Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8c0f043f-766b-4d1e-a3e4-3ec2d7bc027d.roa
File:                     8c0f043f-766b-4d1e-a3e4-3ec2d7bc027d.roa (raw, json)
Hash identifier:          OduI2tVsnsqIUQDrAc/J4VWJQ8A9NOEJQVglpVFiaiw=
Subject key identifier:   91:12:7E:98:86:81:68:ED:21:9C:47:46:76:AB:D8:51:FA:F4:C9:DB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       17AE594E4F521E29C5C71CDB811503B300DB90C4
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8c0f043f-766b-4d1e-a3e4-3ec2d7bc027d.roa
Signing time:             Wed 24 Sep 2025 19:32:50 +0000
ROA not before:           Wed 24 Sep 2025 19:32:50 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.226.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:ae:59:4e:4f:52:1e:29:c5:c7:1c:db:81:15:03:b3:00:db:90:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 19:32:50 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=9a4ee9dd76531db0773d7a5f195726b0399ee1f47a8d17e6db2158b0f8980b62, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:41:5c:9a:48:be:22:cb:2b:12:d4:3e:78:48:
                    f8:35:32:31:22:b5:07:0e:ef:ea:66:69:62:6b:f4:
                    7e:8b:97:d0:ae:8e:a8:4d:0e:21:c0:44:be:69:28:
                    a6:3a:31:03:0a:64:e6:c0:04:a5:66:ba:5a:65:8a:
                    7c:bb:ff:74:6e:87:cf:6d:09:b9:2d:ec:b7:12:e8:
                    b4:e2:9b:db:2d:55:b3:18:17:c9:db:79:72:ac:2e:
                    d0:62:57:b7:b0:d6:6b:cb:3a:9a:58:c1:ed:f8:d0:
                    81:3a:7f:97:67:21:ab:3c:79:d4:3c:3d:af:cc:34:
                    ef:f8:ea:74:4f:5b:3c:db:66:c8:b9:2e:33:5e:fb:
                    74:61:1f:7e:77:51:02:70:5f:78:e1:ad:29:f9:43:
                    fa:f0:72:2b:18:88:86:a5:2c:f4:88:9f:78:d8:a3:
                    75:b9:78:f4:12:46:4b:9e:d4:3a:cf:bf:a9:2a:a6:
                    20:b6:66:bc:35:c2:63:b7:1b:1c:e3:69:b6:e6:8d:
                    ec:29:2a:6b:cf:b1:d4:03:e2:45:7a:55:2a:4d:09:
                    f8:29:9e:de:fb:57:e9:72:62:cc:50:15:24:3a:da:
                    03:ca:80:47:88:76:46:96:a3:ab:8d:8f:86:e9:3a:
                    ec:3d:c1:62:7f:d0:0e:29:63:c5:ca:e7:eb:a5:6c:
                    bd:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:12:7E:98:86:81:68:ED:21:9C:47:46:76:AB:D8:51:FA:F4:C9:DB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8c0f043f-766b-4d1e-a3e4-3ec2d7bc027d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.226.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:2d:00:7d:a2:a2:2b:85:c3:90:7b:5c:c4:37:dc:75:3a:20:
         51:5f:40:30:2c:d6:ed:a1:8e:64:d3:ee:ec:52:1a:38:f4:54:
         e2:c7:af:34:72:bc:15:4b:55:7e:38:a5:6d:08:3c:59:99:f3:
         85:22:e0:d7:df:fb:1c:ed:98:d0:aa:77:b6:51:49:f6:45:11:
         b2:21:8f:f5:9b:71:c9:c7:0b:b2:42:e3:72:c2:e3:2c:a3:14:
         9d:57:19:af:ed:9a:86:88:6a:48:36:20:cf:50:b0:bc:a5:b8:
         2a:76:ff:e4:bc:c1:a1:e8:17:97:f5:98:25:03:34:19:af:ee:
         ec:9c:ae:6c:bd:3d:50:60:57:19:a5:fa:8d:24:8c:12:e3:7a:
         c0:2b:de:f3:12:4e:90:12:2a:c3:af:2a:61:43:f7:b3:38:6f:
         b2:22:4f:b6:73:cf:d4:49:86:29:d9:dc:3e:b1:b9:ec:91:79:
         33:1b:c9:f4:9c:18:f6:04:c0:d3:4a:6a:81:b4:b1:68:cc:85:
         a0:66:41:59:98:23:87:fc:a6:00:ce:35:91:d0:b1:c0:13:e8:
         94:fd:e8:7e:60:63:b4:eb:a1:23:e8:fd:29:63:cc:9e:4b:3a:
         77:35:52:33:bf:c4:8c:7a:2c:32:da:18:82:f1:fc:39:7f:5a:
         ed:7a:57:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF65ZTk9SHinFxxzbgRUDswDbkMQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTkzMjUwWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YTRlZTlkZDc2NTMxZGIwNzczZDdhNWYxOTU3MjZiMDM5
OWVlMWY0N2E4ZDE3ZTZkYjIxNThiMGY4OTgwYjYyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgQVyaSL4iyysS1D54SPg1MjEitQcO7+pmaWJr9H6Ll9Cu
jqhNDiHARL5pKKY6MQMKZObABKVmulpliny7/3Ruh89tCbkt7LcS6LTim9stVbMY
F8nbeXKsLtBiV7ew1mvLOppYwe340IE6f5dnIas8edQ8Pa/MNO/46nRPWzzbZsi5
LjNe+3RhH353UQJwX3jhrSn5Q/rwcisYiIalLPSIn3jYo3W5ePQSRkue1DrPv6kq
piC2Zrw1wmO3GxzjabbmjewpKmvPsdQD4kV6VSpNCfgpnt77V+lyYsxQFSQ62gPK
gEeIdkaWo6uNj4bpOuw9wWJ/0A4pY8XK5+ulbL0JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkRJ+mIaBaO0hnEdGdqvYUfr0ydswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhjMGYwNDNmLTc2NmItNGQxZS1hM2U0LTNlYzJkN2JjMDI3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN4qQwDQYJKoZIhvcNAQELBQADggEBAGktAH2ioiuFw5B7XMQ33HU6IFFf
QDAs1u2hjmTT7uxSGjj0VOLHrzRyvBVLVX44pW0IPFmZ84Ui4Nff+xztmNCqd7ZR
SfZFEbIhj/WbccnHC7JC43LC4yyjFJ1XGa/tmoaIakg2IM9QsLyluCp2/+S8waHo
F5f1mCUDNBmv7uycrmy9PVBgVxml+o0kjBLjesAr3vMSTpASKsOvKmFD97M4b7Ii
T7Zzz9RJhinZ3D6xueyReTMbyfScGPYEwNNKaoG0sWjMhaBmQVmYI4f8pgDONZHQ
scAT6JT96H5gY7TroSPo/SljzJ5LOnc1UjO/xIx6LDLaGILx/Dl/Wu16V0Y=
-----END CERTIFICATE-----