Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a03ec6b2-486f-4402-ad2d-2586a79c6d6d.roa
File:                     a03ec6b2-486f-4402-ad2d-2586a79c6d6d.roa (raw, json)
Hash identifier:          3ChIoYSyvkf9vsAsA0Yb5OAGuYmXWE2vvwR0v11wTaw=
Subject key identifier:   97:DC:79:7C:3F:C5:B1:E3:4E:02:C9:F1:B9:7B:F0:8F:3F:B4:BD:A4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       399B2BAE7D9ED12D5635996BE1195C86FBAFA858
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a03ec6b2-486f-4402-ad2d-2586a79c6d6d.roa
Signing time:             Mon 22 Sep 2025 16:44:04 +0000
ROA not before:           Mon 22 Sep 2025 16:44:04 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.249.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:9b:2b:ae:7d:9e:d1:2d:56:35:99:6b:e1:19:5c:86:fb:af:a8:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 16:44:04 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=152680292f793d2c5a11ad10607f2a18a7b7efa7f84c1a3edf6cc115d0f57488, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b5:e5:2d:98:f7:19:16:64:c2:b4:b8:2c:21:
                    c0:dc:d7:4d:68:dd:45:8a:7a:19:df:2a:b9:7c:7a:
                    0f:2a:18:5b:56:75:22:3e:83:58:51:1e:0b:1e:45:
                    ff:73:bb:8c:0b:30:54:20:b6:99:73:69:93:32:55:
                    31:06:35:bf:4b:fa:6a:4f:62:d9:3c:2f:d1:6a:69:
                    22:7e:ae:90:3d:6d:ba:8e:0a:44:c6:dd:2b:8d:1c:
                    61:a9:61:cd:a4:45:45:28:3d:63:ff:81:b2:e7:73:
                    6b:54:4f:2b:e1:ed:e3:cb:ef:a0:a4:f4:79:6a:ba:
                    ca:29:2c:38:11:cc:8f:c8:27:b1:f9:55:92:94:c3:
                    38:35:d9:a9:cd:cf:20:0d:27:f5:58:c2:f4:db:c6:
                    a3:81:fe:12:da:06:0c:cd:6b:ef:0a:80:b3:e4:bf:
                    58:d6:b6:91:30:17:12:5b:08:1a:1b:ba:e2:29:0e:
                    cc:b7:83:82:95:49:ea:a8:bf:7f:d6:74:f7:1e:72:
                    86:ae:f4:f8:1f:20:6b:c9:02:88:e6:ce:dd:1b:d6:
                    6f:52:64:70:63:04:49:44:f3:6a:e8:15:a6:98:08:
                    88:63:c8:2e:da:98:68:97:7d:b7:0d:d9:ae:79:d7:
                    5e:65:a6:17:bc:ac:91:bf:7e:06:df:20:5b:8d:ba:
                    5d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:DC:79:7C:3F:C5:B1:E3:4E:02:C9:F1:B9:7B:F0:8F:3F:B4:BD:A4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a03ec6b2-486f-4402-ad2d-2586a79c6d6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.249.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:bf:0e:12:47:10:f2:ee:19:b7:5d:bf:b3:a4:07:b1:b7:5d:
         f5:d0:62:ee:33:1a:9c:1b:47:47:28:4d:4b:94:0f:38:ef:46:
         35:5f:3e:5e:ab:7c:97:5f:b4:86:b8:40:3c:ee:62:b3:6f:ae:
         da:55:32:86:f4:26:97:95:5d:d7:85:da:d8:f0:eb:1c:58:c5:
         f3:36:70:fd:de:75:18:28:58:dd:be:bd:00:9a:6a:ae:6d:25:
         0b:78:a8:75:48:0d:af:01:d4:41:db:da:ae:87:1b:78:aa:dc:
         9a:f7:d0:54:f3:b7:ff:e3:db:1f:0b:73:27:d5:93:95:a2:22:
         59:1a:db:03:f4:84:62:2b:7e:7c:41:b8:60:59:8e:8f:b2:3b:
         6b:ec:ab:ac:0f:77:3a:d4:db:8c:3e:10:c0:e9:de:c3:cb:94:
         ce:3f:73:25:77:ff:b8:41:d2:b9:0c:f8:3e:e9:82:d0:fe:ea:
         36:d6:91:1d:b4:62:d1:35:fe:20:09:96:97:86:ee:b2:d3:d7:
         d7:f9:a1:a6:47:c3:f2:be:95:07:be:c8:c3:09:a5:db:7f:d1:
         42:69:02:2d:21:9d:52:4c:9d:39:31:73:6c:70:32:11:f5:8f:
         9c:33:f8:01:d1:17:6f:ae:c1:4b:bf:3d:a8:db:e5:66:da:ab:
         31:08:39:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOZsrrn2e0S1WNZlr4RlchvuvqFgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTY0NDA0WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTI2ODAyOTJmNzkzZDJjNWExMWFkMTA2MDdmMmExOGE3
YjdlZmE3Zjg0YzFhM2VkZjZjYzExNWQwZjU3NDg4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkteUtmPcZFmTCtLgsIcDc101o3UWKehnfKrl8eg8qGFtW
dSI+g1hRHgseRf9zu4wLMFQgtplzaZMyVTEGNb9L+mpPYtk8L9FqaSJ+rpA9bbqO
CkTG3SuNHGGpYc2kRUUoPWP/gbLnc2tUTyvh7ePL76Ck9HlqusopLDgRzI/IJ7H5
VZKUwzg12anNzyANJ/VYwvTbxqOB/hLaBgzNa+8KgLPkv1jWtpEwFxJbCBobuuIp
Dsy3g4KVSeqov3/WdPcecoau9PgfIGvJAojmzt0b1m9SZHBjBElE82roFaaYCIhj
yC7amGiXfbcN2a55115lphe8rJG/fgbfIFuNul3tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUl9x5fD/FseNOAsnxuXvwjz+0vaQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EwM2VjNmIyLTQ4NmYtNDQwMi1hZDJkLTI1ODZhNzljNmQ2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN+fowDQYJKoZIhvcNAQELBQADggEBAIC/DhJHEPLuGbddv7OkB7G3XfXQ
Yu4zGpwbR0coTUuUDzjvRjVfPl6rfJdftIa4QDzuYrNvrtpVMob0JpeVXdeF2tjw
6xxYxfM2cP3edRgoWN2+vQCaaq5tJQt4qHVIDa8B1EHb2q6HG3iq3Jr30FTzt//j
2x8LcyfVk5WiIlka2wP0hGIrfnxBuGBZjo+yO2vsq6wPdzrU24w+EMDp3sPLlM4/
cyV3/7hB0rkM+D7pgtD+6jbWkR20YtE1/iAJlpeG7rLT19f5oaZHw/K+lQe+yMMJ
pdt/0UJpAi0hnVJMnTkxc2xwMhH1j5wz+AHRF2+uwUu/Pajb5WbaqzEIOX8=
-----END CERTIFICATE-----