Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/01532514-c193-4dc1-9222-1199666a7f58.roa
File:                     01532514-c193-4dc1-9222-1199666a7f58.roa (raw, json)
Hash identifier:          96Ep+m7hVge12l78C3UYt/MEBCDcgzxd1tL+UAzkmTU=
Subject key identifier:   E0:46:8C:C4:99:CE:DE:EC:F8:29:34:EA:73:92:44:5A:53:09:63:CE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7E8ED7E338473BF26C9D6392AB0E7D9AF5E524A2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/01532514-c193-4dc1-9222-1199666a7f58.roa
Signing time:             Sun 19 Oct 2025 17:42:33 +0000
ROA not before:           Sun 19 Oct 2025 17:42:33 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.226.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:8e:d7:e3:38:47:3b:f2:6c:9d:63:92:ab:0e:7d:9a:f5:e5:24:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 17:42:33 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=cfde02cbd57f672aca8254f2ad102b277a6f91fe5ba0085f6c6a163e2019220d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:16:ef:84:2b:de:b0:a5:eb:95:4f:fb:62:27:
                    77:08:0c:77:37:cb:7f:71:1a:92:aa:32:2d:1a:d2:
                    0d:d7:fc:4c:3c:6c:7c:f3:06:3b:80:62:97:30:36:
                    4d:44:cb:fc:95:01:36:82:cf:90:17:4e:52:c7:be:
                    c9:9f:30:e6:f9:f7:c2:4b:f0:e4:a8:07:0a:53:c1:
                    0d:ad:00:86:ca:78:2a:ca:0e:a7:18:bd:dc:d1:8b:
                    f2:7e:ea:fd:a1:6f:75:9e:f1:6f:60:c2:20:c4:3d:
                    97:f1:a4:a4:61:9e:3e:f9:63:ad:3f:26:93:b9:56:
                    66:20:56:cb:f2:11:5c:c2:51:79:13:c0:c1:be:4f:
                    dd:9e:bb:d4:54:f2:4d:c6:6f:a5:88:18:ad:40:f8:
                    6d:a1:72:44:06:22:0f:18:a5:12:f6:8f:a8:14:55:
                    ff:84:2c:da:f7:f2:81:72:15:a6:9f:81:10:c6:90:
                    26:e8:a5:c6:59:57:8c:45:fb:48:ef:c2:55:a0:df:
                    a2:83:ef:af:a9:e4:73:68:3f:b6:7a:05:d9:15:e2:
                    a6:08:39:57:f7:83:e2:e4:5c:40:d9:ba:15:7b:2a:
                    c2:ce:ad:63:82:6b:29:30:41:c1:dd:e9:53:26:30:
                    03:a7:80:68:7b:5c:49:16:71:64:85:3a:7f:3c:cd:
                    02:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:46:8C:C4:99:CE:DE:EC:F8:29:34:EA:73:92:44:5A:53:09:63:CE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/01532514-c193-4dc1-9222-1199666a7f58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.226.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         70:da:97:6d:cc:94:fb:26:49:ab:44:52:81:4f:bb:2c:a0:cf:
         70:3d:f4:85:c6:05:a1:88:dd:0d:9b:b6:6d:a6:3d:86:9b:6e:
         40:4b:c3:db:00:b3:41:c9:e2:39:a9:bc:f0:55:c1:ba:94:4f:
         63:32:3c:4e:6a:0f:48:21:77:fe:2d:ad:99:ca:8c:66:bb:75:
         53:54:f1:ac:0b:63:4a:00:23:45:ff:a3:ec:50:d6:25:0c:e4:
         91:01:33:84:1f:04:46:11:9e:99:3f:d7:85:14:06:76:2e:9b:
         e0:90:b9:dd:96:21:17:8a:e0:51:1c:7e:9e:31:0a:f9:6f:28:
         4d:99:b9:6b:c3:9c:0a:52:7e:97:2b:2c:2c:a3:99:40:0e:ad:
         f1:d9:34:00:39:05:02:9b:d9:d4:73:00:a5:87:79:ac:89:6d:
         45:fa:0a:6f:4c:6b:87:b4:c0:57:50:50:87:db:3c:f0:e2:18:
         cb:90:b5:ba:0c:31:52:c7:84:0f:47:fc:ed:3b:93:91:78:34:
         b3:a4:69:79:91:30:9a:07:36:77:10:22:36:c7:94:2c:c2:ec:
         88:90:06:20:8f:fc:c5:b6:4e:00:8d:88:b0:bd:e2:0b:cf:35:
         63:41:31:68:f0:51:f5:41:0e:33:a0:f9:6e:8c:3b:6f:a1:74:
         a5:75:9e:c1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfo7X4zhHO/JsnWOSqw59mvXlJKIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTc0MjMzWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZmRlMDJjYmQ1N2Y2NzJhY2E4MjU0ZjJhZDEwMmIyNzdh
NmY5MWZlNWJhMDA4NWY2YzZhMTYzZTIwMTkyMjBkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbFu+EK96wpeuVT/tiJ3cIDHc3y39xGpKqMi0a0g3X/Ew8
bHzzBjuAYpcwNk1Ey/yVATaCz5AXTlLHvsmfMOb598JL8OSoBwpTwQ2tAIbKeCrK
DqcYvdzRi/J+6v2hb3We8W9gwiDEPZfxpKRhnj75Y60/JpO5VmYgVsvyEVzCUXkT
wMG+T92eu9RU8k3Gb6WIGK1A+G2hckQGIg8YpRL2j6gUVf+ELNr38oFyFaafgRDG
kCbopcZZV4xF+0jvwlWg36KD76+p5HNoP7Z6BdkV4qYIOVf3g+LkXEDZuhV7KsLO
rWOCaykwQcHd6VMmMAOngGh7XEkWcWSFOn88zQLLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4EaMxJnO3uz4KTTqc5JEWlMJY84wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAxNTMyNTE0LWMxOTMtNGRjMS05MjIyLTExOTk2NjZhN2Y1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcN4gAwDQYJKoZIhvcNAQELBQADggEBAHDal23MlPsmSatEUoFPuyygz3A9
9IXGBaGI3Q2btm2mPYabbkBLw9sAs0HJ4jmpvPBVwbqUT2MyPE5qD0ghd/4trZnK
jGa7dVNU8awLY0oAI0X/o+xQ1iUM5JEBM4QfBEYRnpk/14UUBnYum+CQud2WIReK
4FEcfp4xCvlvKE2ZuWvDnApSfpcrLCyjmUAOrfHZNAA5BQKb2dRzAKWHeayJbUX6
Cm9Ma4e0wFdQUIfbPPDiGMuQtboMMVLHhA9H/O07k5F4NLOkaXmRMJoHNncQIjbH
lCzC7IiQBiCP/MW2TgCNiLC94gvPNWNBMWjwUfVBDjOg+W6MO2+hdKV1nsE=
-----END CERTIFICATE-----