Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/637e665c-4693-48ba-8ef6-9f7b563ca992.roa
File:                     637e665c-4693-48ba-8ef6-9f7b563ca992.roa (raw, json)
Hash identifier:          bFbKMajviNogbXRWsuVkpJF3Vi9LLF1xYXb1Xip18Fs=
Subject key identifier:   B0:FF:CC:DE:D4:3B:5C:12:05:1A:B8:C0:34:C7:0B:A8:75:15:62:51
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       10AF4B9D2B58ABC41748333E25798DA901F825D7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/637e665c-4693-48ba-8ef6-9f7b563ca992.roa
Signing time:             Wed 24 Sep 2025 18:10:53 +0000
ROA not before:           Wed 24 Sep 2025 18:10:53 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.204.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:af:4b:9d:2b:58:ab:c4:17:48:33:3e:25:79:8d:a9:01:f8:25:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 18:10:53 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=4f221d7837a952ca1ec1a60f607a1da965fca1df86651f8ed146fa7ac4e897a2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ef:fa:79:b2:28:d8:cd:89:c9:87:81:e3:c0:
                    35:2e:83:90:65:53:3e:65:fa:3b:d2:c8:99:ab:6e:
                    9d:fa:9f:87:d2:de:64:04:d6:24:3b:99:cb:f7:a3:
                    e5:76:0f:24:2a:36:f8:8e:e0:58:43:14:c0:ab:a0:
                    4c:59:44:cd:e0:e3:51:83:a3:ea:92:62:88:09:80:
                    75:de:37:e7:35:e8:60:07:7d:a4:b4:5e:78:d0:9c:
                    4f:e7:51:fc:a0:09:33:ba:ad:c5:7a:c3:81:df:7e:
                    70:af:12:e5:4c:65:d8:e4:fe:a1:a7:f2:1f:f5:53:
                    54:8f:5d:81:02:5a:36:d5:6c:0e:44:fd:eb:1b:00:
                    4d:74:e0:4e:0b:7a:00:c0:7f:e0:0c:e1:97:7d:90:
                    ad:1a:d9:5c:46:ca:6d:0f:01:42:9c:e0:0f:f3:a7:
                    49:3c:3b:9b:69:fd:0d:69:a3:1b:fc:53:56:64:a9:
                    ef:e6:68:50:b0:06:80:ce:1b:a1:67:7d:9f:26:8e:
                    10:1b:af:58:ef:19:e4:4d:53:40:45:cb:6f:11:4a:
                    28:2d:9b:2d:f1:13:e7:89:fc:15:24:86:31:ed:2d:
                    10:77:67:5c:6d:ac:33:68:4d:59:f9:f0:af:dd:ec:
                    7f:16:95:1e:1f:77:f0:44:7b:7d:9c:f4:03:72:2c:
                    17:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:FF:CC:DE:D4:3B:5C:12:05:1A:B8:C0:34:C7:0B:A8:75:15:62:51
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/637e665c-4693-48ba-8ef6-9f7b563ca992.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:9b:d5:5b:b6:ee:06:39:c7:a2:a4:04:3e:56:e1:9c:3d:a5:
         62:f8:47:ae:b3:d9:fd:79:8b:53:59:1d:50:23:20:b4:bc:38:
         0c:db:9a:21:a2:93:7a:83:af:4a:69:77:35:9c:af:30:90:ae:
         c5:06:5b:19:b3:41:7e:12:3b:d3:13:c1:ac:9d:43:49:be:f1:
         92:57:47:ee:fc:bc:31:4b:2d:70:c3:39:94:71:b9:9e:a1:4a:
         da:3e:fb:0b:77:03:86:8f:34:ad:fa:9c:3e:5d:25:a6:ee:4e:
         1c:a5:53:8c:bb:6c:89:a0:c0:fc:e0:05:29:5d:e6:c0:90:96:
         53:5b:83:d0:74:c0:0b:97:5e:f7:36:e1:c1:4e:81:86:a9:39:
         e9:c0:a8:49:a7:7c:1e:b0:85:4a:4e:cb:77:90:37:69:8d:66:
         82:fe:a4:89:fd:3a:6b:a0:f4:5f:6f:a9:c3:78:81:85:1b:cc:
         68:35:99:85:01:5f:fd:5f:32:95:b8:80:43:05:b2:dc:3d:de:
         9e:61:8c:7c:7b:18:64:8d:7b:7f:aa:5f:07:d9:c3:28:4e:6e:
         50:c0:a4:27:df:54:2b:75:2e:1b:b0:7f:97:ce:40:7b:d0:c8:
         aa:4a:a9:b5:b3:6e:92:bf:68:ed:47:61:34:5b:3d:09:4c:ab:
         16:3d:ce:2a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEK9LnStYq8QXSDM+JXmNqQH4JdcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTgxMDUzWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZjIyMWQ3ODM3YTk1MmNhMWVjMWE2MGY2MDdhMWRhOTY1
ZmNhMWRmODY2NTFmOGVkMTQ2ZmE3YWM0ZTg5N2EyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCb7/p5sijYzYnJh4HjwDUug5BlUz5l+jvSyJmrbp36n4fS
3mQE1iQ7mcv3o+V2DyQqNviO4FhDFMCroExZRM3g41GDo+qSYogJgHXeN+c16GAH
faS0XnjQnE/nUfygCTO6rcV6w4HffnCvEuVMZdjk/qGn8h/1U1SPXYECWjbVbA5E
/esbAE104E4LegDAf+AM4Zd9kK0a2VxGym0PAUKc4A/zp0k8O5tp/Q1poxv8U1Zk
qe/maFCwBoDOG6FnfZ8mjhAbr1jvGeRNU0BFy28RSigtmy3xE+eJ/BUkhjHtLRB3
Z1xtrDNoTVn58K/d7H8WlR4fd/BEe32c9ANyLBdjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsP/M3tQ7XBIFGrjANMcLqHUVYlEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzYzN2U2NjVjLTQ2OTMtNDhiYS04ZWY2LTlmN2I1NjNjYTk5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAENIMwwDQYJKoZIhvcNAQELBQADggEBAI+b1Vu27gY5x6KkBD5W4Zw9pWL4
R66z2f15i1NZHVAjILS8OAzbmiGik3qDr0ppdzWcrzCQrsUGWxmzQX4SO9MTwayd
Q0m+8ZJXR+78vDFLLXDDOZRxuZ6hSto++wt3A4aPNK36nD5dJabuThylU4y7bImg
wPzgBSld5sCQllNbg9B0wAuXXvc24cFOgYapOenAqEmnfB6whUpOy3eQN2mNZoL+
pIn9Omug9F9vqcN4gYUbzGg1mYUBX/1fMpW4gEMFstw93p5hjHx7GGSNe3+qXwfZ
wyhOblDApCffVCt1Lhuwf5fOQHvQyKpKqbWzbpK/aO1HYTRbPQlMqxY9zio=
-----END CERTIFICATE-----