Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6897304f-338e-40d6-90ca-164ea51fba9b.roa
File:                     6897304f-338e-40d6-90ca-164ea51fba9b.roa (raw, json)
Hash identifier:          bm/mARV7XzPNUIftYYjbFGeLeZe7rt6Egd5YA/Cep0s=
Subject key identifier:   77:25:EB:60:F1:10:F2:E9:3F:17:92:1B:2A:B2:AE:5C:BC:3D:59:5F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       057EFDD041A5E773C6AFD7CB4643AEF4FDFC767C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6897304f-338e-40d6-90ca-164ea51fba9b.roa
Signing time:             Wed 24 Sep 2025 17:46:44 +0000
ROA not before:           Wed 24 Sep 2025 17:46:44 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.33.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:7e:fd:d0:41:a5:e7:73:c6:af:d7:cb:46:43:ae:f4:fd:fc:76:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 17:46:44 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=49ce08fad9cbe4993b8229b20c3b735e336cbc5185482e34037f16ce7933a7d9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:51:fd:c9:d3:bd:f0:16:79:f6:e2:aa:af:3a:
                    3f:d8:8f:5f:c8:4b:59:ed:7b:26:66:94:03:f6:97:
                    e9:c0:89:dd:6d:d2:5e:29:60:d3:18:69:c1:75:3b:
                    c9:f1:37:0e:d1:7f:55:76:f9:9f:8d:99:3a:88:e1:
                    6c:ae:74:0d:b2:e8:0d:2e:7d:08:94:69:dc:80:f1:
                    c6:45:60:ca:1d:28:ef:b2:a5:eb:c6:39:fc:72:e9:
                    45:7b:08:42:e2:f6:49:30:95:5d:b6:11:8b:26:96:
                    2d:6f:32:40:55:41:97:b1:90:7b:ac:d0:94:63:e0:
                    a1:36:fc:f3:b3:99:f4:cd:3c:0c:ca:4a:f0:3e:62:
                    12:9f:0f:e5:b6:07:97:57:5f:72:d8:a4:10:c7:37:
                    0b:8b:9a:a2:8f:1f:9e:2f:4f:05:ab:7d:b7:cb:72:
                    3c:27:12:1c:34:22:56:a3:9c:da:30:90:56:e2:8c:
                    03:98:ac:7a:3f:2f:4f:ac:4e:7c:46:16:9a:9c:29:
                    f6:fc:bf:86:29:f3:ff:66:5f:b5:93:03:c5:ed:1a:
                    2e:f7:a9:63:0f:90:e9:12:6b:64:ae:90:11:0d:fa:
                    73:0d:8c:66:9e:55:0f:ac:da:30:97:4c:ad:62:2e:
                    91:f8:c9:3f:72:90:36:95:e7:54:ee:33:54:ca:30:
                    43:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:25:EB:60:F1:10:F2:E9:3F:17:92:1B:2A:B2:AE:5C:BC:3D:59:5F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6897304f-338e-40d6-90ca-164ea51fba9b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.33.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:1a:80:fb:19:eb:3c:ff:a3:9d:f9:48:d1:4d:97:d7:df:91:
         72:f8:c3:4b:e2:53:ad:01:7e:8a:b7:c8:5c:7d:f3:0a:2d:ae:
         db:34:9f:f6:87:2d:45:e3:94:ba:2f:8e:f4:b8:ae:7d:c8:0b:
         f2:17:43:ac:b7:61:0b:3a:92:a3:84:b3:57:13:36:5c:b1:87:
         33:55:bc:b9:6a:6b:3e:45:5f:8c:c2:b5:d7:d4:4f:a3:3b:79:
         2f:c0:97:7e:8b:9d:d4:53:2b:31:3c:a3:e0:7a:45:1c:27:c1:
         98:2d:51:03:f9:1a:cc:25:8e:91:8d:7e:7c:87:fe:41:45:71:
         e7:70:64:d0:7e:23:9a:f5:99:27:b9:c7:2a:4f:56:82:91:73:
         0e:49:3e:b7:b8:63:b9:23:94:41:2a:dc:95:84:0d:48:e5:e8:
         ca:d6:9a:e7:e5:99:56:cb:26:05:c7:df:8a:f2:13:56:6b:3a:
         bb:d7:09:c0:da:da:5a:2b:fc:26:c1:b9:a5:ea:64:08:25:e1:
         32:5d:bc:36:7b:5a:c3:da:d9:a6:ec:ac:5a:cf:a6:ff:56:8b:
         2b:b7:c1:34:0f:9d:d9:f1:8c:ea:72:d0:e9:ab:4b:34:b1:16:
         bb:ac:13:4c:97:1c:b1:b7:99:2b:18:67:48:a6:92:9a:05:f0:
         c4:d9:bf:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBX790EGl53PGr9fLRkOu9P38dnwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTc0NjQ0WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OWNlMDhmYWQ5Y2JlNDk5M2I4MjI5YjIwYzNiNzM1ZTMz
NmNiYzUxODU0ODJlMzQwMzdmMTZjZTc5MzNhN2Q5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOUf3J073wFnn24qqvOj/Yj1/IS1nteyZmlAP2l+nAid1t
0l4pYNMYacF1O8nxNw7Rf1V2+Z+NmTqI4WyudA2y6A0ufQiUadyA8cZFYModKO+y
pevGOfxy6UV7CELi9kkwlV22EYsmli1vMkBVQZexkHus0JRj4KE2/POzmfTNPAzK
SvA+YhKfD+W2B5dXX3LYpBDHNwuLmqKPH54vTwWrfbfLcjwnEhw0IlajnNowkFbi
jAOYrHo/L0+sTnxGFpqcKfb8v4Yp8/9mX7WTA8XtGi73qWMPkOkSa2SukBEN+nMN
jGaeVQ+s2jCXTK1iLpH4yT9ykDaV51TuM1TKMEPrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdyXrYPEQ8uk/F5IbKrKuXLw9WV8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY4OTczMDRmLTMzOGUtNDBkNi05MGNhLTE2NGVhNTFmYmE5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANIQQwDQYJKoZIhvcNAQELBQADggEBACMagPsZ6zz/o535SNFNl9ffkXL4
w0viU60Bfoq3yFx98wotrts0n/aHLUXjlLovjvS4rn3IC/IXQ6y3YQs6kqOEs1cT
NlyxhzNVvLlqaz5FX4zCtdfUT6M7eS/Al36LndRTKzE8o+B6RRwnwZgtUQP5Gswl
jpGNfnyH/kFFcedwZNB+I5r1mSe5xypPVoKRcw5JPre4Y7kjlEEq3JWEDUjl6MrW
muflmVbLJgXH34ryE1ZrOrvXCcDa2lor/CbBuaXqZAgl4TJdvDZ7WsPa2absrFrP
pv9Wiyu3wTQPndnxjOpy0OmrSzSxFrusE0yXHLG3mSsYZ0imkpoF8MTZv38=
-----END CERTIFICATE-----