Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/67fb55d5-aae3-4f98-9618-2c8f9e44515a.roa
File:                     67fb55d5-aae3-4f98-9618-2c8f9e44515a.roa (raw, json)
Hash identifier:          JZmdjV9L/A/cnDfDlYUAeTnfq/BFp6ztSgboicG0wBo=
Subject key identifier:   BC:A6:92:DD:FC:EC:41:35:A7:69:EF:68:22:D7:C9:C3:3F:E2:F1:07
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7ECF4DB837E4D05A756BC327C6182BDD275FBA70
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/67fb55d5-aae3-4f98-9618-2c8f9e44515a.roa
Signing time:             Wed 24 Sep 2025 17:58:02 +0000
ROA not before:           Wed 24 Sep 2025 17:58:02 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.35.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:cf:4d:b8:37:e4:d0:5a:75:6b:c3:27:c6:18:2b:dd:27:5f:ba:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 17:58:02 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=8c38ade3728cac702bb156f5002af928792dfa0d4ee12313debe33c955d75071, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:aa:dd:76:bc:a2:c3:5e:eb:52:e3:80:99:3a:
                    b1:47:ca:2d:d8:f2:a5:cd:59:5d:d5:77:47:67:78:
                    96:5b:1d:c7:6e:af:e9:7b:c4:92:dd:5c:ae:7b:33:
                    46:f1:e1:fe:71:58:e2:f0:39:57:9a:18:30:c5:e4:
                    a2:34:d9:eb:41:e3:46:b2:5b:26:33:23:8b:42:15:
                    6d:d6:56:ee:e6:ca:2e:12:e0:6c:fb:60:a0:96:b4:
                    2d:84:10:e4:24:45:72:bc:ee:02:4d:00:e1:27:9a:
                    2b:61:a3:e4:c2:56:08:8e:d4:a2:3d:c6:6c:fb:a6:
                    e0:a8:21:ee:6f:8c:5d:66:ee:ed:90:24:d7:7c:d4:
                    24:91:d8:eb:7c:a2:b0:d2:89:a7:fa:12:37:40:79:
                    e9:f0:e4:9c:20:51:33:21:74:36:e4:8c:37:75:a5:
                    0e:f2:85:82:f7:05:4a:f2:06:b4:29:58:c9:15:bc:
                    b2:b4:f6:0c:09:13:aa:1b:d8:b3:79:a6:3d:5f:3a:
                    d1:2f:33:de:01:8d:15:05:6e:67:96:ca:34:5e:ec:
                    eb:2e:5f:20:02:89:87:5b:fa:69:0b:03:57:3c:25:
                    62:86:e4:7d:75:54:cf:74:f6:26:c1:e0:10:e3:43:
                    e5:81:51:36:a8:af:a8:2a:17:cf:7a:ae:b0:82:e9:
                    a1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:A6:92:DD:FC:EC:41:35:A7:69:EF:68:22:D7:C9:C3:3F:E2:F1:07
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/67fb55d5-aae3-4f98-9618-2c8f9e44515a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.35.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:2e:4d:34:c3:ed:2d:4e:54:02:88:ff:e9:02:99:e1:9b:d8:
         b1:05:68:f9:63:b8:4d:0c:5f:33:01:42:02:73:8e:a3:c9:fb:
         95:f1:32:05:28:43:f3:a5:1e:fc:4d:3a:1f:e6:88:8b:ee:9b:
         ae:36:aa:a8:cc:2d:b8:86:95:0a:58:22:31:84:22:0d:1f:69:
         c7:57:3d:f6:fb:ba:af:08:59:a3:6c:17:6f:05:6f:f4:81:c4:
         2f:38:6e:fe:04:11:74:bf:cc:de:05:7a:4d:09:7e:97:88:c8:
         0b:98:91:68:e0:0e:6a:4f:42:b0:41:ce:a4:ca:ed:e6:4c:4b:
         62:86:d9:67:b4:7f:35:32:5a:d0:27:61:0f:55:34:d2:b1:99:
         c5:be:25:09:0b:f5:34:c3:d7:cf:47:a0:2a:53:1f:b5:ad:09:
         bf:f4:0a:dc:7d:fd:26:d8:c7:2a:3b:a3:d5:bc:9b:4e:37:86:
         d2:7c:52:5a:44:6f:b3:26:2c:62:78:ab:6f:57:ab:f7:5f:d3:
         32:bc:a5:02:6c:a7:f7:01:96:a6:04:17:41:a7:07:2e:8e:70:
         de:78:c2:ad:72:6a:05:a1:82:52:5e:f3:46:be:f8:eb:6f:4a:
         a0:43:3c:be:ce:ef:24:68:1c:9a:ee:1c:71:ba:77:2c:24:1e:
         76:98:e8:4a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfs9NuDfk0Fp1a8Mnxhgr3SdfunAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTc1ODAyWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YzM4YWRlMzcyOGNhYzcwMmJiMTU2ZjUwMDJhZjkyODc5
MmRmYTBkNGVlMTIzMTNkZWJlMzNjOTU1ZDc1MDcxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSqt12vKLDXutS44CZOrFHyi3Y8qXNWV3Vd0dneJZbHcdu
r+l7xJLdXK57M0bx4f5xWOLwOVeaGDDF5KI02etB40ayWyYzI4tCFW3WVu7myi4S
4Gz7YKCWtC2EEOQkRXK87gJNAOEnmitho+TCVgiO1KI9xmz7puCoIe5vjF1m7u2Q
JNd81CSR2Ot8orDSiaf6EjdAeenw5JwgUTMhdDbkjDd1pQ7yhYL3BUryBrQpWMkV
vLK09gwJE6ob2LN5pj1fOtEvM94BjRUFbmeWyjRe7OsuXyACiYdb+mkLA1c8JWKG
5H11VM909ibB4BDjQ+WBUTaor6gqF896rrCC6aHlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvKaS3fzsQTWnae9oItfJwz/i8QcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY3ZmI1NWQ1LWFhZTMtNGY5OC05NjE4LTJjOGY5ZTQ0NTE1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANI8owDQYJKoZIhvcNAQELBQADggEBAK8uTTTD7S1OVAKI/+kCmeGb2LEF
aPljuE0MXzMBQgJzjqPJ+5XxMgUoQ/OlHvxNOh/miIvum642qqjMLbiGlQpYIjGE
Ig0facdXPfb7uq8IWaNsF28Fb/SBxC84bv4EEXS/zN4Fek0JfpeIyAuYkWjgDmpP
QrBBzqTK7eZMS2KG2We0fzUyWtAnYQ9VNNKxmcW+JQkL9TTD189HoCpTH7WtCb/0
Ctx9/SbYxyo7o9W8m043htJ8UlpEb7MmLGJ4q29Xq/df0zK8pQJsp/cBlqYEF0Gn
By6OcN54wq1yagWhglJe80a++OtvSqBDPL7O7yRoHJruHHG6dywkHnaY6Eo=
-----END CERTIFICATE-----