Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0b35ab6a-b09d-4a84-8eb8-11d654fc1e5b.roa
File:                     0b35ab6a-b09d-4a84-8eb8-11d654fc1e5b.roa (raw, json)
Hash identifier:          8WlDMhiTEcHYYxabXhlfGsBAwC+C0Cv35Jgy2M0FU6c=
Subject key identifier:   E2:0E:CF:49:29:03:59:24:51:5E:BA:4E:51:9E:B5:B0:55:2C:DC:2F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5F952F0A3BF657C017D4999A9FBC45F4A45D926D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0b35ab6a-b09d-4a84-8eb8-11d654fc1e5b.roa
Signing time:             Sun 19 Oct 2025 22:40:04 +0000
ROA not before:           Sun 19 Oct 2025 22:40:04 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.224.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:95:2f:0a:3b:f6:57:c0:17:d4:99:9a:9f:bc:45:f4:a4:5d:92:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 22:40:04 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=551d8a75fa11cb30abbe1b238307a03f379a9cfc226ce53c5e89bbbd76d9d9a6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0e:40:28:8f:cf:19:02:45:ec:59:43:c5:d7:
                    59:23:5a:a8:fd:35:77:22:40:53:e8:41:44:57:fc:
                    16:eb:0c:7a:33:d4:7a:a2:59:e1:52:16:0f:1c:f1:
                    6a:87:b7:62:58:a9:55:ff:c9:63:fc:e3:12:8b:97:
                    f0:dc:d1:11:b7:bc:70:98:e8:33:f1:00:64:50:96:
                    5b:28:89:2b:30:10:c6:ae:f7:43:56:f4:63:32:1c:
                    c3:d8:54:e6:fe:fc:1a:5d:cb:6f:2a:58:38:52:3e:
                    67:5b:f7:f0:d6:c6:92:f2:6e:cb:d9:55:46:85:c1:
                    27:b3:c7:f1:3a:57:8a:71:2f:75:30:3f:c6:06:4d:
                    9f:26:15:39:ab:64:59:b9:b6:63:8a:c9:2b:f8:cb:
                    52:13:e9:54:49:84:f7:3b:25:4c:f4:65:6e:8c:79:
                    50:eb:9c:1f:15:5e:71:4e:91:c3:e3:11:3f:8e:91:
                    3f:15:42:de:7d:38:50:7b:57:bb:25:df:4b:f5:60:
                    de:1d:a4:53:f4:73:17:5e:28:00:df:d7:de:66:51:
                    ac:d1:bf:f7:9c:9e:67:34:71:0d:2d:d7:b0:86:8b:
                    78:47:a5:72:5c:49:c6:e9:e1:72:a7:a0:5a:85:06:
                    93:9c:9d:63:27:42:76:78:a7:fc:1c:f5:92:27:52:
                    64:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:0E:CF:49:29:03:59:24:51:5E:BA:4E:51:9E:B5:B0:55:2C:DC:2F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0b35ab6a-b09d-4a84-8eb8-11d654fc1e5b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.224.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:ac:d9:a2:cc:6a:c0:21:1f:cd:6a:f4:7b:53:a4:59:4a:69:
         ac:c7:e1:0d:36:70:10:f3:b4:0e:e2:aa:de:cf:aa:4a:61:da:
         5a:5a:fa:96:06:ac:47:a4:77:77:dd:8e:bf:7f:0f:be:25:82:
         ac:05:d3:df:f2:35:dd:73:d5:0c:eb:7e:08:4c:da:e6:00:69:
         6d:8c:93:ab:6b:65:b1:11:43:ab:0a:27:6b:64:ee:9f:95:df:
         81:0a:5a:f9:90:76:c7:48:06:f8:f9:c1:1b:a2:46:a4:43:67:
         7d:d8:18:1b:5c:e0:d5:bf:1b:1a:82:d7:e5:7f:08:f9:72:16:
         3f:b6:7e:58:3b:05:ed:c6:dd:6f:8d:99:02:bb:23:e4:dd:f8:
         be:aa:78:aa:b3:c1:a3:34:0f:2c:37:83:97:8d:de:37:f5:63:
         73:b5:17:2e:35:3b:49:62:b4:00:2d:c9:db:de:06:b5:35:2f:
         32:da:f4:ff:f5:86:a6:eb:c3:fa:e7:76:dc:11:16:bf:f0:59:
         b2:8d:e1:e8:77:17:f1:8f:c3:e6:55:cc:60:c6:33:99:b4:85:
         69:bb:05:54:1b:4a:65:05:b9:d6:9f:9c:43:6d:d5:b6:14:ac:
         83:db:47:66:bc:61:b9:d1:f6:5d:e9:13:7e:63:5c:c7:8b:91:
         75:e6:bf:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUX5UvCjv2V8AX1Jman7xF9KRdkm0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjI0MDA0WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NTFkOGE3NWZhMTFjYjMwYWJiZTFiMjM4MzA3YTAzZjM3
OWE5Y2ZjMjI2Y2U1M2M1ZTg5YmJiZDc2ZDlkOWE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmDkAoj88ZAkXsWUPF11kjWqj9NXciQFPoQURX/BbrDHoz
1HqiWeFSFg8c8WqHt2JYqVX/yWP84xKLl/Dc0RG3vHCY6DPxAGRQllsoiSswEMau
90NW9GMyHMPYVOb+/Bpdy28qWDhSPmdb9/DWxpLybsvZVUaFwSezx/E6V4pxL3Uw
P8YGTZ8mFTmrZFm5tmOKySv4y1IT6VRJhPc7JUz0ZW6MeVDrnB8VXnFOkcPjET+O
kT8VQt59OFB7V7sl30v1YN4dpFP0cxdeKADf195mUazRv/ecnmc0cQ0t17CGi3hH
pXJcScbp4XKnoFqFBpOcnWMnQnZ4p/wc9ZInUmQTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4g7PSSkDWSRRXrpOUZ61sFUs3C8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBiMzVhYjZhLWIwOWQtNGE4NC04ZWI4LTExZDY1NGZjMWU1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN4MIwDQYJKoZIhvcNAQELBQADggEBADas2aLMasAhH81q9HtTpFlKaazH
4Q02cBDztA7iqt7Pqkph2lpa+pYGrEekd3fdjr9/D74lgqwF09/yNd1z1QzrfghM
2uYAaW2Mk6trZbERQ6sKJ2tk7p+V34EKWvmQdsdIBvj5wRuiRqRDZ33YGBtc4NW/
GxqC1+V/CPlyFj+2flg7Be3G3W+NmQK7I+Td+L6qeKqzwaM0Dyw3g5eN3jf1Y3O1
Fy41O0litAAtydveBrU1LzLa9P/1hqbrw/rndtwRFr/wWbKN4eh3F/GPw+ZVzGDG
M5m0hWm7BVQbSmUFudafnENt1bYUrIPbR2a8YbnR9l3pE35jXMeLkXXmv48=
-----END CERTIFICATE-----