Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9cd42836-2ab7-4dea-ac47-f41584c49836.roa
File:                     9cd42836-2ab7-4dea-ac47-f41584c49836.roa (raw, json)
Hash identifier:          TEMeCOUT5Y+ys0ge1QcwiiIC5swFB3FhebxJO/uW3GE=
Subject key identifier:   55:EB:53:54:12:01:07:81:E4:D5:14:C9:8D:D4:A1:1D:54:7B:BF:1E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2F60831235CB98D9895D6A8311E5B8EB0D93CB93
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9cd42836-2ab7-4dea-ac47-f41584c49836.roa
Signing time:             Fri 27 Jun 2025 15:00:17 +0000
ROA not before:           Fri 27 Jun 2025 15:00:17 +0000
ROA not after:            Fri 01 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.124.64.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 03 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:60:83:12:35:cb:98:d9:89:5d:6a:83:11:e5:b8:eb:0d:93:cb:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 27 15:00:17 2025 GMT
            Not After : Aug  1 23:59:59 2025 GMT
        Subject: serialNumber=4d411232aafd3aae2941685b75423911124117ffa59cd5a850b4f750197c0791, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:cd:99:48:60:b6:8e:01:ae:e4:48:7d:55:c4:
                    5e:84:23:cd:d9:07:c3:6f:41:73:eb:73:47:a9:a3:
                    cb:99:9c:4e:4d:a4:61:76:47:14:0a:8b:1a:87:48:
                    1d:90:0f:25:b7:64:a0:ee:8c:5d:63:a1:21:cd:92:
                    f3:e7:d4:93:ec:a2:bb:9c:93:83:0e:17:4f:70:4e:
                    a8:d6:b4:c6:9b:db:89:c6:4b:07:11:57:1c:9c:cd:
                    7e:49:1d:49:47:67:3e:e3:e3:72:df:8e:ae:6f:f0:
                    83:00:e5:5e:54:62:cb:ac:c6:23:b0:ff:25:f7:72:
                    28:0f:87:bb:58:6b:00:52:b1:5b:10:c8:bf:37:f4:
                    d0:b2:36:be:53:f6:65:88:16:9b:e1:1b:19:22:dc:
                    97:3a:e8:fd:ec:46:e1:d9:89:9b:3b:58:f8:e8:2c:
                    b3:b0:df:49:d2:4c:a0:9d:c9:23:8c:19:dc:56:17:
                    2d:39:04:23:4a:ec:eb:de:b4:1b:db:2b:10:82:5f:
                    c3:81:fd:11:7b:99:03:8c:80:a8:c7:d9:16:f6:6e:
                    95:6d:1c:cd:08:97:6e:8c:7e:9d:dd:81:89:45:bb:
                    e7:0a:d7:bd:92:83:05:cc:64:7a:dd:3d:31:df:47:
                    d8:dd:e1:c9:a0:02:29:36:f0:65:d4:b7:56:6d:0b:
                    81:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:EB:53:54:12:01:07:81:E4:D5:14:C9:8D:D4:A1:1D:54:7B:BF:1E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9cd42836-2ab7-4dea-ac47-f41584c49836.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.124.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         46:2b:7c:b9:e7:68:21:39:0b:c3:fb:2a:41:15:3d:a6:72:0d:
         d6:a0:27:e0:e3:b2:8f:51:e1:f9:f3:4c:ec:90:38:c5:89:dd:
         ad:dd:ec:fe:f9:23:97:1e:ff:41:d6:e8:61:d8:1d:02:0d:57:
         c7:a2:96:dd:b1:f4:5b:00:06:fd:29:ae:50:40:33:ce:12:f1:
         91:ca:bf:11:8a:e3:a1:97:96:20:e9:f7:f1:f1:48:10:76:fd:
         f0:a7:b3:1c:22:16:e7:04:2e:8f:40:c5:4d:67:a1:5a:83:bb:
         4b:c3:18:a6:d0:5e:92:b1:29:16:7d:d2:f2:fa:58:40:26:f1:
         31:c1:a4:84:6b:1b:ea:8a:8d:04:8f:94:c8:7c:b6:d1:83:7e:
         7b:33:bd:8b:69:1d:c6:96:fa:db:83:11:30:3c:60:40:2b:e6:
         aa:46:dd:54:d7:1e:92:4e:45:0b:25:50:ff:ec:8f:56:2d:55:
         f0:27:02:43:a9:06:54:67:a8:0e:c2:20:b9:02:b0:b8:df:4b:
         1d:75:c4:af:41:60:0d:bb:0a:de:9e:03:60:f5:56:bc:2b:e6:
         36:09:2d:e6:f2:8a:a3:97:95:df:07:91:4e:f2:90:e5:e4:67:
         f0:42:e8:9c:d0:cc:e7:3d:53:3f:99:b7:13:5f:df:fa:05:d9:
         3d:bb:49:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL2CDEjXLmNmJXWqDEeW46w2Ty5MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjI3MTUwMDE3WhcNMjUwODAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZDQxMTIzMmFhZmQzYWFlMjk0MTY4NWI3NTQyMzkxMTEy
NDExN2ZmYTU5Y2Q1YTg1MGI0Zjc1MDE5N2MwNzkxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIzZlIYLaOAa7kSH1VxF6EI83ZB8NvQXPrc0epo8uZnE5N
pGF2RxQKixqHSB2QDyW3ZKDujF1joSHNkvPn1JPsoruck4MOF09wTqjWtMab24nG
SwcRVxyczX5JHUlHZz7j43Lfjq5v8IMA5V5UYsusxiOw/yX3cigPh7tYawBSsVsQ
yL839NCyNr5T9mWIFpvhGxki3Jc66P3sRuHZiZs7WPjoLLOw30nSTKCdySOMGdxW
Fy05BCNK7OvetBvbKxCCX8OB/RF7mQOMgKjH2Rb2bpVtHM0Il26Mfp3dgYlFu+cK
172SgwXMZHrdPTHfR9jd4cmgAik28GXUt1ZtC4EJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVetTVBIBB4Hk1RTJjdShHVR7vx4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzljZDQyODM2LTJhYjctNGRlYS1hYzQ3LWY0MTU4NGM0OTgzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYNfEAwDQYJKoZIhvcNAQELBQADggEBAEYrfLnnaCE5C8P7KkEVPaZyDdag
J+Djso9R4fnzTOyQOMWJ3a3d7P75I5ce/0HW6GHYHQINV8eilt2x9FsABv0prlBA
M84S8ZHKvxGK46GXliDp9/HxSBB2/fCnsxwiFucELo9AxU1noVqDu0vDGKbQXpKx
KRZ90vL6WEAm8THBpIRrG+qKjQSPlMh8ttGDfnszvYtpHcaW+tuDETA8YEAr5qpG
3VTXHpJORQslUP/sj1YtVfAnAkOpBlRnqA7CILkCsLjfSx11xK9BYA27Ct6eA2D1
Vrwr5jYJLebyiqOXld8HkU7ykOXkZ/BC6JzQzOc9Uz+ZtxNf3/oF2T27SXk=
-----END CERTIFICATE-----