Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/791eb424-93b6-4280-979f-69ca4e5fe3d2.roa
File:                     791eb424-93b6-4280-979f-69ca4e5fe3d2.roa (raw, json)
Hash identifier:          ToG+q+o9HBPsAVEGil6P8hK8mA0wocFCcJ54mLdGLJo=
Subject key identifier:   49:98:B2:F0:9C:1E:42:C1:75:2A:3C:FF:40:6F:0A:AD:49:1E:67:BE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       47ED9885B9D89709B2F107AF85676529703894B4
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/791eb424-93b6-4280-979f-69ca4e5fe3d2.roa
Signing time:             Wed 24 Sep 2025 18:25:34 +0000
ROA not before:           Wed 24 Sep 2025 18:25:34 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.35.146.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:ed:98:85:b9:d8:97:09:b2:f1:07:af:85:67:65:29:70:38:94:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 18:25:34 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=8ba6e0c7acbae0987aa5be6df05576973cfcf06003267ea666c1c269e20e8be2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a5:50:10:df:1a:3e:7a:b6:7b:db:17:e4:c0:
                    03:b6:71:11:50:55:99:ed:41:a7:d2:b0:f2:de:54:
                    f5:7b:94:8e:ac:d4:d2:61:c3:cf:bd:ea:dd:e6:c7:
                    d7:5a:48:27:14:b5:9c:13:ea:3a:ed:91:b2:47:6f:
                    5f:01:37:2a:19:bd:f8:88:98:4f:c6:22:6f:e6:1f:
                    fd:40:fb:60:8d:90:d5:c8:4e:f8:fe:4c:f5:0a:ad:
                    26:6e:cd:7e:bd:db:46:5e:c8:08:6b:28:e1:ca:82:
                    98:14:d1:42:df:7b:26:c2:8b:9b:7f:fb:7c:9f:71:
                    f5:44:70:a0:e2:28:60:d1:85:7f:34:1e:d8:6a:06:
                    cf:c4:7a:0a:73:50:c4:6d:ec:17:1e:3b:6f:10:9b:
                    d9:69:3d:32:24:89:09:47:77:23:96:fa:57:1b:3a:
                    56:df:07:80:62:37:1c:6c:7e:e5:c6:a9:1b:88:2a:
                    6f:7a:75:91:57:28:61:77:e2:d2:73:6b:ef:f7:14:
                    ea:c1:cc:02:62:0d:2a:d9:fc:8e:04:f4:3d:08:f1:
                    b8:9f:95:0d:b0:95:93:c7:9a:e3:7e:cc:32:d5:aa:
                    fe:4e:00:6e:8a:37:38:e1:82:b0:71:58:09:73:f8:
                    8c:9a:34:e6:64:93:66:e7:ef:fc:b1:7b:5f:69:bf:
                    2b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:98:B2:F0:9C:1E:42:C1:75:2A:3C:FF:40:6F:0A:AD:49:1E:67:BE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/791eb424-93b6-4280-979f-69ca4e5fe3d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.35.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:c4:28:ca:cf:c5:82:36:a4:95:f2:c9:08:93:db:98:f9:ae:
         f2:df:b4:94:e6:b9:60:ec:a7:56:bc:3e:b7:26:fd:f2:a7:2a:
         f1:39:69:2c:9e:ce:d9:0a:60:18:68:c3:f9:64:d9:6d:67:1c:
         ea:e0:2b:31:31:40:06:d0:1c:09:a3:ce:e1:05:78:df:03:33:
         86:18:73:24:99:5f:16:b1:4e:cd:f4:79:2d:2a:a4:95:b4:86:
         f8:a0:29:2a:23:09:c6:8a:22:16:91:2d:c5:01:21:07:a1:c4:
         4d:ff:42:60:80:69:5b:1d:ed:49:71:2b:83:4f:7d:ef:83:de:
         2f:50:86:01:1b:c8:49:ad:7c:52:1d:06:55:5a:1a:e1:eb:50:
         25:49:92:ba:2b:11:63:a4:d6:40:79:8c:2b:df:95:1f:6c:6b:
         45:2d:f3:f0:ca:c0:a7:62:f3:6a:b9:35:39:99:91:7f:3e:75:
         9b:b1:91:04:2f:66:9b:b2:f4:b4:17:e1:d4:af:1f:fd:a8:60:
         3a:98:63:dd:65:f2:49:47:7c:31:d3:98:0e:4a:a2:c7:c9:36:
         8e:26:8c:7e:ea:6c:8b:e1:18:ab:21:e5:05:09:3a:84:0a:98:
         43:2e:15:bb:7c:7b:1d:13:95:c8:66:e7:e8:c2:e7:44:05:ef:
         98:b0:03:77
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR+2YhbnYlwmy8QevhWdlKXA4lLQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTgyNTM0WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YmE2ZTBjN2FjYmFlMDk4N2FhNWJlNmRmMDU1NzY5NzNj
ZmNmMDYwMDMyNjdlYTY2NmMxYzI2OWUyMGU4YmUyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIpVAQ3xo+erZ72xfkwAO2cRFQVZntQafSsPLeVPV7lI6s
1NJhw8+96t3mx9daSCcUtZwT6jrtkbJHb18BNyoZvfiImE/GIm/mH/1A+2CNkNXI
Tvj+TPUKrSZuzX6920ZeyAhrKOHKgpgU0ULfeybCi5t/+3yfcfVEcKDiKGDRhX80
HthqBs/EegpzUMRt7BceO28Qm9lpPTIkiQlHdyOW+lcbOlbfB4BiNxxsfuXGqRuI
Km96dZFXKGF34tJza+/3FOrBzAJiDSrZ/I4E9D0I8biflQ2wlZPHmuN+zDLVqv5O
AG6KNzjhgrBxWAlz+IyaNOZkk2bn7/yxe19pvyvDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSZiy8JweQsF1Kjz/QG8KrUkeZ74wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc5MWViNDI0LTkzYjYtNDI4MC05NzlmLTY5Y2E0ZTVmZTNkMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAENI5IwDQYJKoZIhvcNAQELBQADggEBAIrEKMrPxYI2pJXyyQiT25j5rvLf
tJTmuWDsp1a8Prcm/fKnKvE5aSyeztkKYBhow/lk2W1nHOrgKzExQAbQHAmjzuEF
eN8DM4YYcySZXxaxTs30eS0qpJW0hvigKSojCcaKIhaRLcUBIQehxE3/QmCAaVsd
7UlxK4NPfe+D3i9QhgEbyEmtfFIdBlVaGuHrUCVJkrorEWOk1kB5jCvflR9sa0Ut
8/DKwKdi82q5NTmZkX8+dZuxkQQvZpuy9LQX4dSvH/2oYDqYY91l8klHfDHTmA5K
osfJNo4mjH7qbIvhGKsh5QUJOoQKmEMuFbt8ex0Tlchm5+jC50QF75iwA3c=
-----END CERTIFICATE-----