Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c5331e1-7be3-4fa4-9602-afbd9f20b415.roa
File:                     6c5331e1-7be3-4fa4-9602-afbd9f20b415.roa (raw, json)
Hash identifier:          iMXqy1rBsaCPTgfHIJSPLSXckJp/LdUykyZf39QiW7E=
Subject key identifier:   C6:52:A5:7B:04:79:90:A3:A0:E9:A7:58:A7:3A:EE:8F:E9:0A:3E:1E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       427716922F14A165F3CBD6AEE1A3EFB87BEFDCB2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c5331e1-7be3-4fa4-9602-afbd9f20b415.roa
Signing time:             Tue 19 Aug 2025 15:21:39 +0000
ROA not before:           Tue 19 Aug 2025 15:21:39 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.212.0.0/14 maxlen: 14
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:77:16:92:2f:14:a1:65:f3:cb:d6:ae:e1:a3:ef:b8:7b:ef:dc:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 19 15:21:39 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=cab3d219321d6228a1245e1b65df421222a44911aae93e815f49e353c39e2485, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:fb:e8:ac:96:ba:c6:d9:17:ac:da:00:37:e9:
                    62:35:96:59:48:24:ba:cf:05:74:b0:45:67:3f:3a:
                    c3:36:b5:50:7e:7b:25:9a:f8:6a:f7:9a:8b:a4:08:
                    9d:b2:2e:7d:22:7c:80:4a:a8:0e:84:34:37:07:d0:
                    8a:c6:ce:3b:1d:91:e6:b5:43:ea:4e:e4:77:8a:99:
                    c3:27:f1:f4:25:f2:a6:0d:db:41:1f:1a:1b:1d:28:
                    24:69:6e:5a:fe:31:10:9a:34:19:82:32:90:61:a5:
                    bc:d8:f8:14:60:7b:96:f1:19:22:99:87:ea:47:15:
                    78:37:02:46:55:1d:28:ea:69:9d:b6:30:56:5d:ff:
                    fd:34:92:82:09:f8:11:24:a6:44:41:ea:10:a8:f4:
                    45:99:b9:be:57:25:27:57:f6:01:59:c5:d7:c2:67:
                    e5:a7:54:e2:1f:d8:c6:72:3a:26:e2:58:ea:5a:ec:
                    34:c8:3d:b7:42:2a:3e:fe:ba:d1:8e:b2:d2:43:41:
                    f6:88:d1:6a:d7:1e:75:83:a3:42:49:f2:b9:68:57:
                    a9:d9:0a:19:c4:a5:53:54:2e:d1:c8:5a:fa:5a:73:
                    39:cd:c6:90:07:a9:c1:fc:ec:18:c5:82:6b:55:ca:
                    a3:7f:b0:c6:cc:c4:01:74:8f:48:54:5f:3f:dd:57:
                    24:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:52:A5:7B:04:79:90:A3:A0:E9:A7:58:A7:3A:EE:8F:E9:0A:3E:1E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c5331e1-7be3-4fa4-9602-afbd9f20b415.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.212.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         ab:1d:c4:71:4c:93:ed:24:3e:d8:47:04:2d:82:0f:67:22:5f:
         06:67:4d:f5:e6:05:05:4b:1f:27:fc:1b:bb:fc:3f:08:a3:b5:
         b8:3a:07:50:4a:a9:28:ca:4c:0c:ae:f3:07:c0:e9:5d:f0:0c:
         3d:b6:68:73:93:9b:6a:99:42:0a:db:7c:15:be:52:71:33:f3:
         c2:b5:05:e2:ef:02:6c:86:59:0b:36:2c:47:77:84:e0:70:b1:
         b7:c7:d9:d5:4d:2a:b2:8c:76:3d:07:6e:17:5e:27:38:11:d7:
         3f:3b:e7:7d:7d:ad:70:e1:f2:81:fa:50:30:aa:58:09:71:9a:
         27:af:15:55:df:4c:78:e2:7f:55:47:87:5f:a8:e8:6f:8b:0b:
         cd:eb:76:df:f5:0f:aa:26:b4:20:ac:12:49:96:bd:9d:0e:51:
         7f:78:1e:b4:d8:b8:d4:c4:f2:1a:45:b1:7b:d7:0d:2c:52:ae:
         9e:a6:7e:23:78:f8:84:02:f4:dd:1c:23:0d:9a:04:a1:82:96:
         35:12:6a:70:c3:50:b0:fb:fc:48:89:be:04:8b:b3:3f:7f:c7:
         48:f6:af:81:c3:58:5c:7d:d8:78:6c:90:cd:66:3d:47:f0:97:
         33:52:09:76:ce:26:82:82:74:73:70:fb:b8:d9:50:dc:9e:0f:
         d8:b4:fc:41
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQncWki8UoWXzy9au4aPvuHvv3LIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE5MTUyMTM5WhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYWIzZDIxOTMyMWQ2MjI4YTEyNDVlMWI2NWRmNDIxMjIy
YTQ0OTExYWFlOTNlODE1ZjQ5ZTM1M2MzOWUyNDg1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDg++islrrG2Res2gA36WI1lllIJLrPBXSwRWc/OsM2tVB+
eyWa+Gr3moukCJ2yLn0ifIBKqA6ENDcH0IrGzjsdkea1Q+pO5HeKmcMn8fQl8qYN
20EfGhsdKCRpblr+MRCaNBmCMpBhpbzY+BRge5bxGSKZh+pHFXg3AkZVHSjqaZ22
MFZd//00koIJ+BEkpkRB6hCo9EWZub5XJSdX9gFZxdfCZ+WnVOIf2MZyOibiWOpa
7DTIPbdCKj7+utGOstJDQfaI0WrXHnWDo0JJ8rloV6nZChnEpVNULtHIWvpacznN
xpAHqcH87BjFgmtVyqN/sMbMxAF0j0hUXz/dVyQNAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUxlKlewR5kKOg6adYpzruj+kKPh4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZjNTMzMWUxLTdiZTMtNGZhNC05NjAyLWFmYmQ5ZjIwYjQxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIN1DANBgkqhkiG9w0BAQsFAAOCAQEAqx3EcUyT7SQ+2EcELYIPZyJfBmdN
9eYFBUsfJ/wbu/w/CKO1uDoHUEqpKMpMDK7zB8DpXfAMPbZoc5ObaplCCtt8Fb5S
cTPzwrUF4u8CbIZZCzYsR3eE4HCxt8fZ1U0qsox2PQduF14nOBHXPzvnfX2tcOHy
gfpQMKpYCXGaJ68VVd9MeOJ/VUeHX6job4sLzet23/UPqia0IKwSSZa9nQ5Rf3ge
tNi41MTyGkWxe9cNLFKunqZ+I3j4hAL03RwjDZoEoYKWNRJqcMNQsPv8SIm+BIuz
P3/HSPavgcNYXH3YeGyQzWY9R/CXM1IJds4mgoJ0c3D7uNlQ3J4P2LT8QQ==
-----END CERTIFICATE-----