Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/01424ab9-8fdf-4cc6-bcda-5036b972622f.roa
File:                     01424ab9-8fdf-4cc6-bcda-5036b972622f.roa (raw, json)
Hash identifier:          IGbzFAwOlT0Uik9zHupDo/n/QW1NXN4SB2bA4l91CHU=
Subject key identifier:   85:E2:19:FC:A8:CF:4F:8B:58:CD:22:42:AE:53:CF:A2:37:0B:C1:CC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3DDE021C16C91A8764F2E359B6824A132C98CFFB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/01424ab9-8fdf-4cc6-bcda-5036b972622f.roa
Signing time:             Sun 19 Oct 2025 15:13:37 +0000
ROA not before:           Sun 19 Oct 2025 15:13:37 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.33.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:de:02:1c:16:c9:1a:87:64:f2:e3:59:b6:82:4a:13:2c:98:cf:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 15:13:37 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=35bc8f6086e3ca21b43e5e5cb8be9fa75ca20b4c305886154675a3566f146e1e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:45:02:fd:eb:8a:5a:f3:49:ee:60:e1:91:9e:
                    75:4f:2e:1c:bf:33:67:1c:3a:be:6b:20:25:8e:55:
                    b0:82:ef:9a:e9:ea:c8:67:2b:83:3c:ca:48:e3:4e:
                    f5:dc:66:10:39:42:f9:3f:12:e9:fd:cf:a5:91:4e:
                    cb:48:3b:f1:91:3c:ce:b4:29:5d:df:4a:01:aa:ea:
                    1f:d6:3f:de:80:57:25:e0:c8:33:26:2a:06:dd:01:
                    fa:d6:94:18:18:8f:d4:fe:9e:03:01:d8:f8:d6:24:
                    8b:2b:2d:3c:6c:eb:e1:d0:a2:cd:7b:23:d9:67:3b:
                    ab:b9:3d:4c:6e:17:af:7e:7b:49:77:f1:bf:5d:d3:
                    7b:e6:ce:ad:ed:ca:a1:bc:82:cf:de:5f:da:a6:3d:
                    78:29:98:f2:6f:c3:3f:a7:55:2d:fc:69:d1:4c:02:
                    6f:5e:9a:4e:8e:c6:9f:12:b0:b3:16:fe:fe:88:7e:
                    78:3f:48:3a:bb:a5:85:2c:b8:79:62:fc:9f:c3:86:
                    b5:30:46:35:1d:af:9f:4e:48:65:bd:85:9b:ed:ec:
                    88:c5:26:dc:a2:bd:15:9f:14:f1:50:90:55:bd:8e:
                    6a:d0:f3:6b:26:02:35:f1:1a:19:fb:38:8d:80:4b:
                    28:ad:14:fb:6d:8e:49:55:3e:e8:b0:85:22:3c:14:
                    dc:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:E2:19:FC:A8:CF:4F:8B:58:CD:22:42:AE:53:CF:A2:37:0B:C1:CC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/01424ab9-8fdf-4cc6-bcda-5036b972622f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.33.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:74:35:e8:0b:1c:c8:6d:8e:6a:bd:99:28:07:7f:f7:14:83:
         67:94:d9:e5:2b:df:60:32:0e:2c:67:9a:7e:20:33:53:a7:7d:
         f4:26:5e:a1:53:a4:34:a6:09:62:48:7d:d8:ee:28:f2:51:ef:
         e2:66:55:44:ee:a9:1d:af:c3:ad:a0:7f:9e:63:ef:e8:df:14:
         13:ab:06:43:9d:aa:00:eb:ca:7d:43:7e:20:3e:19:6f:20:4d:
         5d:ab:5f:5b:7d:4f:a0:a5:2b:ca:d7:99:64:13:7b:b1:cd:74:
         b9:db:a7:d8:9b:af:e4:ee:14:1a:59:5c:05:b4:76:b1:bb:7b:
         1c:15:9a:d9:b3:5c:2c:93:9e:c1:20:5b:a1:3d:08:8f:a0:c0:
         c3:ce:ea:a1:a6:4f:f5:97:1f:4b:e0:8b:66:50:59:ec:c0:e7:
         0b:73:d6:88:36:34:59:33:69:55:75:c0:98:c5:41:af:a3:75:
         3a:2b:ca:d0:55:31:9e:e4:f3:d8:e7:a5:bc:45:59:86:9c:9e:
         91:21:af:92:cc:bb:60:bd:2d:f6:f7:a9:a0:a0:ce:67:7f:3a:
         f1:f4:1e:3c:45:42:fc:e1:24:f6:29:c4:bd:3e:79:5f:0e:08:
         aa:2e:02:87:69:ac:da:63:79:da:b7:85:db:c2:e5:0d:16:28:
         d6:bb:7a:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPd4CHBbJGodk8uNZtoJKEyyYz/swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTUxMzM3WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNWJjOGY2MDg2ZTNjYTIxYjQzZTVlNWNiOGJlOWZhNzVj
YTIwYjRjMzA1ODg2MTU0Njc1YTM1NjZmMTQ2ZTFlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDERQL964pa80nuYOGRnnVPLhy/M2ccOr5rICWOVbCC75rp
6shnK4M8ykjjTvXcZhA5Qvk/Eun9z6WRTstIO/GRPM60KV3fSgGq6h/WP96AVyXg
yDMmKgbdAfrWlBgYj9T+ngMB2PjWJIsrLTxs6+HQos17I9lnO6u5PUxuF69+e0l3
8b9d03vmzq3tyqG8gs/eX9qmPXgpmPJvwz+nVS38adFMAm9emk6Oxp8SsLMW/v6I
fng/SDq7pYUsuHli/J/DhrUwRjUdr59OSGW9hZvt7IjFJtyivRWfFPFQkFW9jmrQ
82smAjXxGhn7OI2ASyitFPttjklVPuiwhSI8FNzxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUheIZ/KjPT4tYzSJCrlPPojcLwcwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAxNDI0YWI5LThmZGYtNGNjNi1iY2RhLTUwMzZiOTcyNjIyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANIXMwDQYJKoZIhvcNAQELBQADggEBACd0NegLHMhtjmq9mSgHf/cUg2eU
2eUr32AyDixnmn4gM1OnffQmXqFTpDSmCWJIfdjuKPJR7+JmVUTuqR2vw62gf55j
7+jfFBOrBkOdqgDryn1DfiA+GW8gTV2rX1t9T6ClK8rXmWQTe7HNdLnbp9ibr+Tu
FBpZXAW0drG7exwVmtmzXCyTnsEgW6E9CI+gwMPO6qGmT/WXH0vgi2ZQWezA5wtz
1og2NFkzaVV1wJjFQa+jdTorytBVMZ7k89jnpbxFWYacnpEhr5LMu2C9Lfb3qaCg
zmd/OvH0HjxFQvzhJPYpxL0+eV8OCKouAodprNpjedq3hdvC5Q0WKNa7eqM=
-----END CERTIFICATE-----