Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/857024a3-7fe9-4afb-9bac-6e8a6196660e.roa
File:                     857024a3-7fe9-4afb-9bac-6e8a6196660e.roa (raw, json)
Hash identifier:          k5YZ7FussFktt0Hjv4bOwbF2TxbXsPvJSjbVBq0Rtvo=
Subject key identifier:   3F:99:72:AE:AC:2F:4C:74:59:CD:EA:6D:F7:4D:FB:04:EE:0D:41:9B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3AAC53679FE5F2306E3112F6A5865948817D6061
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/857024a3-7fe9-4afb-9bac-6e8a6196660e.roa
Signing time:             Wed 24 Sep 2025 20:44:19 +0000
ROA not before:           Wed 24 Sep 2025 20:44:19 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.226.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:ac:53:67:9f:e5:f2:30:6e:31:12:f6:a5:86:59:48:81:7d:60:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 20:44:19 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=9d39e0d481f28fbafac7c855af5aceebd8bd180bb5270faf50b8fa933ad1cf12, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d6:31:76:4a:cf:a4:92:83:73:c8:ac:55:f0:
                    c8:fa:90:0b:d5:21:23:90:ce:7b:42:31:ed:53:80:
                    04:00:c6:92:d1:e1:58:4e:b7:8c:28:8e:be:2c:1a:
                    1d:49:64:c9:88:92:6a:9a:86:d5:70:e5:d5:c4:b8:
                    62:5e:7f:09:e1:ab:24:1e:44:26:d2:58:29:f6:bc:
                    a9:4d:c5:88:ee:bf:75:17:7a:55:16:48:59:66:4f:
                    b1:8a:6e:a9:97:46:dc:52:c1:60:78:db:3d:3a:47:
                    60:ef:ff:8a:f6:f9:fa:2c:fc:0d:1c:cd:89:1b:bd:
                    a5:dc:25:34:2d:5b:0f:82:e9:fc:36:37:86:00:27:
                    a0:ba:c4:1f:1a:8d:b9:38:e9:f1:3d:c6:1e:d1:fe:
                    2e:2f:8b:8b:1c:08:5a:17:66:91:08:d6:c4:0f:93:
                    88:ef:71:a7:3f:db:7a:b7:96:cc:e6:94:24:c7:57:
                    ad:14:18:69:a6:cb:de:d4:8b:8b:94:fc:69:96:c6:
                    1e:9f:da:57:2e:ca:73:fd:4e:0d:0f:1a:31:01:c2:
                    d9:19:9f:e5:50:97:48:4d:d6:a1:2e:57:be:ec:00:
                    27:79:29:6a:0d:c5:ac:2a:e8:27:3c:51:9a:c2:3e:
                    78:ee:dc:16:22:ca:f7:56:19:ea:d9:a0:8c:ba:e8:
                    a5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:99:72:AE:AC:2F:4C:74:59:CD:EA:6D:F7:4D:FB:04:EE:0D:41:9B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/857024a3-7fe9-4afb-9bac-6e8a6196660e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.226.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:31:f2:f5:05:ba:18:73:13:a9:94:6a:00:fb:df:c3:1a:ab:
         96:3d:e3:1f:4d:92:6d:79:57:10:73:45:28:f8:c7:79:26:15:
         91:7b:b3:24:e7:f4:c6:5a:4d:4b:51:3c:a3:41:da:b7:f4:49:
         67:b5:6d:15:fe:0e:13:01:d3:ca:93:77:41:bd:ef:47:a7:fb:
         2e:a6:10:e7:68:d7:b7:d9:23:7b:19:91:94:03:dd:16:b1:a3:
         4b:03:90:ae:5e:80:54:4d:bf:29:31:64:5c:e0:37:7d:85:c9:
         26:14:1a:fc:31:45:58:a0:c0:17:1a:a1:c3:59:46:1f:be:38:
         92:ff:73:a6:0f:79:9c:29:3e:8b:f6:c0:f6:7c:b6:f3:b1:b1:
         61:25:ca:94:d3:a9:4d:79:62:67:b7:e5:bb:c1:e2:27:14:2b:
         eb:99:84:f0:9a:eb:5c:9f:72:10:3c:33:00:7d:e9:87:0f:ce:
         16:53:a4:8f:6c:20:ce:07:1a:3f:63:20:d0:8b:c9:b6:fe:58:
         98:2b:a4:61:7e:44:19:5c:3b:47:20:2d:e9:25:e2:a1:15:c8:
         45:91:8b:ce:10:6d:22:6e:bf:e4:61:9e:05:df:e3:c9:5b:89:
         12:4c:82:14:08:40:ad:96:80:e7:eb:70:6e:6d:e8:9c:93:9d:
         09:45:b1:57
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOqxTZ5/l8jBuMRL2pYZZSIF9YGEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjA0NDE5WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZDM5ZTBkNDgxZjI4ZmJhZmFjN2M4NTVhZjVhY2VlYmQ4
YmQxODBiYjUyNzBmYWY1MGI4ZmE5MzNhZDFjZjEyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDA1jF2Ss+kkoNzyKxV8Mj6kAvVISOQzntCMe1TgAQAxpLR
4VhOt4wojr4sGh1JZMmIkmqahtVw5dXEuGJefwnhqyQeRCbSWCn2vKlNxYjuv3UX
elUWSFlmT7GKbqmXRtxSwWB42z06R2Dv/4r2+fos/A0czYkbvaXcJTQtWw+C6fw2
N4YAJ6C6xB8ajbk46fE9xh7R/i4vi4scCFoXZpEI1sQPk4jvcac/23q3lszmlCTH
V60UGGmmy97Ui4uU/GmWxh6f2lcuynP9Tg0PGjEBwtkZn+VQl0hN1qEuV77sACd5
KWoNxawq6Cc8UZrCPnju3BYiyvdWGerZoIy66KWPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUP5lyrqwvTHRZzept9037BO4NQZswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg1NzAyNGEzLTdmZTktNGFmYi05YmFjLTZlOGE2MTk2NjYwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIN4qwwDQYJKoZIhvcNAQELBQADggEBAEIx8vUFuhhzE6mUagD738Maq5Y9
4x9Nkm15VxBzRSj4x3kmFZF7syTn9MZaTUtRPKNB2rf0SWe1bRX+DhMB08qTd0G9
70en+y6mEOdo17fZI3sZkZQD3Raxo0sDkK5egFRNvykxZFzgN32FySYUGvwxRVig
wBcaocNZRh++OJL/c6YPeZwpPov2wPZ8tvOxsWElypTTqU15Yme35bvB4icUK+uZ
hPCa61yfchA8MwB96YcPzhZTpI9sIM4HGj9jINCLybb+WJgrpGF+RBlcO0cgLekl
4qEVyEWRi84QbSJuv+RhngXf48lbiRJMghQIQK2WgOfrcG5t6JyTnQlFsVc=
-----END CERTIFICATE-----