Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/143e730c-d8ab-43a3-904a-6a7c33e10423.roa
File:                     143e730c-d8ab-43a3-904a-6a7c33e10423.roa (raw, json)
Hash identifier:          bGK1uBOrpzRdj7I+zypAqTei0607SERT8XfCGY2VYxg=
Subject key identifier:   46:7E:E6:D3:0E:C7:45:84:F0:78:F9:EE:48:C9:A6:BB:FD:2B:15:DC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       305F9FD01095B0749664C367E699378CD9445AD5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/143e730c-d8ab-43a3-904a-6a7c33e10423.roa
Signing time:             Sun 19 Oct 2025 12:24:58 +0000
ROA not before:           Sun 19 Oct 2025 12:24:58 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.225.38.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:5f:9f:d0:10:95:b0:74:96:64:c3:67:e6:99:37:8c:d9:44:5a:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 12:24:58 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=8b8a6b34f6fc8a7a49ea018cdc4e9ba8f9709f0a773355de88ce26318bf03620, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:0c:9b:b4:2a:0e:4f:b1:30:b5:a7:79:31:75:
                    75:93:93:ae:52:96:ff:00:7f:d9:bd:5b:55:f5:cf:
                    e0:bb:28:4e:56:9e:26:db:f0:ee:4f:aa:a8:56:39:
                    62:29:c3:3c:4b:1c:0e:93:db:a4:6e:a6:c6:74:30:
                    2e:fd:79:e7:a9:3b:1b:38:e1:7e:1d:76:53:77:d3:
                    19:fc:56:c3:ae:b2:11:c3:96:bf:fe:22:70:99:d6:
                    b4:93:ca:b4:5e:49:b3:19:08:2f:99:49:18:d3:11:
                    86:ab:46:6f:a4:cd:93:94:59:3b:d5:96:c5:1a:67:
                    43:d4:94:c5:da:7e:c1:ed:b3:fa:84:5d:62:8d:92:
                    82:31:0c:33:04:a4:0c:35:e0:52:10:99:70:f3:d1:
                    23:2c:2e:00:27:d8:81:19:8f:b1:03:68:32:e4:35:
                    17:37:09:e9:ba:58:8d:de:85:1c:07:d0:2e:5a:3e:
                    b5:ec:50:01:84:7a:f0:f6:1e:68:2a:51:72:7a:8d:
                    84:bd:ff:c2:97:55:13:0f:50:45:ef:12:82:17:61:
                    cd:e2:b1:79:e4:6e:59:b0:86:6b:ab:a0:08:9f:dc:
                    de:ce:7f:10:de:69:c4:8e:48:de:17:43:db:fe:2f:
                    0d:6b:83:cb:f6:bf:9c:2b:3d:24:02:a5:ff:3f:3d:
                    ae:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:7E:E6:D3:0E:C7:45:84:F0:78:F9:EE:48:C9:A6:BB:FD:2B:15:DC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/143e730c-d8ab-43a3-904a-6a7c33e10423.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.225.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:1b:a5:33:60:93:a6:ea:89:58:cf:9d:ca:f2:3d:e3:6a:42:
         94:88:ef:bd:b2:54:3f:5a:3b:27:65:cb:8d:2e:71:63:d4:21:
         c2:a9:21:03:93:fd:b7:66:01:89:e0:57:23:78:73:ae:ca:3c:
         22:ef:f2:86:7b:76:0a:89:86:db:83:3c:3d:01:a3:33:10:cc:
         d9:c0:82:06:48:b5:c1:18:c8:82:3c:a1:77:78:f4:33:41:ec:
         05:d6:07:71:05:a6:b0:6b:af:83:f5:35:d8:8c:50:ee:11:55:
         62:44:fc:90:ca:15:d7:bc:b2:53:8c:e8:18:11:2d:72:17:32:
         33:95:81:91:90:7c:6a:d8:3c:9a:e3:b5:a3:82:6c:77:c4:74:
         e7:a1:c7:7c:06:eb:6d:40:b8:f9:68:77:7c:7d:3a:ae:fa:07:
         b8:03:6b:3e:92:74:e9:d6:f1:d7:44:d2:5d:84:ab:0e:4a:93:
         bb:44:4c:0b:47:c2:47:f0:1f:72:bc:89:cd:67:9d:d8:91:66:
         a5:2e:0e:b0:40:3d:ba:aa:bf:43:0d:cc:63:31:88:ba:45:1d:
         5e:64:c3:3d:fc:51:fc:84:4c:40:76:04:14:9d:f3:95:01:0c:
         07:6b:e0:60:5a:95:be:79:e2:06:f9:5c:f1:d5:f3:25:64:a3:
         2c:43:a1:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMF+f0BCVsHSWZMNn5pk3jNlEWtUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTIyNDU4WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YjhhNmIzNGY2ZmM4YTdhNDllYTAxOGNkYzRlOWJhOGY5
NzA5ZjBhNzczMzU1ZGU4OGNlMjYzMThiZjAzNjIwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMDJu0Kg5PsTC1p3kxdXWTk65Slv8Af9m9W1X1z+C7KE5W
nibb8O5PqqhWOWIpwzxLHA6T26RupsZ0MC79eeepOxs44X4ddlN30xn8VsOushHD
lr/+InCZ1rSTyrReSbMZCC+ZSRjTEYarRm+kzZOUWTvVlsUaZ0PUlMXafsHts/qE
XWKNkoIxDDMEpAw14FIQmXDz0SMsLgAn2IEZj7EDaDLkNRc3Cem6WI3ehRwH0C5a
PrXsUAGEevD2HmgqUXJ6jYS9/8KXVRMPUEXvEoIXYc3isXnkblmwhmuroAif3N7O
fxDeacSOSN4XQ9v+Lw1rg8v2v5wrPSQCpf8/Pa6BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURn7m0w7HRYTwePnuSMmmu/0rFdwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE0M2U3MzBjLWQ4YWItNDNhMy05MDRhLTZhN2MzM2UxMDQyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEN4SYwDQYJKoZIhvcNAQELBQADggEBAIobpTNgk6bqiVjPncryPeNqQpSI
772yVD9aOydly40ucWPUIcKpIQOT/bdmAYngVyN4c67KPCLv8oZ7dgqJhtuDPD0B
ozMQzNnAggZItcEYyII8oXd49DNB7AXWB3EFprBrr4P1NdiMUO4RVWJE/JDKFde8
slOM6BgRLXIXMjOVgZGQfGrYPJrjtaOCbHfEdOehx3wG621AuPlod3x9Oq76B7gD
az6SdOnW8ddE0l2Eqw5Kk7tETAtHwkfwH3K8ic1nndiRZqUuDrBAPbqqv0MNzGMx
iLpFHV5kwz38UfyETEB2BBSd85UBDAdr4GBalb554gb5XPHV8yVkoyxDoWk=
-----END CERTIFICATE-----