Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/68fa5224-9ac3-4333-be71-5c9b00314083.roa
File:                     68fa5224-9ac3-4333-be71-5c9b00314083.roa (raw, json)
Hash identifier:          QkNO5zbsL4WNr0lQr11axjznuPsc4+ewKlG8N+WfPTo=
Subject key identifier:   B3:85:F1:38:E9:39:E8:71:F0:9A:70:EC:44:DE:F7:DE:C3:D5:60:A6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6ED7C424A7FC66F326789930232203D2466F5938
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/68fa5224-9ac3-4333-be71-5c9b00314083.roa
Signing time:             Wed 24 Sep 2025 17:55:41 +0000
ROA not before:           Wed 24 Sep 2025 17:55:41 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.35.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:d7:c4:24:a7:fc:66:f3:26:78:99:30:23:22:03:d2:46:6f:59:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 17:55:41 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=e54f93846b98cf04c8f3c16a82f4e7b616dedbf3b8638edca51cc5e8a78eeaca, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:96:be:03:e0:23:4f:b1:36:9f:01:73:0f:4e:
                    b0:4b:bd:6d:46:62:3d:43:02:b1:89:21:ac:33:9a:
                    a2:63:0f:73:60:da:d5:5e:44:af:69:7a:f7:d7:3e:
                    d4:5d:f2:f7:d8:a7:31:6e:1a:df:04:f4:3f:df:f8:
                    4e:ef:5a:2c:17:b8:a1:dc:dd:0c:0b:8b:8c:ff:64:
                    76:ad:e6:1e:38:c7:20:7a:54:f3:63:df:24:e4:d0:
                    42:96:2c:47:ec:10:64:e1:54:66:bd:1e:2f:7b:68:
                    a6:c8:55:f8:42:e9:3f:e0:b9:ad:da:fb:cd:17:d4:
                    84:3b:3e:3d:91:18:91:1d:54:6a:d8:32:07:5d:bd:
                    eb:5f:e2:02:c0:c8:41:3e:bc:17:dc:34:32:e9:ed:
                    94:a3:5e:a5:46:6f:1d:ab:14:07:4a:2d:a6:e3:f5:
                    63:d6:4e:db:d1:27:8b:b6:e4:b4:3f:c2:24:81:5e:
                    b2:e1:f1:9b:b4:84:12:6c:5a:ad:b4:c9:75:f5:d6:
                    4e:19:05:b0:15:d3:7b:e9:71:be:ea:93:4f:d0:18:
                    50:09:73:e3:62:9b:16:4e:7d:17:62:a7:af:c7:45:
                    c5:d0:e1:b0:3a:8a:b2:2a:a3:66:5f:58:ae:3c:98:
                    b5:85:5b:45:f5:48:cc:7c:8f:a7:fa:64:9e:41:11:
                    9c:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:85:F1:38:E9:39:E8:71:F0:9A:70:EC:44:DE:F7:DE:C3:D5:60:A6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/68fa5224-9ac3-4333-be71-5c9b00314083.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.35.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:a3:18:eb:c0:b7:72:dd:17:15:ce:be:1c:c6:af:4a:10:17:
         bf:6d:79:57:60:6f:ff:00:b9:ae:5c:bc:52:75:90:3b:27:3a:
         f2:75:23:af:3a:7b:53:44:45:de:92:62:e7:25:e3:6f:e9:8b:
         26:f1:29:a7:bd:c0:81:42:10:fd:8a:b4:0d:16:52:99:14:77:
         39:ee:ff:49:e9:9c:b9:db:20:0f:32:19:33:a6:15:57:65:37:
         8a:ca:ef:0f:3a:60:cf:ff:81:5a:e3:0c:0c:c1:7a:e8:42:6f:
         7c:d4:32:6c:a3:ff:ad:06:9a:c1:2c:f0:09:1b:00:75:d5:9d:
         9a:41:f4:f0:49:ba:0e:2a:7a:dc:d5:00:9a:a4:ba:18:a3:c8:
         75:99:fc:51:5e:60:94:38:5f:b9:33:67:45:29:3a:86:61:02:
         27:83:87:9b:82:e0:9e:f5:00:b0:90:f7:ba:19:30:16:66:00:
         4a:17:7f:92:a5:d3:ce:bd:fa:b9:fe:e4:97:4d:bf:ce:a4:b3:
         84:e8:0a:7b:34:50:62:79:7e:ea:69:b7:76:a2:c8:40:13:68:
         b5:62:8b:cc:4b:75:cd:b6:0c:30:5c:98:b9:d7:6a:65:4f:ca:
         f4:36:e4:ae:71:f2:2b:86:97:b3:ad:2b:86:96:75:63:e1:03:
         5f:c7:50:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbtfEJKf8ZvMmeJkwIyID0kZvWTgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTc1NTQxWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTRmOTM4NDZiOThjZjA0YzhmM2MxNmE4MmY0ZTdiNjE2
ZGVkYmYzYjg2MzhlZGNhNTFjYzVlOGE3OGVlYWNhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLlr4D4CNPsTafAXMPTrBLvW1GYj1DArGJIawzmqJjD3Ng
2tVeRK9pevfXPtRd8vfYpzFuGt8E9D/f+E7vWiwXuKHc3QwLi4z/ZHat5h44xyB6
VPNj3yTk0EKWLEfsEGThVGa9Hi97aKbIVfhC6T/gua3a+80X1IQ7Pj2RGJEdVGrY
Mgddvetf4gLAyEE+vBfcNDLp7ZSjXqVGbx2rFAdKLabj9WPWTtvRJ4u25LQ/wiSB
XrLh8Zu0hBJsWq20yXX11k4ZBbAV03vpcb7qk0/QGFAJc+NimxZOfRdip6/HRcXQ
4bA6irIqo2ZfWK48mLWFW0X1SMx8j6f6ZJ5BEZyvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUs4XxOOk56HHwmnDsRN733sPVYKYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY4ZmE1MjI0LTlhYzMtNDMzMy1iZTcxLTVjOWIwMDMxNDA4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANIw8wDQYJKoZIhvcNAQELBQADggEBAJOjGOvAt3LdFxXOvhzGr0oQF79t
eVdgb/8Aua5cvFJ1kDsnOvJ1I686e1NERd6SYucl42/piybxKae9wIFCEP2KtA0W
UpkUdznu/0npnLnbIA8yGTOmFVdlN4rK7w86YM//gVrjDAzBeuhCb3zUMmyj/60G
msEs8AkbAHXVnZpB9PBJug4qetzVAJqkuhijyHWZ/FFeYJQ4X7kzZ0UpOoZhAieD
h5uC4J71ALCQ97oZMBZmAEoXf5Kl0869+rn+5JdNv86ks4ToCns0UGJ5fuppt3ai
yEATaLVii8xLdc22DDBcmLnXamVPyvQ25K5x8iuGl7OtK4aWdWPhA1/HUNg=
-----END CERTIFICATE-----
Generated at Fri Oct 17 22:00:20 2025 by rpki-client