Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/11b2c00e-794c-4255-a329-06655c25d02e.roa
File:                     11b2c00e-794c-4255-a329-06655c25d02e.roa (raw, json)
Hash identifier:          A3Z4u2l1e09c0LF1tSRJcMVcljclE4h6wlzg6XPrqSA=
Subject key identifier:   50:F9:38:28:54:78:E5:26:06:D5:EF:43:FA:A8:50:FC:0F:53:99:19
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       04FB6A700EFBCB1199139E77917D40019F68797B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/11b2c00e-794c-4255-a329-06655c25d02e.roa
Signing time:             Sun 19 Oct 2025 08:12:36 +0000
ROA not before:           Sun 19 Oct 2025 08:12:36 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:fb:6a:70:0e:fb:cb:11:99:13:9e:77:91:7d:40:01:9f:68:79:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 08:12:36 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=005c6d4a5be3974febe6dabd4810cb7b24c32a90f6a3cac6893d2053ef219d8c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:5d:fd:52:64:f8:ba:83:45:78:76:b1:72:1c:
                    ed:f6:63:da:2d:d2:9f:75:b9:e9:d2:ce:da:82:b6:
                    17:fc:56:76:9a:b7:2f:25:04:c1:93:f4:17:f4:18:
                    cb:f6:58:f3:0e:18:7e:80:54:1a:d7:1b:91:26:40:
                    e0:e5:a6:be:ef:af:81:05:f1:34:cf:37:20:39:31:
                    99:1a:f1:a3:15:aa:1a:4f:0a:3a:52:47:a4:dd:85:
                    c8:10:78:a9:1a:59:06:ba:50:bc:ee:16:08:69:23:
                    7b:0e:0c:62:8f:db:f7:00:0a:fd:73:e5:3c:45:a2:
                    0a:de:61:53:74:16:54:1b:47:0c:af:19:7d:6b:7b:
                    17:95:9e:39:dd:00:15:13:08:b9:62:eb:ac:1c:8f:
                    0b:0b:69:da:bb:a1:ed:a2:34:d6:96:9b:c3:00:02:
                    e3:4b:10:f3:84:c3:b4:c6:20:db:4c:a4:46:e0:9a:
                    e0:6c:b4:c2:70:db:f2:f7:c8:43:5c:87:af:de:8d:
                    62:db:cd:ae:59:03:15:cd:cb:c7:5e:bc:0c:4f:bd:
                    8b:36:51:bf:29:52:4a:b6:23:10:ea:f0:3a:30:1b:
                    3a:88:3f:f0:a3:04:8d:49:e1:0b:cd:67:77:37:92:
                    da:9e:4c:6b:92:56:a4:f9:d4:95:82:d6:37:95:38:
                    92:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:F9:38:28:54:78:E5:26:06:D5:EF:43:FA:A8:50:FC:0F:53:99:19
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/11b2c00e-794c-4255-a329-06655c25d02e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:79:2e:4d:2c:42:ba:e6:44:e6:78:e3:36:4a:28:5c:71:a9:
         0d:76:91:6b:4f:0e:2f:31:cf:b3:6e:d8:ca:8f:6e:5e:b9:28:
         c1:58:b1:13:2c:5e:b9:81:94:36:c3:cc:36:4e:81:cc:15:bc:
         a0:a0:cc:24:66:2b:2d:bc:e9:26:57:31:02:82:45:65:a2:a5:
         3f:50:d7:a8:8f:8c:65:53:e3:da:71:28:6f:fc:5a:f2:c2:2d:
         c3:c7:16:41:3d:1c:b1:d0:cb:68:bc:6c:69:b5:51:d9:ce:8e:
         25:a3:a2:6c:f9:5b:3e:95:65:80:9a:a9:7d:a2:a4:68:bf:8b:
         46:b3:c9:8f:00:e1:88:13:fe:7b:c1:6a:9f:a7:b8:10:5f:39:
         d7:11:5e:9f:fa:c9:58:75:03:c2:7c:05:09:7b:82:e0:22:da:
         9b:fc:47:2e:36:b4:5a:80:ba:b6:d8:45:94:24:da:9d:e9:ae:
         d6:68:06:b8:69:aa:d3:5f:56:f2:bb:ec:9c:18:90:68:16:86:
         2d:c3:ce:de:a4:6b:7f:8d:82:24:63:f0:07:35:b1:78:db:65:
         1e:1b:a8:5f:c1:9b:58:7e:0c:87:1c:6d:80:01:b3:d2:78:5b:
         de:73:24:b5:2c:59:f2:a4:fd:8b:90:2a:9f:19:64:1a:69:e9:
         d9:b6:7a:82
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBPtqcA77yxGZE553kX1AAZ9oeXswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDgxMjM2WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMDVjNmQ0YTViZTM5NzRmZWJlNmRhYmQ0ODEwY2I3YjI0
YzMyYTkwZjZhM2NhYzY4OTNkMjA1M2VmMjE5ZDhjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWXf1SZPi6g0V4drFyHO32Y9ot0p91uenSztqCthf8Vnaa
ty8lBMGT9Bf0GMv2WPMOGH6AVBrXG5EmQODlpr7vr4EF8TTPNyA5MZka8aMVqhpP
CjpSR6TdhcgQeKkaWQa6ULzuFghpI3sODGKP2/cACv1z5TxFogreYVN0FlQbRwyv
GX1rexeVnjndABUTCLli66wcjwsLadq7oe2iNNaWm8MAAuNLEPOEw7TGINtMpEbg
muBstMJw2/L3yENch6/ejWLbza5ZAxXNy8devAxPvYs2Ub8pUkq2IxDq8DowGzqI
P/CjBI1J4QvNZ3c3ktqeTGuSVqT51JWC1jeVOJIDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUPk4KFR45SYG1e9D+qhQ/A9TmRkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzExYjJjMDBlLTc5NGMtNDI1NS1hMzI5LTA2NjU1YzI1ZDAyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANIKswDQYJKoZIhvcNAQELBQADggEBAJN5Lk0sQrrmROZ44zZKKFxxqQ12
kWtPDi8xz7Nu2MqPbl65KMFYsRMsXrmBlDbDzDZOgcwVvKCgzCRmKy286SZXMQKC
RWWipT9Q16iPjGVT49pxKG/8WvLCLcPHFkE9HLHQy2i8bGm1UdnOjiWjomz5Wz6V
ZYCaqX2ipGi/i0azyY8A4YgT/nvBap+nuBBfOdcRXp/6yVh1A8J8BQl7guAi2pv8
Ry42tFqAurbYRZQk2p3prtZoBrhpqtNfVvK77JwYkGgWhi3Dzt6ka3+NgiRj8Ac1
sXjbZR4bqF/Bm1h+DIccbYABs9J4W95zJLUsWfKk/YuQKp8ZZBpp6dm2eoI=
-----END CERTIFICATE-----