Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/858ed4ec-dbf8-44ab-9a2b-0c38c59c72a0.roa
File:                     858ed4ec-dbf8-44ab-9a2b-0c38c59c72a0.roa (raw, json)
Hash identifier:          NgT/TrTshJ+S7LytH2BgHpO1KBvicCbkZ3IKQGoC2/0=
Subject key identifier:   D5:F1:FE:CC:B9:38:6A:01:E1:D8:B6:DE:C5:4F:81:70:7A:4E:B1:D3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       457F43EA6F869D688C359AA686742A6EFC03F560
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/858ed4ec-dbf8-44ab-9a2b-0c38c59c72a0.roa
Signing time:             Wed 24 Sep 2025 17:51:37 +0000
ROA not before:           Wed 24 Sep 2025 17:51:37 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.33.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:7f:43:ea:6f:86:9d:68:8c:35:9a:a6:86:74:2a:6e:fc:03:f5:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 17:51:37 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=e305ded4c141c69e40e1358e8da91c3eb54c8c6d72fe76ae847de9633e0a89f3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c7:de:5d:d6:81:11:d4:59:8e:95:a4:77:f1:
                    77:25:cd:bd:1f:b9:07:ed:de:ad:b5:39:4c:94:0b:
                    0d:7f:db:19:33:7f:8a:c1:9f:ad:73:2e:be:68:d3:
                    76:d1:58:9f:03:c9:f3:b7:ce:69:b4:32:83:99:ba:
                    86:ab:d0:97:05:f3:8a:af:7b:07:af:e6:ec:8d:fb:
                    44:11:88:ab:25:22:89:5f:04:81:ae:0a:69:6c:4d:
                    58:17:36:f3:6e:0a:bb:f2:8b:b3:c6:d9:2b:60:35:
                    54:6a:0d:d5:08:25:d7:83:c9:af:db:a0:23:05:f3:
                    80:88:7c:20:0c:18:6a:66:c8:e4:18:53:5a:9f:63:
                    76:0c:09:ac:07:cf:0b:56:ac:e7:67:39:d2:b8:1e:
                    68:b2:c9:a2:88:b7:f3:50:4e:25:2f:ec:9b:46:39:
                    17:0c:56:57:af:d8:3e:57:98:9c:e6:2c:03:ed:93:
                    5d:52:77:4e:73:f4:7f:5b:59:4a:03:dc:91:19:56:
                    4c:72:63:4b:1e:7d:05:94:d2:f8:ef:f1:4a:48:82:
                    f3:13:48:6a:49:f9:e9:f8:e7:e4:ab:de:4e:13:4e:
                    56:dc:35:e7:82:66:7f:a2:cd:ab:93:88:b9:f5:f1:
                    fa:56:16:6d:ad:5c:77:5f:32:e1:2d:23:61:18:35:
                    a0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F1:FE:CC:B9:38:6A:01:E1:D8:B6:DE:C5:4F:81:70:7A:4E:B1:D3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/858ed4ec-dbf8-44ab-9a2b-0c38c59c72a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.33.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:59:95:9c:47:6e:db:ac:d5:76:d2:2f:a7:ed:77:f0:ee:9d:
         60:d9:ab:5a:45:9b:cb:b7:af:2e:2e:4e:ff:0d:06:91:e2:65:
         ea:80:9c:6d:9a:dd:1b:5d:c1:a9:7c:9e:79:87:c9:bc:04:a7:
         b8:9e:3d:df:bb:d5:17:c7:b3:cb:67:49:68:0b:1e:00:cc:18:
         d3:7a:40:6e:e3:0d:d6:6c:87:36:70:8f:ff:fc:3c:83:2f:7f:
         a5:1e:31:0d:e2:2a:87:3c:32:62:a3:d0:57:d6:11:1e:e8:63:
         32:6e:66:58:15:0e:84:6e:94:c8:1b:94:6a:94:6c:5e:6a:e8:
         8f:21:cb:35:fe:ea:1f:72:92:99:62:81:3e:29:ef:53:a4:c2:
         9f:05:d8:77:6a:59:88:fc:3d:60:4c:ff:c8:48:a8:5b:dd:7c:
         39:02:5e:f0:52:9c:ba:ef:c9:f5:fd:73:0b:4d:6c:99:39:df:
         8b:7e:e4:2a:20:2c:d2:66:3f:1d:c1:98:cf:9e:9e:8f:3e:7a:
         c6:16:f1:63:8b:44:64:b6:3b:73:1c:47:45:51:50:cd:80:20:
         3f:35:b7:5d:7c:fc:96:f0:8c:5e:56:76:b9:74:79:21:0b:77:
         5b:5f:b4:25:7d:4a:fa:bd:74:6b:7f:53:48:51:19:a1:5f:7e:
         2a:63:a2:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURX9D6m+GnWiMNZqmhnQqbvwD9WAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTc1MTM3WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMzA1ZGVkNGMxNDFjNjllNDBlMTM1OGU4ZGE5MWMzZWI1
NGM4YzZkNzJmZTc2YWU4NDdkZTk2MzNlMGE4OWYzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7x95d1oER1FmOlaR38Xclzb0fuQft3q21OUyUCw1/2xkz
f4rBn61zLr5o03bRWJ8DyfO3zmm0MoOZuoar0JcF84qvewev5uyN+0QRiKslIolf
BIGuCmlsTVgXNvNuCrvyi7PG2StgNVRqDdUIJdeDya/boCMF84CIfCAMGGpmyOQY
U1qfY3YMCawHzwtWrOdnOdK4HmiyyaKIt/NQTiUv7JtGORcMVlev2D5XmJzmLAPt
k11Sd05z9H9bWUoD3JEZVkxyY0sefQWU0vjv8UpIgvMTSGpJ+en45+Sr3k4TTlbc
NeeCZn+izauTiLn18fpWFm2tXHdfMuEtI2EYNaDNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1fH+zLk4agHh2LbexU+BcHpOsdMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg1OGVkNGVjLWRiZjgtNDRhYi05YTJiLTBjMzhjNTljNzJhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANIVAwDQYJKoZIhvcNAQELBQADggEBABtZlZxHbtus1XbSL6ftd/DunWDZ
q1pFm8u3ry4uTv8NBpHiZeqAnG2a3Rtdwal8nnmHybwEp7iePd+71RfHs8tnSWgL
HgDMGNN6QG7jDdZshzZwj//8PIMvf6UeMQ3iKoc8MmKj0FfWER7oYzJuZlgVDoRu
lMgblGqUbF5q6I8hyzX+6h9ykpligT4p71Okwp8F2HdqWYj8PWBM/8hIqFvdfDkC
XvBSnLrvyfX9cwtNbJk534t+5CogLNJmPx3BmM+eno8+esYW8WOLRGS2O3McR0VR
UM2AID81t118/JbwjF5Wdrl0eSELd1tftCV9Svq9dGt/U0hRGaFffipjov8=
-----END CERTIFICATE-----
Generated at Fri Oct 17 23:41:27 2025 by rpki-client