Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/66885fad-54a1-4546-b595-e5e1fa9edb3c.roa
File:                     66885fad-54a1-4546-b595-e5e1fa9edb3c.roa (raw, json)
Hash identifier:          FdEp5nExyqVovTMMban3512ipxYIl2E4FE8H/qrMTnk=
Subject key identifier:   AB:6C:13:7B:F1:03:5C:C5:2E:EF:B5:96:8E:DE:EF:92:70:86:B3:7A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1684F016A78735173E15ECC35E92AC94D49965EB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/66885fad-54a1-4546-b595-e5e1fa9edb3c.roa
Signing time:             Wed 24 Sep 2025 18:37:03 +0000
ROA not before:           Wed 24 Sep 2025 18:37:03 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.33.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:84:f0:16:a7:87:35:17:3e:15:ec:c3:5e:92:ac:94:d4:99:65:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 18:37:03 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=4c9a00751546d6431f3acb5f12a15f47973a3306a81a9c95966f8f0bf86b1ab0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:f1:bf:01:0e:2f:21:fb:1f:ad:9c:0d:a2:0f:
                    95:53:e1:c4:7e:44:eb:d9:f3:fe:7a:bc:96:33:f9:
                    e3:f8:f1:68:14:eb:39:35:b8:c0:4b:b2:a3:87:f9:
                    c2:58:e1:d9:b6:99:bd:c3:95:eb:d2:09:ae:04:cb:
                    2d:58:ed:63:b9:5e:fe:83:d3:cf:54:fb:fe:2c:f1:
                    87:1a:69:99:a5:6a:c3:53:f8:1e:5a:45:75:fb:5f:
                    88:a1:0c:58:ec:af:42:1c:c6:be:f9:76:04:18:67:
                    84:24:fd:fd:8b:df:2b:f0:82:c1:97:30:c4:02:c0:
                    ad:62:9a:c9:51:9e:4f:35:05:10:db:be:45:c1:59:
                    fd:87:7c:75:67:de:eb:b2:b5:2d:5b:6d:2e:3a:19:
                    b8:79:a4:eb:0d:1d:bd:90:62:2a:9a:a0:ec:02:d3:
                    f3:8c:f6:72:4d:8d:ef:7b:bc:e2:d5:93:54:ea:3e:
                    6c:78:7c:05:8c:b9:f7:65:d2:cd:62:19:ac:48:49:
                    32:2c:66:86:0a:6b:83:5d:20:0e:65:53:c6:d6:82:
                    65:bc:cd:1c:1b:9d:bb:85:5c:d5:80:7d:6b:5f:48:
                    47:34:5b:80:8d:d8:54:83:dd:35:16:67:42:24:28:
                    aa:11:f9:c8:7b:d6:96:e5:0b:4d:b5:21:08:f3:39:
                    03:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:6C:13:7B:F1:03:5C:C5:2E:EF:B5:96:8E:DE:EF:92:70:86:B3:7A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/66885fad-54a1-4546-b595-e5e1fa9edb3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.33.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:85:25:e0:11:00:4d:a3:a7:f6:ce:0b:bf:28:ed:35:83:56:
         84:09:3b:0e:e9:80:af:73:1d:3a:bf:1e:48:c0:ac:de:e1:3d:
         cb:d8:28:b7:a3:d6:56:44:4b:90:d4:8e:9d:81:6e:83:d8:3f:
         df:f5:25:ab:d8:37:66:0f:9a:61:b3:cd:64:ae:b9:f3:c5:97:
         83:26:09:40:24:7e:28:44:21:2a:02:57:6c:c0:b1:17:d5:e4:
         63:6f:dd:22:a2:0f:32:7c:04:f7:7a:34:85:eb:4a:0c:f7:4c:
         a0:39:e6:4a:d5:a2:87:2d:e4:86:56:94:2b:60:1b:73:2e:a6:
         95:e5:df:01:85:8b:97:3b:14:05:42:2d:5c:54:47:4c:64:bb:
         e8:90:8f:07:f7:58:d9:b0:9c:eb:48:f8:3a:28:aa:e8:38:9c:
         9c:38:7c:81:cd:6c:f1:89:78:30:e4:09:f5:07:82:70:87:69:
         5d:89:41:c7:4c:be:30:f5:91:0b:1c:d2:29:69:05:e3:0d:9a:
         07:b4:93:78:a6:0b:09:f3:04:03:07:c0:01:80:53:6c:b7:33:
         5a:36:ff:64:e4:98:43:24:85:53:62:cd:bf:d0:f0:ed:c2:2d:
         14:6d:c3:b6:38:50:4c:ba:d9:5b:24:d0:de:bb:b9:68:65:a3:
         ca:57:30:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFoTwFqeHNRc+FezDXpKslNSZZeswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTgzNzAzWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YzlhMDA3NTE1NDZkNjQzMWYzYWNiNWYxMmExNWY0Nzk3
M2EzMzA2YTgxYTljOTU5NjZmOGYwYmY4NmIxYWIwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDF8b8BDi8h+x+tnA2iD5VT4cR+ROvZ8/56vJYz+eP48WgU
6zk1uMBLsqOH+cJY4dm2mb3DlevSCa4Eyy1Y7WO5Xv6D089U+/4s8YcaaZmlasNT
+B5aRXX7X4ihDFjsr0Icxr75dgQYZ4Qk/f2L3yvwgsGXMMQCwK1imslRnk81BRDb
vkXBWf2HfHVn3uuytS1bbS46Gbh5pOsNHb2QYiqaoOwC0/OM9nJNje97vOLVk1Tq
Pmx4fAWMufdl0s1iGaxISTIsZoYKa4NdIA5lU8bWgmW8zRwbnbuFXNWAfWtfSEc0
W4CN2FSD3TUWZ0IkKKoR+ch71pblC021IQjzOQNXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUq2wTe/EDXMUu77WWjt7vknCGs3owHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY2ODg1ZmFkLTU0YTEtNDU0Ni1iNTk1LWU1ZTFmYTllZGIzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAINIXgwDQYJKoZIhvcNAQELBQADggEBAC+FJeARAE2jp/bOC78o7TWDVoQJ
Ow7pgK9zHTq/HkjArN7hPcvYKLej1lZES5DUjp2BboPYP9/1JavYN2YPmmGzzWSu
ufPFl4MmCUAkfihEISoCV2zAsRfV5GNv3SKiDzJ8BPd6NIXrSgz3TKA55krVooct
5IZWlCtgG3MuppXl3wGFi5c7FAVCLVxUR0xku+iQjwf3WNmwnOtI+Dooqug4nJw4
fIHNbPGJeDDkCfUHgnCHaV2JQcdMvjD1kQsc0ilpBeMNmge0k3imCwnzBAMHwAGA
U2y3M1o2/2TkmEMkhVNizb/Q8O3CLRRtw7Y4UEy62Vsk0N67uWhlo8pXMGY=
-----END CERTIFICATE-----