Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5932154a-da33-40d9-9886-0bb7f0c712e9.roa
File:                     5932154a-da33-40d9-9886-0bb7f0c712e9.roa (raw, json)
Hash identifier:          slV8zFxOVArg/8IZRdvqdA2nW6YRY1G4AF90BVFWWNI=
Subject key identifier:   52:DA:74:57:E9:87:BC:1E:DF:6D:8A:7D:56:2A:EE:20:E9:FF:5D:88
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1123409C392D2290E8E9AB3FA7BE15EB2EEB6CE1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5932154a-da33-40d9-9886-0bb7f0c712e9.roa
Signing time:             Wed 24 Sep 2025 19:51:36 +0000
ROA not before:           Wed 24 Sep 2025 19:51:36 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.227.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:23:40:9c:39:2d:22:90:e8:e9:ab:3f:a7:be:15:eb:2e:eb:6c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 19:51:36 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=c946a078e9e8a699fa6d9cad4e8d1c4085a94a753eb15877f7ac8640a030e44f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e3:02:d5:c2:2d:e0:fa:a1:be:a6:e1:f7:65:
                    89:f3:2a:52:83:60:d0:c7:ec:77:47:81:5a:ae:68:
                    0f:cf:6a:90:e0:c5:67:31:8e:9f:bb:3a:38:49:1b:
                    cd:11:a7:a6:f2:1a:e3:30:22:6e:10:f9:ca:58:29:
                    d3:a8:1c:11:f0:d6:56:c0:19:db:11:ba:aa:54:0c:
                    d3:37:3e:86:87:32:8e:dd:60:0d:03:81:27:9f:33:
                    2b:c8:20:ea:5b:af:dc:1f:2a:b0:5f:1a:12:d0:6e:
                    27:82:ed:14:6a:c7:5f:43:49:e8:61:ec:9a:08:44:
                    83:a0:03:f4:80:cf:51:28:cf:8d:c0:32:42:69:ba:
                    b8:71:dc:ba:bb:32:f3:af:89:2e:53:fa:0e:fd:27:
                    cf:87:b6:c1:97:89:88:dd:46:c6:e9:c1:78:8d:5e:
                    1f:77:cd:14:d3:65:94:af:c4:34:72:0f:df:bb:2e:
                    f8:e2:5c:99:d3:71:37:54:16:da:fb:37:66:bb:cc:
                    3a:e1:34:2a:ea:cb:58:35:54:f6:fa:b6:33:c7:d5:
                    41:d9:04:42:21:00:d2:54:9c:e1:a3:60:9a:fc:37:
                    5f:16:e8:38:bf:91:99:41:49:c5:5a:cc:9a:bc:b7:
                    dd:38:8e:c3:21:68:b2:41:13:b1:6e:83:b0:4c:c7:
                    40:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:DA:74:57:E9:87:BC:1E:DF:6D:8A:7D:56:2A:EE:20:E9:FF:5D:88
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5932154a-da33-40d9-9886-0bb7f0c712e9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.227.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:2a:f4:0b:cd:80:14:ff:35:c8:e3:c2:ef:74:a0:a8:65:01:
         f2:19:41:ab:4b:94:14:ca:21:a0:1e:74:23:32:fa:90:3f:f3:
         09:a7:15:56:e6:d0:54:67:14:ff:1e:11:36:40:5e:f5:76:2b:
         b5:d6:0e:5c:1e:7b:42:9a:57:11:a0:8f:86:08:2f:16:0e:30:
         d2:e0:cb:80:c5:57:ce:bd:49:b8:54:6c:29:f9:ec:f6:1b:01:
         ed:fb:96:43:de:d9:77:69:b3:c9:08:7f:62:2a:6f:c0:45:79:
         7a:cd:67:9d:56:7a:5f:cd:ca:09:4c:85:60:d3:11:98:b4:36:
         17:71:8a:fe:a5:15:6f:71:10:2a:f3:a5:81:14:70:26:a1:65:
         0a:3a:22:f0:08:b6:e7:64:d2:ff:79:ca:30:d6:c8:9f:ca:f3:
         53:f0:7f:1d:04:b3:2a:0d:57:27:e3:af:49:b4:f6:b0:1c:5d:
         ce:b1:37:28:f7:52:53:fc:3f:98:fd:bc:d2:93:4d:4e:0a:10:
         94:d5:f2:5a:3a:3d:90:b1:4d:dd:57:b4:49:ad:9e:3c:92:21:
         e6:5c:04:fe:e0:e4:ee:0b:0a:60:c3:76:bb:08:02:4c:92:ea:
         99:c5:c2:9a:f1:59:b2:22:93:d4:2a:73:6e:75:31:4f:32:79:
         10:cb:b4:5b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUESNAnDktIpDo6as/p74V6y7rbOEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTk1MTM2WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOTQ2YTA3OGU5ZThhNjk5ZmE2ZDljYWQ0ZThkMWM0MDg1
YTk0YTc1M2ViMTU4NzdmN2FjODY0MGEwMzBlNDRmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDe4wLVwi3g+qG+puH3ZYnzKlKDYNDH7HdHgVquaA/PapDg
xWcxjp+7OjhJG80Rp6byGuMwIm4Q+cpYKdOoHBHw1lbAGdsRuqpUDNM3PoaHMo7d
YA0DgSefMyvIIOpbr9wfKrBfGhLQbieC7RRqx19DSehh7JoIRIOgA/SAz1Eoz43A
MkJpurhx3Lq7MvOviS5T+g79J8+HtsGXiYjdRsbpwXiNXh93zRTTZZSvxDRyD9+7
LvjiXJnTcTdUFtr7N2a7zDrhNCrqy1g1VPb6tjPH1UHZBEIhANJUnOGjYJr8N18W
6Di/kZlBScVazJq8t904jsMhaLJBE7Fug7BMx0AJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUtp0V+mHvB7fbYp9ViruIOn/XYgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU5MzIxNTRhLWRhMzMtNDBkOS05ODg2LTBiYjdmMGM3MTJlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN46wwDQYJKoZIhvcNAQELBQADggEBAEkq9AvNgBT/Ncjjwu90oKhlAfIZ
QatLlBTKIaAedCMy+pA/8wmnFVbm0FRnFP8eETZAXvV2K7XWDlwee0KaVxGgj4YI
LxYOMNLgy4DFV869SbhUbCn57PYbAe37lkPe2Xdps8kIf2Iqb8BFeXrNZ51Wel/N
yglMhWDTEZi0Nhdxiv6lFW9xECrzpYEUcCahZQo6IvAItudk0v95yjDWyJ/K81Pw
fx0EsyoNVyfjr0m09rAcXc6xNyj3UlP8P5j9vNKTTU4KEJTV8lo6PZCxTd1XtEmt
njySIeZcBP7g5O4LCmDDdrsIAkyS6pnFwprxWbIik9Qqc251MU8yeRDLtFs=
-----END CERTIFICATE-----