Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8deaabf9-8450-45e3-b798-6f64df2b5715.roa
File:                     8deaabf9-8450-45e3-b798-6f64df2b5715.roa (raw, json)
Hash identifier:          qD5g0P0g1NpN/n8v9hoZrX3Yh1xJQBO8PZ8/UUDV5fw=
Subject key identifier:   4D:2A:DF:E8:D7:5F:34:3C:DF:CA:5F:E3:1F:EE:CC:EF:FC:06:A0:B3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       06FA62F1D6D37F7D220BEC8DB94EBE6821220D2A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8deaabf9-8450-45e3-b798-6f64df2b5715.roa
Signing time:             Wed 24 Sep 2025 21:00:13 +0000
ROA not before:           Wed 24 Sep 2025 21:00:13 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.224.0.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:fa:62:f1:d6:d3:7f:7d:22:0b:ec:8d:b9:4e:be:68:21:22:0d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:00:13 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=9239e6ee80c7cc723c4b66220b32204e5d1de997cd827a3eca7ece039ab8f69f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:21:3d:3c:45:0c:76:6f:c7:01:c2:62:f5:6e:
                    c6:21:18:bf:8a:41:3d:53:dd:a0:7b:b4:ae:60:44:
                    05:e9:23:e1:20:9f:37:59:e5:36:34:a6:89:39:b5:
                    30:cd:16:2d:e9:88:eb:b0:c4:bd:60:dc:3d:fa:c9:
                    6c:3e:c0:22:d5:35:fe:7a:3e:f1:bd:33:c4:c9:d0:
                    09:82:dd:e8:60:91:d9:ae:99:46:40:d8:f0:0e:a1:
                    46:33:97:97:ed:5e:63:b7:d2:28:57:72:a9:c0:28:
                    de:e2:5c:8a:68:65:80:ed:cc:52:ff:0b:76:2c:bb:
                    88:e4:a2:ea:e3:2c:97:11:28:a2:d7:65:f3:69:d3:
                    b9:8e:cb:92:81:ba:d4:98:9d:12:86:d2:a1:97:2b:
                    77:24:46:ce:d9:9c:9e:5e:5b:09:b1:8e:72:c5:66:
                    20:5d:b2:95:8a:56:fd:78:65:da:ed:74:d0:00:95:
                    85:d8:cd:b9:ed:2d:cc:88:df:48:3c:2f:f0:6c:e9:
                    c9:bb:f5:81:5c:a6:a1:9a:00:c4:f7:1c:9c:7f:d9:
                    9b:38:d1:3a:01:82:4a:fd:db:22:de:51:b6:15:48:
                    26:36:29:dd:e4:50:7f:09:3d:b3:bc:29:0a:0d:25:
                    59:59:66:cf:d9:89:f1:9b:73:a0:a8:5a:9d:51:d6:
                    a7:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:2A:DF:E8:D7:5F:34:3C:DF:CA:5F:E3:1F:EE:CC:EF:FC:06:A0:B3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8deaabf9-8450-45e3-b798-6f64df2b5715.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.224.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4e:2c:7f:42:81:9f:a0:16:61:9b:9e:0f:45:70:8d:9c:05:d1:
         36:bd:3c:36:95:08:80:42:b9:9a:f5:f9:5e:5d:f4:88:02:fe:
         db:9c:cc:1f:2a:8f:2a:ca:5e:33:37:97:e3:a6:31:ea:59:30:
         1b:39:71:04:f0:1c:2a:a4:5d:1d:3f:fb:4d:1b:39:69:9c:9c:
         27:49:92:5d:a0:cf:bd:23:c3:c5:6e:88:26:6b:d4:2d:52:55:
         16:bb:61:81:e0:5f:19:e3:f2:1a:84:bc:a4:ee:e8:39:ad:15:
         a2:b0:7c:c7:1d:e3:5c:52:ed:cf:4d:ce:19:67:54:5e:0e:39:
         fc:be:25:b5:bf:b2:df:8b:35:7c:a9:3f:82:ec:de:08:16:6d:
         0c:80:2b:46:18:c7:7e:f3:ca:9e:23:26:cb:27:62:60:70:40:
         f2:b0:17:11:7f:03:06:fc:98:05:1f:cf:f3:f9:a7:00:26:2e:
         44:1a:bf:73:03:9f:be:10:d9:22:d1:49:5a:95:fc:97:43:4f:
         f2:0d:ba:4a:e3:6d:a8:e6:d9:a7:db:8c:11:c1:c8:ed:4e:4f:
         92:8f:6b:fd:a8:8d:b4:ff:e6:5f:f9:c7:d3:82:b4:f7:d7:e0:
         ec:44:bc:b2:d9:f0:59:a1:df:3d:70:a3:c7:0b:60:3c:cd:e4:
         6a:68:a6:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBvpi8dbTf30iC+yNuU6+aCEiDSowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjEwMDEzWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MjM5ZTZlZTgwYzdjYzcyM2M0YjY2MjIwYjMyMjA0ZTVk
MWRlOTk3Y2Q4MjdhM2VjYTdlY2UwMzlhYjhmNjlmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5IT08RQx2b8cBwmL1bsYhGL+KQT1T3aB7tK5gRAXpI+Eg
nzdZ5TY0pok5tTDNFi3piOuwxL1g3D36yWw+wCLVNf56PvG9M8TJ0AmC3ehgkdmu
mUZA2PAOoUYzl5ftXmO30ihXcqnAKN7iXIpoZYDtzFL/C3Ysu4jkourjLJcRKKLX
ZfNp07mOy5KButSYnRKG0qGXK3ckRs7ZnJ5eWwmxjnLFZiBdspWKVv14ZdrtdNAA
lYXYzbntLcyI30g8L/Bs6cm79YFcpqGaAMT3HJx/2Zs40ToBgkr92yLeUbYVSCY2
Kd3kUH8JPbO8KQoNJVlZZs/ZifGbc6CoWp1R1qdbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTSrf6NdfNDzfyl/jH+7M7/wGoLMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhkZWFhYmY5LTg0NTAtNDVlMy1iNzk4LTZmNjRkZjJiNTcxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUN4AAwDQYJKoZIhvcNAQELBQADggEBAE4sf0KBn6AWYZueD0VwjZwF0Ta9
PDaVCIBCuZr1+V5d9IgC/tuczB8qjyrKXjM3l+OmMepZMBs5cQTwHCqkXR0/+00b
OWmcnCdJkl2gz70jw8VuiCZr1C1SVRa7YYHgXxnj8hqEvKTu6DmtFaKwfMcd41xS
7c9NzhlnVF4OOfy+JbW/st+LNXypP4Ls3ggWbQyAK0YYx37zyp4jJssnYmBwQPKw
FxF/Awb8mAUfz/P5pwAmLkQav3MDn74Q2SLRSVqV/JdDT/INukrjbajm2afbjBHB
yO1OT5KPa/2ojbT/5l/5x9OCtPfX4OxEvLLZ8Fmh3z1wo8cLYDzN5Gpopq4=
-----END CERTIFICATE-----