Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1249b1b9-947f-41cc-bed3-3b7ce1d21661.roa
File:                     1249b1b9-947f-41cc-bed3-3b7ce1d21661.roa (raw, json)
Hash identifier:          zXibNC5Rzwc8s1DOhrvlzZus7AGVtXbOPR+XLv/0b44=
Subject key identifier:   94:60:8E:05:D5:F0:19:37:92:86:76:58:CB:B1:AC:60:FC:67:40:B1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       407362405C58B7E663DE91D85CCA0F2E85FBC920
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1249b1b9-947f-41cc-bed3-3b7ce1d21661.roa
Signing time:             Sun 19 Oct 2025 15:31:34 +0000
ROA not before:           Sun 19 Oct 2025 15:31:34 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.227.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:73:62:40:5c:58:b7:e6:63:de:91:d8:5c:ca:0f:2e:85:fb:c9:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 15:31:34 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=c49c69de9d9c99ba4e65e77c881c06c9a69773972ca0aa0f1e4d1495ebda55cc, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:13:a0:d6:e2:4c:2e:80:a8:3f:07:cd:0d:c3:
                    23:af:4c:e0:f2:0d:5e:2f:08:fd:31:68:7b:b2:c4:
                    37:3f:8d:c7:96:8d:81:0e:98:d5:8f:14:e1:5e:11:
                    05:cb:07:bd:4f:bb:fc:aa:29:3e:9c:9c:01:54:be:
                    9d:0c:2e:1a:09:8d:62:8c:e2:3b:72:1e:60:79:d6:
                    92:53:9c:a2:be:60:06:cc:86:30:8b:70:69:65:32:
                    a1:01:82:a3:c5:07:9e:15:f5:a2:91:71:fa:e1:cd:
                    fa:9c:48:27:47:58:d2:20:97:35:73:31:34:3d:10:
                    1d:ff:57:d9:4d:de:be:eb:b2:9a:a1:ea:6e:ae:73:
                    de:53:0d:77:c0:29:c8:6f:9b:e3:eb:1b:f3:6f:2b:
                    b9:ab:00:c4:9b:33:39:78:a2:e4:72:9d:bb:75:69:
                    55:45:54:b7:9a:a2:15:72:35:1f:7d:6c:a5:20:e1:
                    23:27:51:04:2d:60:a1:86:5f:d8:81:e0:60:4d:eb:
                    0e:14:6e:4a:77:e1:b7:42:ec:d4:e5:7f:14:8e:1f:
                    e9:f0:e1:ca:c1:83:d0:5a:89:28:86:f0:50:66:be:
                    91:63:89:d1:4f:cd:95:f2:e9:c4:e7:e2:a0:9f:ad:
                    aa:69:42:bf:03:83:a9:88:e6:a5:74:14:47:76:89:
                    96:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:60:8E:05:D5:F0:19:37:92:86:76:58:CB:B1:AC:60:FC:67:40:B1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1249b1b9-947f-41cc-bed3-3b7ce1d21661.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.227.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:cc:3a:ed:c2:62:53:02:71:14:99:7f:37:38:5d:e5:ab:78:
         57:92:55:87:fb:bd:29:39:8e:60:bb:32:80:3a:19:91:6a:b4:
         3c:6e:5b:d1:8d:48:74:15:f7:89:ca:26:56:7a:a7:0b:1c:94:
         bb:b7:f8:65:5e:70:c0:40:f5:2c:03:07:14:e7:d8:12:25:d3:
         71:bb:60:42:88:9b:a8:8d:4c:0c:30:7b:6c:8a:01:4c:fd:77:
         6d:99:f0:84:be:64:2b:dc:75:a6:c5:ca:b8:df:48:2d:6a:c0:
         d9:7a:22:4f:db:f5:14:ab:35:d7:0a:8c:7a:3d:86:cb:fe:0e:
         88:b7:90:b9:c5:e8:fd:aa:e1:df:49:01:37:91:1e:2e:29:df:
         75:b0:e8:89:4e:49:30:be:d3:b1:77:4e:85:67:cd:27:e9:eb:
         63:91:c5:4f:aa:6a:91:81:98:79:6a:5f:25:a9:3a:bc:60:01:
         8e:c5:f5:ef:cf:8b:ab:46:7c:45:05:91:7f:c6:15:af:b4:3a:
         5a:c4:fe:83:39:67:0a:64:e7:7d:2c:ea:ce:21:28:b9:77:3f:
         66:7d:49:33:3c:3b:81:df:c0:3d:c4:d7:bd:c8:4f:ef:1a:2a:
         db:b9:fb:c8:52:94:2a:7a:a7:ba:b9:39:19:0c:e6:8e:94:12:
         ac:c7:c1:2f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQHNiQFxYt+Zj3pHYXMoPLoX7ySAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTUzMTM0WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNDljNjlkZTlkOWM5OWJhNGU2NWU3N2M4ODFjMDZjOWE2
OTc3Mzk3MmNhMGFhMGYxZTRkMTQ5NWViZGE1NWNjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClE6DW4kwugKg/B80NwyOvTODyDV4vCP0xaHuyxDc/jceW
jYEOmNWPFOFeEQXLB71Pu/yqKT6cnAFUvp0MLhoJjWKM4jtyHmB51pJTnKK+YAbM
hjCLcGllMqEBgqPFB54V9aKRcfrhzfqcSCdHWNIglzVzMTQ9EB3/V9lN3r7rspqh
6m6uc95TDXfAKchvm+PrG/NvK7mrAMSbMzl4ouRynbt1aVVFVLeaohVyNR99bKUg
4SMnUQQtYKGGX9iB4GBN6w4Ubkp34bdC7NTlfxSOH+nw4crBg9BaiSiG8FBmvpFj
idFPzZXy6cTn4qCfrappQr8Dg6mI5qV0FEd2iZYbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlGCOBdXwGTeShnZYy7GsYPxnQLEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzEyNDliMWI5LTk0N2YtNDFjYy1iZWQzLTNiN2NlMWQyMTY2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN46owDQYJKoZIhvcNAQELBQADggEBAEzMOu3CYlMCcRSZfzc4XeWreFeS
VYf7vSk5jmC7MoA6GZFqtDxuW9GNSHQV94nKJlZ6pwsclLu3+GVecMBA9SwDBxTn
2BIl03G7YEKIm6iNTAwwe2yKAUz9d22Z8IS+ZCvcdabFyrjfSC1qwNl6Ik/b9RSr
NdcKjHo9hsv+Doi3kLnF6P2q4d9JATeRHi4p33Ww6IlOSTC+07F3ToVnzSfp62OR
xU+qapGBmHlqXyWpOrxgAY7F9e/Pi6tGfEUFkX/GFa+0OlrE/oM5Zwpk530s6s4h
KLl3P2Z9STM8O4HfwD3E173IT+8aKtu5+8hSlCp6p7q5ORkM5o6UEqzHwS8=
-----END CERTIFICATE-----