Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/af6dee73-c337-473c-9ac4-b9173e4ec777.roa
File:                     af6dee73-c337-473c-9ac4-b9173e4ec777.roa (raw, json)
Hash identifier:          etrxKFQPGFzBqeURarXddOI8/9oALCNv39pytW5NlE0=
Subject key identifier:   FE:9C:6E:AA:8D:06:D8:7F:BA:BE:05:92:F3:E7:C5:3F:F8:88:DD:4C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       470436CA50F1121182088A327FF7D7889269273B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/af6dee73-c337-473c-9ac4-b9173e4ec777.roa
Signing time:             Wed 24 Sep 2025 17:31:01 +0000
ROA not before:           Wed 24 Sep 2025 17:31:01 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:04:36:ca:50:f1:12:11:82:08:8a:32:7f:f7:d7:88:92:69:27:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 17:31:01 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=5d9ac716ed688344860ed6f92e93f89bfef51f3ccdadb8d1331fa90c951e60f2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a2:bf:db:5a:34:0a:d3:cc:3e:25:13:8f:a9:
                    a3:c5:ae:e0:c7:d4:34:7c:6e:2a:b9:99:26:c5:7a:
                    ed:5a:0c:0f:65:11:92:65:02:cf:e8:04:d3:e0:44:
                    0e:b2:33:87:78:b3:11:0b:d1:cb:25:1f:e4:bb:cb:
                    e3:81:cf:b6:0c:39:23:eb:f4:4d:b3:48:40:ae:41:
                    eb:aa:e9:36:81:e4:c5:22:37:67:c5:99:99:b9:0c:
                    60:bd:4f:4f:cb:34:be:69:c2:99:11:3e:d7:58:56:
                    e2:23:39:80:44:61:9e:64:a6:87:77:cf:15:93:a8:
                    68:7d:8d:ab:82:56:5c:55:c3:14:de:07:de:2a:ee:
                    96:8a:02:1f:37:2d:11:72:d3:fd:4f:17:32:9b:4e:
                    5e:21:78:ba:39:3f:d3:a4:b7:67:5f:00:2a:0f:62:
                    7c:6a:aa:de:59:8b:a4:a0:cb:ab:89:36:b4:62:0d:
                    db:9d:e8:db:7a:3b:40:0a:80:a7:e6:89:f8:7f:c6:
                    c4:49:c7:35:60:bb:73:6c:4b:5b:20:4d:e8:ae:d0:
                    15:bd:40:3a:e8:06:b1:1d:10:13:8f:60:fa:77:0d:
                    09:5d:aa:75:38:f6:40:f8:55:0b:73:2b:f3:00:aa:
                    cc:ad:0a:bf:b2:04:f2:e1:43:6b:4f:a8:e0:78:02:
                    96:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:9C:6E:AA:8D:06:D8:7F:BA:BE:05:92:F3:E7:C5:3F:F8:88:DD:4C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/af6dee73-c337-473c-9ac4-b9173e4ec777.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:b8:d2:8f:d7:48:a0:3c:1d:62:d7:75:ac:aa:0f:f9:64:1f:
         ed:5f:cb:c4:44:20:14:d1:fe:e4:d6:ba:44:ed:bb:40:9b:84:
         c2:a3:fa:56:2c:97:8f:59:a9:5a:e5:4b:1b:44:9c:af:64:60:
         e0:ee:d7:ee:0a:aa:46:75:c7:e7:cb:24:46:a3:e3:56:ed:e5:
         36:3e:bd:d9:63:b3:12:de:7b:34:04:04:c2:70:95:bd:41:00:
         70:3d:69:74:f8:9d:7b:98:6d:a8:33:3b:12:37:c3:b2:49:34:
         47:5e:4e:69:61:21:15:94:db:cd:56:3a:48:4b:c3:4a:2d:f2:
         16:aa:a6:8f:a2:76:b8:1a:1f:59:8e:2b:78:e6:c6:a1:29:99:
         08:57:71:47:70:ab:17:39:61:63:94:6d:7f:3f:a5:18:47:93:
         40:6b:e2:2b:04:78:4a:26:66:82:df:23:77:3e:a1:37:b6:9e:
         72:b0:07:f2:ed:e7:79:f8:d6:34:7c:d1:1c:cf:fd:02:25:2c:
         b1:14:4e:1a:32:0c:a9:92:00:d6:b3:73:f2:5f:56:df:30:7c:
         80:21:15:b9:9f:dd:50:46:18:c5:78:b9:ac:49:de:44:8f:d7:
         06:a2:1a:87:e2:ef:53:d9:4c:59:e0:31:7c:3b:27:8d:ec:6d:
         ff:85:f5:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURwQ2ylDxEhGCCIoyf/fXiJJpJzswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTczMTAxWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZDlhYzcxNmVkNjg4MzQ0ODYwZWQ2ZjkyZTkzZjg5YmZl
ZjUxZjNjY2RhZGI4ZDEzMzFmYTkwYzk1MWU2MGYyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIor/bWjQK08w+JROPqaPFruDH1DR8biq5mSbFeu1aDA9l
EZJlAs/oBNPgRA6yM4d4sxEL0cslH+S7y+OBz7YMOSPr9E2zSECuQeuq6TaB5MUi
N2fFmZm5DGC9T0/LNL5pwpkRPtdYVuIjOYBEYZ5kpod3zxWTqGh9jauCVlxVwxTe
B94q7paKAh83LRFy0/1PFzKbTl4heLo5P9Okt2dfACoPYnxqqt5Zi6Sgy6uJNrRi
Ddud6Nt6O0AKgKfmifh/xsRJxzVgu3NsS1sgTeiu0BW9QDroBrEdEBOPYPp3DQld
qnU49kD4VQtzK/MAqsytCr+yBPLhQ2tPqOB4ApZfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/pxuqo0G2H+6vgWS8+fFP/iI3UwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FmNmRlZTczLWMzMzctNDczYy05YWM0LWI5MTczZTRlYzc3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANICYwDQYJKoZIhvcNAQELBQADggEBAC240o/XSKA8HWLXdayqD/lkH+1f
y8REIBTR/uTWukTtu0CbhMKj+lYsl49ZqVrlSxtEnK9kYODu1+4KqkZ1x+fLJEaj
41bt5TY+vdljsxLeezQEBMJwlb1BAHA9aXT4nXuYbagzOxI3w7JJNEdeTmlhIRWU
281WOkhLw0ot8haqpo+idrgaH1mOK3jmxqEpmQhXcUdwqxc5YWOUbX8/pRhHk0Br
4isEeEomZoLfI3c+oTe2nnKwB/Lt53n41jR80RzP/QIlLLEUThoyDKmSANazc/Jf
Vt8wfIAhFbmf3VBGGMV4uaxJ3kSP1waiGofi71PZTFngMXw7J43sbf+F9SU=
-----END CERTIFICATE-----