Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0594ae28-ecd5-4a20-bbde-e574f69ffb3e.roa
File:                     0594ae28-ecd5-4a20-bbde-e574f69ffb3e.roa (raw, json)
Hash identifier:          zKuQSI1CTEjETh2ESa135Cq33uS7XbyZBwEaNmFduZc=
Subject key identifier:   BF:6F:6A:70:50:E9:EE:7D:92:5A:EB:06:C0:EB:99:95:41:C2:A9:7B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       397440CA518657B7D705B7B5F43174C4A51436D9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0594ae28-ecd5-4a20-bbde-e574f69ffb3e.roa
Signing time:             Sun 19 Oct 2025 15:10:13 +0000
ROA not before:           Sun 19 Oct 2025 15:10:13 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:74:40:ca:51:86:57:b7:d7:05:b7:b5:f4:31:74:c4:a5:14:36:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 15:10:13 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=2d08191765659a00a90aad347a54a940b06e726276a5e0b32ffbc3d516aa8411, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:4a:53:d2:71:47:0c:10:43:b8:73:53:de:1c:
                    36:09:4b:1a:f4:b7:8e:eb:0a:4c:eb:25:f8:4f:ca:
                    0c:3f:f6:53:54:90:e3:cb:04:f6:a9:a4:80:ec:56:
                    8e:5f:46:e8:34:24:ac:8a:06:8b:c7:9e:6d:b0:9a:
                    eb:e6:7f:f3:ce:01:a4:4c:90:b8:dc:fa:f0:95:45:
                    e5:06:2f:4e:36:4c:12:13:96:b6:4a:0f:49:06:08:
                    45:70:ed:7e:69:51:42:ac:8a:e2:25:87:cc:77:fb:
                    14:5a:88:81:d4:ba:ce:d4:ab:50:0a:fc:b6:72:0a:
                    1c:31:38:89:02:52:1f:1f:e0:de:5b:6a:76:ba:83:
                    78:50:4d:a8:97:c2:91:d0:aa:14:25:fc:e0:9d:58:
                    ec:fe:4d:7e:d4:2a:75:64:6b:cd:d1:c9:47:8b:9c:
                    ef:e6:2f:12:61:84:a1:84:a7:d5:41:60:5d:01:97:
                    e4:f9:f7:28:74:4f:7c:ea:78:2e:38:ab:c8:4e:46:
                    09:83:55:b3:6d:ad:a9:43:e4:b1:12:74:91:d6:2e:
                    5f:bf:8f:fa:92:20:34:36:9c:65:99:77:08:53:54:
                    82:61:25:73:f2:be:90:1b:e8:36:3a:db:62:7c:b7:
                    e8:6a:13:2a:64:0c:5d:d2:ab:bb:5e:72:14:c6:f4:
                    2b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:6F:6A:70:50:E9:EE:7D:92:5A:EB:06:C0:EB:99:95:41:C2:A9:7B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0594ae28-ecd5-4a20-bbde-e574f69ffb3e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:c7:1c:82:fc:a0:10:73:60:8a:b9:51:48:36:b9:e2:3c:85:
         ec:b9:97:bd:6c:c5:ce:f8:94:58:9d:0f:2d:2e:4d:7a:2e:ce:
         50:f5:a2:9d:bc:36:24:ac:7f:29:cc:e4:0b:b0:a8:eb:04:ab:
         17:5a:30:54:2d:39:28:67:59:20:d0:8f:c4:c0:39:bb:84:21:
         c8:ea:c1:32:3a:e4:27:22:06:79:a8:e6:ef:fc:e4:21:b2:94:
         99:9b:07:9e:64:c5:84:71:55:5b:50:3a:6e:86:cd:ad:d2:35:
         75:b1:08:60:f3:bd:21:46:21:4b:0a:33:1b:e4:6b:0d:44:7e:
         d3:f0:b5:2a:9d:5e:80:d6:ef:df:43:04:d5:a8:9a:a5:2a:32:
         de:e1:ec:44:50:92:71:f2:ca:9f:e8:89:44:d9:44:90:5a:27:
         ff:78:6f:7b:67:d1:bf:ae:45:50:d7:9e:b4:d1:56:8a:82:fe:
         22:3a:d5:84:27:5d:6e:f8:b6:8a:04:12:d3:bd:8d:34:37:78:
         56:41:c0:5b:94:4c:76:09:5d:bd:50:d2:9c:64:06:00:f5:36:
         f4:5f:bc:fb:c6:7c:62:48:01:bc:7e:49:f4:f0:1a:ad:3d:0e:
         da:85:a7:26:dd:db:b1:39:c2:e0:70:60:4c:72:f0:a1:9c:45:
         49:c5:60:18
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOXRAylGGV7fXBbe19DF0xKUUNtkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTUxMDEzWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZDA4MTkxNzY1NjU5YTAwYTkwYWFkMzQ3YTU0YTk0MGIw
NmU3MjYyNzZhNWUwYjMyZmZiYzNkNTE2YWE4NDExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD5SlPScUcMEEO4c1PeHDYJSxr0t47rCkzrJfhPygw/9lNU
kOPLBPappIDsVo5fRug0JKyKBovHnm2wmuvmf/POAaRMkLjc+vCVReUGL042TBIT
lrZKD0kGCEVw7X5pUUKsiuIlh8x3+xRaiIHUus7Uq1AK/LZyChwxOIkCUh8f4N5b
ana6g3hQTaiXwpHQqhQl/OCdWOz+TX7UKnVka83RyUeLnO/mLxJhhKGEp9VBYF0B
l+T59yh0T3zqeC44q8hORgmDVbNtralD5LESdJHWLl+/j/qSIDQ2nGWZdwhTVIJh
JXPyvpAb6DY622J8t+hqEypkDF3Sq7techTG9Cv7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUv29qcFDp7n2SWusGwOuZlUHCqXswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA1OTRhZTI4LWVjZDUtNGEyMC1iYmRlLWU1NzRmNjlmZmIzZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANIIQwDQYJKoZIhvcNAQELBQADggEBALPHHIL8oBBzYIq5UUg2ueI8hey5
l71sxc74lFidDy0uTXouzlD1op28NiSsfynM5AuwqOsEqxdaMFQtOShnWSDQj8TA
ObuEIcjqwTI65CciBnmo5u/85CGylJmbB55kxYRxVVtQOm6Gza3SNXWxCGDzvSFG
IUsKMxvkaw1EftPwtSqdXoDW799DBNWomqUqMt7h7ERQknHyyp/oiUTZRJBaJ/94
b3tn0b+uRVDXnrTRVoqC/iI61YQnXW74tooEEtO9jTQ3eFZBwFuUTHYJXb1Q0pxk
BgD1NvRfvPvGfGJIAbx+SfTwGq09DtqFpybd27E5wuBwYExy8KGcRUnFYBg=
-----END CERTIFICATE-----