Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a4bfa0a3-08b1-4a36-beeb-0375b26188ba.roa
File:                     a4bfa0a3-08b1-4a36-beeb-0375b26188ba.roa (raw, json)
Hash identifier:          25Gl8zVoU9OnbrWwvQcop9/hAEMHK+ezUzK47Z/oOkQ=
Subject key identifier:   EB:22:1D:AB:6F:CB:E1:DA:3B:B8:80:2F:02:E0:C2:CA:76:7B:56:0C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0DE55603574C20BB64F82597850E6F95578DB1B3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a4bfa0a3-08b1-4a36-beeb-0375b26188ba.roa
Signing time:             Wed 24 Sep 2025 17:24:31 +0000
ROA not before:           Wed 24 Sep 2025 17:24:31 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:e5:56:03:57:4c:20:bb:64:f8:25:97:85:0e:6f:95:57:8d:b1:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 17:24:31 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=e346d91377684430829b1141ed77150168ebe763cdf9fea152dcdef367e74a11, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:7b:d5:ad:c3:7b:b2:14:26:26:28:43:55:4f:
                    78:93:a1:85:b7:40:5f:db:20:b9:91:15:b1:e1:46:
                    b1:8b:3e:98:66:a3:83:ab:55:7d:a4:9a:2d:78:ed:
                    7b:b8:0d:c6:c8:16:a7:f9:38:41:2c:bf:c8:b0:30:
                    aa:d7:79:68:3f:b4:cf:15:27:cd:41:84:fa:17:9d:
                    01:66:b6:c6:58:93:a5:c8:0d:4b:f1:10:f3:6c:44:
                    03:a4:92:59:9d:42:7a:59:77:e3:48:37:c4:13:76:
                    26:53:6e:dd:f3:91:a9:8e:05:bd:0d:ff:38:ca:a3:
                    0c:00:bc:f4:a7:91:c9:c9:58:ec:cd:fc:9b:93:8d:
                    b1:3c:1d:4e:3c:2c:bf:0d:b2:15:39:a7:0e:0f:f0:
                    93:66:cf:39:c9:04:10:cd:32:07:1c:00:ab:8a:cf:
                    72:fd:7e:37:71:83:17:57:41:80:3c:09:39:38:60:
                    30:3e:e9:5f:09:e0:b1:8f:7e:29:a4:49:8f:3d:1b:
                    ee:de:5b:aa:99:09:7b:11:7f:35:90:83:2a:a4:e9:
                    e1:ac:e1:97:d7:4d:d6:0c:6d:61:af:07:19:40:ac:
                    40:a3:eb:20:e0:96:8d:8c:cc:67:93:df:e8:fd:bb:
                    54:cd:cd:6d:64:f9:43:3f:fd:92:ca:29:8d:7e:fc:
                    60:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:22:1D:AB:6F:CB:E1:DA:3B:B8:80:2F:02:E0:C2:CA:76:7B:56:0C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a4bfa0a3-08b1-4a36-beeb-0375b26188ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:43:f4:5a:26:41:eb:b3:d7:df:8a:bc:e7:9b:8c:a0:0a:2b:
         a9:da:3d:84:4c:d7:0b:50:16:82:ac:79:6a:ea:21:1a:d1:19:
         9a:43:ad:e8:cc:d1:3f:0e:9a:37:1d:02:bc:39:6f:6a:cc:4c:
         35:22:ca:87:00:8d:63:a1:41:39:e1:5b:52:9e:84:8f:9f:00:
         98:16:52:35:85:d1:1c:4a:04:0d:1d:83:01:d7:33:c3:65:31:
         97:4f:40:3e:59:61:8b:0f:56:85:57:f3:4e:b3:05:85:f0:d0:
         e3:66:60:93:36:c0:e5:62:9c:69:e1:bc:b2:f6:63:dd:71:87:
         e3:c4:5b:19:60:54:df:b8:29:c4:df:b8:12:32:28:c1:95:fc:
         8f:40:43:f5:d8:47:39:a7:e8:75:05:3a:da:58:39:4a:37:8c:
         d2:42:85:28:18:d1:ed:5e:2d:09:da:5a:58:a1:8a:2b:36:18:
         6d:f5:e4:22:50:28:90:2f:e4:c7:f8:b5:10:71:e9:62:da:48:
         02:2c:c4:5e:aa:e9:c4:92:58:f0:5b:a8:87:a7:da:f9:b9:dc:
         56:35:55:4f:25:77:a8:58:85:42:99:cd:33:27:ae:6c:fa:f9:
         df:42:87:79:51:e6:21:d5:04:fd:c6:24:00:8b:70:02:9e:15:
         06:72:81:3f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDeVWA1dMILtk+CWXhQ5vlVeNsbMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTcyNDMxWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMzQ2ZDkxMzc3Njg0NDMwODI5YjExNDFlZDc3MTUwMTY4
ZWJlNzYzY2RmOWZlYTE1MmRjZGVmMzY3ZTc0YTExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQe9Wtw3uyFCYmKENVT3iToYW3QF/bILmRFbHhRrGLPphm
o4OrVX2kmi147Xu4DcbIFqf5OEEsv8iwMKrXeWg/tM8VJ81BhPoXnQFmtsZYk6XI
DUvxEPNsRAOkklmdQnpZd+NIN8QTdiZTbt3zkamOBb0N/zjKowwAvPSnkcnJWOzN
/JuTjbE8HU48LL8NshU5pw4P8JNmzznJBBDNMgccAKuKz3L9fjdxgxdXQYA8CTk4
YDA+6V8J4LGPfimkSY89G+7eW6qZCXsRfzWQgyqk6eGs4ZfXTdYMbWGvBxlArECj
6yDglo2MzGeT3+j9u1TNzW1k+UM//ZLKKY1+/GCHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6yIdq2/L4do7uIAvAuDCynZ7VgwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E0YmZhMGEzLTA4YjEtNGEzNi1iZWViLTAzNzViMjYxODhiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANII0wDQYJKoZIhvcNAQELBQADggEBAB9D9FomQeuz19+KvOebjKAKK6na
PYRM1wtQFoKseWrqIRrRGZpDrejM0T8OmjcdArw5b2rMTDUiyocAjWOhQTnhW1Ke
hI+fAJgWUjWF0RxKBA0dgwHXM8NlMZdPQD5ZYYsPVoVX806zBYXw0ONmYJM2wOVi
nGnhvLL2Y91xh+PEWxlgVN+4KcTfuBIyKMGV/I9AQ/XYRzmn6HUFOtpYOUo3jNJC
hSgY0e1eLQnaWlihiis2GG315CJQKJAv5Mf4tRBx6WLaSAIsxF6q6cSSWPBbqIen
2vm53FY1VU8ld6hYhUKZzTMnrmz6+d9Ch3lR5iHVBP3GJACLcAKeFQZygT8=
-----END CERTIFICATE-----