Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/15c23a4f-2c75-45ce-9ab7-b21cfe43f527.roa
File:                     15c23a4f-2c75-45ce-9ab7-b21cfe43f527.roa (raw, json)
Hash identifier:          ynK2nqq6U4ZCjWYNAgecSkWUJyfpd135dFyQ9HsL+zM=
Subject key identifier:   7A:C7:99:19:D5:5A:81:A2:32:6A:0A:8F:EB:8D:73:EA:B7:81:86:64
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1E992B2AC7837711F4CDF7C778C61ADDC4E04FFC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/15c23a4f-2c75-45ce-9ab7-b21cfe43f527.roa
Signing time:             Sun 19 Oct 2025 18:01:19 +0000
ROA not before:           Sun 19 Oct 2025 18:01:19 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.152.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:99:2b:2a:c7:83:77:11:f4:cd:f7:c7:78:c6:1a:dd:c4:e0:4f:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 18:01:19 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=f4d6836bcb3ccc5f325ad206c93dcef4b1b0ca4cb27cb81c7fd9b61c3a8abd8c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:4f:3c:f8:17:d0:fb:d6:d1:79:b3:cb:85:9c:
                    59:22:55:f0:d9:52:28:63:05:5a:82:94:40:82:7c:
                    fa:91:d4:03:6a:3d:62:f2:de:11:f6:fd:c5:01:dd:
                    a6:62:73:2f:a2:2e:68:94:e8:be:d2:34:f6:ac:3b:
                    6d:8f:b0:e9:f2:96:bf:19:ad:e3:e4:00:35:97:3e:
                    0c:cb:36:77:c9:3d:9c:52:60:a2:0b:06:21:9c:15:
                    d7:2c:94:ba:93:7e:f0:19:d5:fb:1c:0d:81:f7:c4:
                    76:43:e5:44:14:7f:09:47:44:7e:19:09:49:12:d6:
                    06:cd:d8:c5:16:a2:cd:40:9a:c2:ac:fd:48:7f:3b:
                    39:84:3c:ee:21:38:58:d5:36:58:e5:b8:c3:02:e9:
                    8f:cd:1e:87:1e:4f:5f:a4:91:2c:9a:cc:59:b3:f5:
                    57:82:d5:de:ce:41:0f:04:f6:02:36:05:f5:4e:b8:
                    ff:f8:f8:02:d9:71:07:0d:15:76:da:88:75:32:59:
                    37:38:91:d7:f1:38:a0:63:c2:75:e5:72:69:02:9f:
                    37:26:18:70:a4:c6:dd:98:f6:df:2c:52:ab:59:7b:
                    3b:e7:13:27:d0:53:a2:96:c7:c6:ea:af:ff:05:7d:
                    22:4a:bd:91:41:f1:7a:42:28:54:fc:f7:39:b1:9d:
                    49:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:C7:99:19:D5:5A:81:A2:32:6A:0A:8F:EB:8D:73:EA:B7:81:86:64
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/15c23a4f-2c75-45ce-9ab7-b21cfe43f527.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         34:29:68:50:12:3f:ba:66:ac:5a:4b:e8:b8:eb:48:b8:fa:f2:
         81:44:e7:4c:6e:1c:ee:3b:e4:71:2d:c4:c8:2a:46:b4:e2:10:
         9a:84:bd:29:84:44:08:21:4f:32:68:d2:f7:c4:0f:82:37:56:
         a1:4b:75:bc:85:1a:af:84:4f:65:86:a3:49:2c:6a:64:d3:06:
         0c:3e:b8:fd:c8:3a:be:3a:c1:0e:57:97:c1:d3:9f:fa:5e:e9:
         17:04:e3:21:b3:ec:e1:dd:63:3d:33:6e:9a:16:43:11:28:a9:
         60:80:0c:15:3a:78:bd:6c:51:5a:40:aa:b6:81:98:a8:a2:cf:
         b5:5d:d7:ac:e9:b8:27:78:e3:d2:3b:cf:f4:b1:96:f4:88:0d:
         61:ac:8e:9e:8f:33:4d:4e:f7:1a:69:2e:4a:68:1f:29:f4:90:
         55:6f:c0:f9:80:59:c8:b7:a9:0d:b7:8e:c9:ef:30:94:87:05:
         94:f4:d6:a3:7e:94:39:82:00:2c:4d:25:60:52:75:a7:0f:01:
         3b:76:d2:61:b1:6c:6a:d9:42:42:81:30:f7:a9:a1:d7:99:94:
         08:a2:66:fc:a6:dc:e3:64:58:77:05:bf:ed:6f:46:54:2c:2c:
         a2:f7:9e:84:9c:b6:15:bf:6e:5b:69:16:85:f7:24:7b:0a:d1:
         80:d4:69:de
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHpkrKseDdxH0zffHeMYa3cTgT/wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTgwMTE5WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNGQ2ODM2YmNiM2NjYzVmMzI1YWQyMDZjOTNkY2VmNGIx
YjBjYTRjYjI3Y2I4MWM3ZmQ5YjYxYzNhOGFiZDhjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCETzz4F9D71tF5s8uFnFkiVfDZUihjBVqClECCfPqR1ANq
PWLy3hH2/cUB3aZicy+iLmiU6L7SNPasO22PsOnylr8ZrePkADWXPgzLNnfJPZxS
YKILBiGcFdcslLqTfvAZ1fscDYH3xHZD5UQUfwlHRH4ZCUkS1gbN2MUWos1AmsKs
/Uh/OzmEPO4hOFjVNljluMMC6Y/NHoceT1+kkSyazFmz9VeC1d7OQQ8E9gI2BfVO
uP/4+ALZcQcNFXbaiHUyWTc4kdfxOKBjwnXlcmkCnzcmGHCkxt2Y9t8sUqtZezvn
EyfQU6KWx8bqr/8FfSJKvZFB8XpCKFT89zmxnUlbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeseZGdVagaIyagqP641z6reBhmQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE1YzIzYTRmLTJjNzUtNDVjZS05YWI3LWIyMWNmZTQzZjUyNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMNIJgwDQYJKoZIhvcNAQELBQADggEBADQpaFASP7pmrFpL6LjrSLj68oFE
50xuHO475HEtxMgqRrTiEJqEvSmERAghTzJo0vfED4I3VqFLdbyFGq+ET2WGo0ks
amTTBgw+uP3IOr46wQ5Xl8HTn/pe6RcE4yGz7OHdYz0zbpoWQxEoqWCADBU6eL1s
UVpAqraBmKiiz7Vd16zpuCd449I7z/SxlvSIDWGsjp6PM01O9xppLkpoHyn0kFVv
wPmAWci3qQ23jsnvMJSHBZT01qN+lDmCACxNJWBSdacPATt20mGxbGrZQkKBMPep
odeZlAiiZvym3ONkWHcFv+1vRlQsLKL3noScthW/bltpFoX3JHsK0YDUad4=
-----END CERTIFICATE-----