Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0de140cf-0a88-42fd-9149-87e45c424792.roa
File:                     0de140cf-0a88-42fd-9149-87e45c424792.roa (raw, json)
Hash identifier:          +cmodMaEkmXq+2CcZJ8OT+Qr9And1AOq0OWV4xA9zL0=
Subject key identifier:   7A:A0:A1:98:32:ED:A6:F3:5B:1C:A2:A5:5B:CB:53:8F:17:F3:36:33
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       36B71DB08601D3C009B0428ADECB314AC90110E7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0de140cf-0a88-42fd-9149-87e45c424792.roa
Signing time:             Sun 19 Oct 2025 20:11:21 +0000
ROA not before:           Sun 19 Oct 2025 20:11:21 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.35.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:b7:1d:b0:86:01:d3:c0:09:b0:42:8a:de:cb:31:4a:c9:01:10:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 20:11:21 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=a7df4996fdafc4a4c6e73320efbadd96e8d8009f19c83d10ddb14b4ee514b1e4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:63:53:ab:84:07:46:43:61:e4:9c:6e:28:bd:
                    d0:47:27:ad:a4:42:ee:0b:9c:37:d6:09:f0:5e:9e:
                    50:f8:9f:69:af:ec:e3:3b:58:3d:e1:f3:0b:f4:03:
                    c6:c6:49:04:0d:2b:45:6d:cf:2e:4c:37:11:2f:34:
                    45:f0:fb:20:f1:2c:0e:e3:74:43:b5:35:71:4b:79:
                    2d:75:6d:16:7a:97:d3:7e:42:85:9a:0f:dc:37:a1:
                    10:f2:2d:c2:df:03:bc:32:c0:31:5f:e9:e4:6d:14:
                    47:97:72:94:2d:13:60:cf:cb:ee:dc:2f:9f:59:55:
                    8d:e3:be:f3:f7:ad:6e:b0:e4:75:97:c2:16:a0:38:
                    a9:bf:b5:01:76:7a:bb:1e:10:4f:46:23:cd:70:04:
                    5a:db:a8:ad:97:db:f9:dd:ea:51:02:35:e0:07:26:
                    1b:f6:6c:d9:bd:9f:7b:0c:5f:41:82:11:d4:80:26:
                    86:9a:fb:e3:b0:ca:98:4f:0d:d1:5d:c1:62:b6:f1:
                    3c:d3:0d:8d:e3:8b:60:c0:e7:69:e5:e1:ad:29:b6:
                    8a:c7:10:e2:1a:e2:d6:1f:16:de:52:59:e1:c8:b7:
                    10:0f:f8:ca:83:8c:96:38:35:d5:5c:9f:19:0c:80:
                    2b:46:fb:5a:38:20:dd:3a:2c:64:94:5f:a1:cb:13:
                    03:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:A0:A1:98:32:ED:A6:F3:5B:1C:A2:A5:5B:CB:53:8F:17:F3:36:33
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0de140cf-0a88-42fd-9149-87e45c424792.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.35.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:fc:2d:1a:b2:8f:1a:51:45:69:ae:f1:8e:80:9f:6a:b1:48:
         05:28:fe:e5:3e:2b:51:65:12:ad:c4:f1:41:0c:b6:18:36:c4:
         0e:79:02:cf:0d:fa:e6:e5:71:cb:0a:7b:b8:91:41:6c:ea:d9:
         68:ac:50:64:fc:8a:91:5a:9e:dc:fd:d9:7f:52:30:97:dc:89:
         91:f9:42:9a:4d:3d:e8:1f:25:1b:4b:55:b8:ae:f1:aa:55:dd:
         82:09:0d:28:e3:d7:73:5f:43:f8:ea:91:87:b3:4f:e1:3a:f4:
         d0:1e:c6:7b:21:68:1e:4b:58:ec:9c:36:24:5e:46:1e:05:a8:
         53:2d:22:16:85:21:74:45:43:44:6c:fb:3d:9d:ba:58:b8:33:
         c6:32:2d:23:5b:22:15:28:91:cf:ed:46:0f:eb:b7:14:5a:ce:
         8a:c7:50:dd:22:05:c2:7c:35:d6:a1:77:4a:ab:93:7f:a8:74:
         b3:c7:c4:a4:ba:81:dc:16:b6:76:ca:21:75:1f:ec:65:37:9b:
         a9:aa:18:91:66:1b:a1:d2:a8:95:69:77:99:cb:14:be:2c:0a:
         a4:83:f1:3f:61:34:97:fd:44:9f:90:db:11:1c:21:e5:b3:d8:
         c5:66:27:79:99:a4:6e:b4:0d:5d:40:3d:ff:63:34:f9:c8:52:
         dd:39:a1:5f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNrcdsIYB08AJsEKK3ssxSskBEOcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjAxMTIxWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhN2RmNDk5NmZkYWZjNGE0YzZlNzMzMjBlZmJhZGQ5NmU4
ZDgwMDlmMTljODNkMTBkZGIxNGI0ZWU1MTRiMWU0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCLY1OrhAdGQ2HknG4ovdBHJ62kQu4LnDfWCfBenlD4n2mv
7OM7WD3h8wv0A8bGSQQNK0Vtzy5MNxEvNEXw+yDxLA7jdEO1NXFLeS11bRZ6l9N+
QoWaD9w3oRDyLcLfA7wywDFf6eRtFEeXcpQtE2DPy+7cL59ZVY3jvvP3rW6w5HWX
whagOKm/tQF2erseEE9GI81wBFrbqK2X2/nd6lECNeAHJhv2bNm9n3sMX0GCEdSA
Joaa++OwyphPDdFdwWK28TzTDY3ji2DA52nl4a0ptorHEOIa4tYfFt5SWeHItxAP
+MqDjJY4NdVcnxkMgCtG+1o4IN06LGSUX6HLEwN3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeqChmDLtpvNbHKKlW8tTjxfzNjMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBkZTE0MGNmLTBhODgtNDJmZC05MTQ5LTg3ZTQ1YzQyNDc5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANI2QwDQYJKoZIhvcNAQELBQADggEBAEj8LRqyjxpRRWmu8Y6An2qxSAUo
/uU+K1FlEq3E8UEMthg2xA55As8N+ublccsKe7iRQWzq2WisUGT8ipFantz92X9S
MJfciZH5QppNPegfJRtLVbiu8apV3YIJDSjj13NfQ/jqkYezT+E69NAexnshaB5L
WOycNiReRh4FqFMtIhaFIXRFQ0Rs+z2duli4M8YyLSNbIhUokc/tRg/rtxRazorH
UN0iBcJ8Ndahd0qrk3+odLPHxKS6gdwWtnbKIXUf7GU3m6mqGJFmG6HSqJVpd5nL
FL4sCqSD8T9hNJf9RJ+Q2xEcIeWz2MVmJ3mZpG60DV1APf9jNPnIUt05oV8=
-----END CERTIFICATE-----