Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5fdf7ab4-02a3-4473-879e-629770051a7c.roa
File:                     5fdf7ab4-02a3-4473-879e-629770051a7c.roa (raw, json)
Hash identifier:          o+5izwRSc9pCM/XL94UhzWjFJ9vg/XfFZ58Eum+Y3zY=
Subject key identifier:   CB:13:61:68:9E:0F:A3:43:FA:92:C9:63:89:54:C5:9A:66:A7:8E:79
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       086ECB44D800FE02620BD8032DF6FE19978B958F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5fdf7ab4-02a3-4473-879e-629770051a7c.roa
Signing time:             Wed 24 Sep 2025 19:56:00 +0000
ROA not before:           Wed 24 Sep 2025 19:56:00 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.227.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:6e:cb:44:d8:00:fe:02:62:0b:d8:03:2d:f6:fe:19:97:8b:95:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 19:56:00 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=8a6d1907f20fe7203b66625eb036bf5396c43ed0e0378f0756a8b8e93b10ffee, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:59:b6:88:62:79:98:10:8b:cc:91:85:f6:8c:
                    94:71:56:90:7c:5a:dd:ef:02:8e:3b:7b:25:51:a0:
                    86:f1:0f:94:b2:23:28:24:c7:01:83:cb:f1:e5:b2:
                    2a:0f:56:db:d7:4e:aa:d1:0d:16:37:f9:c5:c2:b9:
                    9a:a4:d9:d9:42:ad:e9:96:d9:2d:3c:58:0c:b9:d3:
                    28:83:16:2f:5d:0c:89:88:65:9d:5d:6d:62:e0:96:
                    94:f4:11:84:44:67:57:df:51:4d:45:f6:4b:80:00:
                    51:54:1c:fb:ee:13:f5:ac:60:49:bb:b3:8a:ee:d5:
                    65:24:c9:de:d6:90:5d:a7:40:51:48:9d:d7:c2:24:
                    a2:6d:42:af:12:59:b5:c7:58:a6:d0:0c:50:7f:ca:
                    84:e2:5a:d5:fb:17:de:4f:46:3b:91:5f:bf:64:a6:
                    d1:90:45:6c:f5:55:13:2e:e6:1a:a7:79:2b:8f:74:
                    f4:60:9c:af:bf:92:d7:fe:36:2c:2b:27:8b:e9:15:
                    9b:67:b2:12:d0:5e:58:92:0a:33:70:1a:02:f7:bc:
                    bb:0c:82:7f:7c:b2:6f:2b:b9:ef:30:43:49:bc:73:
                    7e:23:b6:8b:3c:c9:3c:9b:dc:7b:b1:95:82:48:bb:
                    99:58:d1:4e:5c:9f:16:3b:32:16:4f:3a:3d:35:85:
                    2a:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:13:61:68:9E:0F:A3:43:FA:92:C9:63:89:54:C5:9A:66:A7:8E:79
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5fdf7ab4-02a3-4473-879e-629770051a7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.227.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:23:e6:7d:f4:e9:28:ed:72:f0:e4:6c:1a:5e:0e:e0:b8:b9:
         61:57:29:88:8a:29:47:d3:a1:f6:8a:6b:34:bb:79:2a:a3:f7:
         c0:ae:2d:04:3d:d4:36:f2:24:16:00:8b:d6:16:f7:5a:7e:8d:
         da:1f:a0:80:a3:c7:4b:7f:7c:91:cd:07:76:e9:1a:f2:a4:b1:
         a6:cd:63:26:55:a8:b1:e6:81:62:2d:ea:4d:f8:76:7f:d9:48:
         93:86:c0:48:a3:e7:fb:4e:fb:a5:c9:b4:fb:16:49:9e:e0:f8:
         8e:42:77:6f:7a:2e:1e:e3:b7:58:81:4c:e3:66:9a:e4:1e:4e:
         35:c2:6c:a6:9e:8d:ff:b7:ae:bb:a5:5e:32:bf:b5:87:20:3a:
         67:53:fa:91:d1:29:54:2a:28:f2:07:6b:e7:0b:97:1f:c3:69:
         64:65:16:b4:d9:93:77:93:b8:16:08:55:cd:c3:34:28:67:11:
         30:16:ed:19:9a:40:5b:13:e1:1e:36:af:d1:96:4a:61:a5:65:
         b3:50:19:e5:30:29:7d:35:41:62:81:dd:4a:1f:75:0c:c5:a2:
         25:b3:fb:90:66:17:8b:1a:25:95:68:76:ae:62:9f:fa:9f:a0:
         a0:b3:21:83:9d:7a:e6:83:e7:cd:58:89:23:09:70:a5:f8:2e:
         87:16:a5:ee
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCG7LRNgA/gJiC9gDLfb+GZeLlY8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTk1NjAwWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YTZkMTkwN2YyMGZlNzIwM2I2NjYyNWViMDM2YmY1Mzk2
YzQzZWQwZTAzNzhmMDc1NmE4YjhlOTNiMTBmZmVlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAWbaIYnmYEIvMkYX2jJRxVpB8Wt3vAo47eyVRoIbxD5Sy
IygkxwGDy/HlsioPVtvXTqrRDRY3+cXCuZqk2dlCremW2S08WAy50yiDFi9dDImI
ZZ1dbWLglpT0EYREZ1ffUU1F9kuAAFFUHPvuE/WsYEm7s4ru1WUkyd7WkF2nQFFI
ndfCJKJtQq8SWbXHWKbQDFB/yoTiWtX7F95PRjuRX79kptGQRWz1VRMu5hqneSuP
dPRgnK+/ktf+NiwrJ4vpFZtnshLQXliSCjNwGgL3vLsMgn98sm8rue8wQ0m8c34j
tos8yTyb3HuxlYJIu5lY0U5cnxY7MhZPOj01hSpTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyxNhaJ4Po0P6ksljiVTFmmanjnkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVmZGY3YWI0LTAyYTMtNDQ3My04NzllLTYyOTc3MDA1MWE3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN4/gwDQYJKoZIhvcNAQELBQADggEBAJUj5n306SjtcvDkbBpeDuC4uWFX
KYiKKUfTofaKazS7eSqj98CuLQQ91DbyJBYAi9YW91p+jdofoICjx0t/fJHNB3bp
GvKksabNYyZVqLHmgWIt6k34dn/ZSJOGwEij5/tO+6XJtPsWSZ7g+I5Cd296Lh7j
t1iBTONmmuQeTjXCbKaejf+3rrulXjK/tYcgOmdT+pHRKVQqKPIHa+cLlx/DaWRl
FrTZk3eTuBYIVc3DNChnETAW7RmaQFsT4R42r9GWSmGlZbNQGeUwKX01QWKB3Uof
dQzFoiWz+5BmF4saJZVodq5in/qfoKCzIYOdeuaD581YiSMJcKX4LocWpe4=
-----END CERTIFICATE-----