Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7663c443-f4f1-4f52-a8c9-6dcb50935a2c.roa
File:                     7663c443-f4f1-4f52-a8c9-6dcb50935a2c.roa (raw, json)
Hash identifier:          57kWJ9JhRFKWmMiTdiFyat5NJXXUYVRSJeYykG5FznM=
Subject key identifier:   15:B1:C8:11:47:E4:6B:34:62:79:32:8A:73:B9:90:27:3D:93:5C:91
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2C74D99ECAE9996659FC8C173C8FFB9620498D60
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7663c443-f4f1-4f52-a8c9-6dcb50935a2c.roa
Signing time:             Wed 24 Sep 2025 20:39:06 +0000
ROA not before:           Wed 24 Sep 2025 20:39:06 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.225.128.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:74:d9:9e:ca:e9:99:66:59:fc:8c:17:3c:8f:fb:96:20:49:8d:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 20:39:06 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=93c07ae6aec8dbfd07cd7e887f2e7638dc278ce23a26ecb87175df0d76f84051, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f4:14:1a:64:e9:2d:b7:92:ea:39:6f:cd:dd:
                    60:60:f1:3b:48:16:04:27:80:32:4c:33:f0:9a:8f:
                    80:e1:a0:5d:d8:25:47:3c:3c:b8:ef:d9:00:aa:ac:
                    83:6c:46:ca:66:a9:e6:11:5f:d8:5e:5c:67:0b:cd:
                    99:5c:f4:a1:b8:ae:8a:ae:b3:2e:16:b7:3b:c9:63:
                    18:f8:f6:0f:89:35:4e:73:f3:19:71:9d:c7:c6:c0:
                    e9:ed:09:ea:2e:8e:bc:4f:b6:1e:23:f8:73:d8:9b:
                    68:68:35:6d:f5:ec:99:c0:6f:bf:9b:dd:c3:4e:42:
                    7d:e1:a5:e4:6e:bc:03:67:28:c8:ef:7c:1b:6f:29:
                    8a:86:d6:87:44:75:50:c7:4f:26:e5:1a:e1:e8:2c:
                    c3:93:a7:98:43:dc:10:6a:6f:8a:ea:a5:97:ef:17:
                    5d:ae:39:06:c9:8e:30:2d:52:99:b2:56:42:cd:a1:
                    ce:2b:7f:91:5e:10:af:7b:de:8a:7d:fe:0c:34:59:
                    fe:eb:e5:a9:8d:2a:a2:04:9d:e9:f8:85:a0:77:87:
                    d5:e9:d7:b8:6b:33:b4:0a:3a:4c:f6:b5:ae:42:0b:
                    57:12:41:4d:98:23:f0:e0:d7:c6:87:6c:b8:d6:8b:
                    52:3d:c9:36:f6:d1:b9:7e:cf:a9:5b:37:50:cb:ec:
                    e7:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:B1:C8:11:47:E4:6B:34:62:79:32:8A:73:B9:90:27:3D:93:5C:91
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7663c443-f4f1-4f52-a8c9-6dcb50935a2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.225.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:48:ec:0c:e5:50:0b:85:f5:72:e8:db:9b:a1:47:00:dd:07:
         13:04:0c:89:04:79:7a:c8:f7:df:76:8e:fd:36:6e:be:60:bf:
         e1:ca:5d:dd:4d:a4:43:79:1f:68:07:40:98:79:87:91:1a:9d:
         ad:f5:32:ca:b7:28:51:24:53:81:2e:68:b3:a0:82:b8:0d:f8:
         7b:a3:93:b9:10:92:ab:02:89:aa:c6:1e:c5:ab:30:85:06:57:
         69:0c:d0:e1:9e:20:85:ff:34:89:e4:e4:6c:39:60:31:93:63:
         c3:d7:cb:f2:87:66:ce:ff:ee:2d:ba:38:7a:70:06:6e:f4:ec:
         3d:6d:a4:34:a8:f5:3a:31:40:82:ff:6e:c1:70:43:3b:90:84:
         37:2d:55:56:95:2a:f3:87:85:7e:cc:fe:3e:89:a8:36:b3:85:
         fe:5c:64:6f:52:0a:76:ea:f5:f2:cf:9e:df:1b:d2:ee:49:8f:
         de:8b:49:5a:1d:ec:d6:f4:8a:c5:bd:94:8f:70:9d:b0:99:07:
         06:0c:4c:a3:d4:1e:01:99:be:d7:b0:51:50:a8:1e:3c:f5:e1:
         a4:29:d4:81:e7:85:2b:ad:d3:02:aa:e6:cc:94:fd:ff:68:70:
         06:4d:af:a3:c7:d5:9c:e6:54:ad:2c:67:4a:97:0f:63:61:56:
         c9:d8:27:3f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULHTZnsrpmWZZ/IwXPI/7liBJjWAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjAzOTA2WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5M2MwN2FlNmFlYzhkYmZkMDdjZDdlODg3ZjJlNzYzOGRj
Mjc4Y2UyM2EyNmVjYjg3MTc1ZGYwZDc2Zjg0MDUxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDg9BQaZOktt5LqOW/N3WBg8TtIFgQngDJMM/Caj4DhoF3Y
JUc8PLjv2QCqrINsRspmqeYRX9heXGcLzZlc9KG4roqusy4WtzvJYxj49g+JNU5z
8xlxncfGwOntCeoujrxPth4j+HPYm2hoNW317JnAb7+b3cNOQn3hpeRuvANnKMjv
fBtvKYqG1odEdVDHTyblGuHoLMOTp5hD3BBqb4rqpZfvF12uOQbJjjAtUpmyVkLN
oc4rf5FeEK973op9/gw0Wf7r5amNKqIEnen4haB3h9Xp17hrM7QKOkz2ta5CC1cS
QU2YI/Dg18aHbLjWi1I9yTb20bl+z6lbN1DL7OdXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFbHIEUfkazRieTKKc7mQJz2TXJEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc2NjNjNDQzLWY0ZjEtNGY1Mi1hOGM5LTZkY2I1MDkzNWEyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIN4YAwDQYJKoZIhvcNAQELBQADggEBAIZI7AzlUAuF9XLo25uhRwDdBxME
DIkEeXrI9992jv02br5gv+HKXd1NpEN5H2gHQJh5h5Eana31Msq3KFEkU4EuaLOg
grgN+Hujk7kQkqsCiarGHsWrMIUGV2kM0OGeIIX/NInk5Gw5YDGTY8PXy/KHZs7/
7i26OHpwBm707D1tpDSo9ToxQIL/bsFwQzuQhDctVVaVKvOHhX7M/j6JqDazhf5c
ZG9SCnbq9fLPnt8b0u5Jj96LSVod7Nb0isW9lI9wnbCZBwYMTKPUHgGZvtewUVCo
Hjz14aQp1IHnhSut0wKq5syU/f9ocAZNr6PH1ZzmVK0sZ0qXD2NhVsnYJz8=
-----END CERTIFICATE-----