hanjswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU4N2E5MDMzLTNhOTktNDIzMy04OTEwLWNlZDViZjU3ODcyOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQNIXAwDQYJKoZIhvcNAQELBQADggEBAEEp+6ruhzYe46FkqAnBP/t8/nEX
dQoJS4QTPjxADlqHCdLuYmQn0JLh+P76+mLSWVm8BpuAhlTPOuo5Osc+n59G9MeO
d2rBtUQVe6kj+is+GYEJew2HEaPk2pGdjeTW6qPPjwvNXN/AsP/c9ciksvAUM8zT
QG/9Kkg10evXbhmWPuFvby2BTrpmQE6mHEg9pYV2tcnsWwUK/fNB3I6qeK7ObDlC
DF+7I//uDJ/LRLKILlL0BUl7PoCE9mfCnA0ZAkYacIaYVGWPZ1AXdBsEM4APIVlJ
e5J45t9OglUv6nZp7AKDQl9XB1uNkJ8A+ci+igUCo47yZzKWj1NLjuRhl8o=
-----END CERTIFICATE-----