Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/18565277-5459-4d6a-ba53-98c0a1d8c301.roa
File:                     18565277-5459-4d6a-ba53-98c0a1d8c301.roa (raw, json)
Hash identifier:          0j6jsfp7S9Le9n9/esjVKMWB8r/hWOgen2w4/5SCEnk=
Subject key identifier:   4F:81:26:39:8A:47:0D:C3:1C:FD:DC:2B:B1:86:C7:B4:18:4C:D6:75
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1AD93A54A8EA834EA9CA853CF33A2197AF036162
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/18565277-5459-4d6a-ba53-98c0a1d8c301.roa
Signing time:             Sun 19 Oct 2025 11:50:05 +0000
ROA not before:           Sun 19 Oct 2025 11:50:05 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.224.34.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:d9:3a:54:a8:ea:83:4e:a9:ca:85:3c:f3:3a:21:97:af:03:61:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 11:50:05 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=14e81ae46d166f55b3142b80e73d7b7af0acd324d657479e66279515f97eb76a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:4c:25:d3:b7:24:bf:08:3c:e0:c0:de:25:e1:
                    fb:37:77:b1:3a:73:df:ed:e4:11:f3:c6:d2:14:fc:
                    09:cd:82:0b:ee:9d:ba:41:e6:61:9b:43:b9:42:24:
                    db:db:5e:d6:7f:e3:01:bf:00:bb:b8:3c:ef:0b:82:
                    bc:73:d1:86:be:60:0d:09:2f:df:e8:dc:81:f3:aa:
                    79:05:6d:5f:b0:7d:d5:5e:b4:5b:2a:fe:03:f2:50:
                    02:21:8f:ad:bc:2f:a0:4e:14:95:e0:af:45:88:79:
                    f4:4f:32:e1:cc:59:7b:a6:91:4c:8d:7e:3d:fa:dc:
                    9e:54:95:cf:de:0c:87:b5:57:31:89:79:43:ee:01:
                    06:18:4d:60:6f:16:b3:1f:38:b2:36:80:90:64:fc:
                    db:f0:2b:f0:95:e0:e2:aa:9e:79:5f:8d:53:86:a5:
                    62:d0:a3:1a:d9:16:68:44:2f:1d:ba:21:b1:c1:39:
                    46:84:74:a5:c9:3f:7e:c4:78:ac:75:01:52:5a:28:
                    1b:47:6e:d7:32:99:b9:64:ec:51:38:75:73:ab:74:
                    ce:8b:30:17:8b:7f:95:8b:50:b5:0b:10:89:2c:39:
                    32:90:1e:10:33:a9:eb:7b:dc:2b:da:6c:e7:e4:cf:
                    f6:88:4d:90:27:79:c5:9f:df:f6:3f:43:e2:05:07:
                    ed:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:81:26:39:8A:47:0D:C3:1C:FD:DC:2B:B1:86:C7:B4:18:4C:D6:75
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/18565277-5459-4d6a-ba53-98c0a1d8c301.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.224.34.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:e9:f9:fa:71:64:14:26:19:a4:fa:dc:a9:08:61:5b:b8:47:
         5c:f6:28:61:11:c8:1e:be:75:b4:9f:28:85:c1:16:88:cb:99:
         91:c3:fc:0e:ea:a5:9e:31:48:84:3d:0c:d8:06:45:b1:9c:50:
         6d:06:9a:53:4d:b2:0b:c9:2a:8a:90:e8:4e:c2:56:c1:e1:44:
         8f:02:e4:9d:e2:83:cb:c0:0b:71:dd:d6:95:b0:10:3e:72:52:
         2b:d0:01:41:a9:54:01:3e:e0:32:20:3d:8d:9c:36:80:e1:1a:
         b5:92:ff:ce:fc:95:64:0b:78:34:87:57:20:ac:ec:4e:1c:0d:
         fc:33:02:57:06:d1:78:49:4d:6f:90:cd:89:a5:0d:5a:fb:a2:
         91:e4:ef:6d:e1:0e:66:5e:fd:98:79:00:13:6f:88:36:ea:9c:
         48:7e:1a:81:20:39:a8:5b:74:bb:d4:25:6d:bc:f8:e0:99:6b:
         67:2b:77:69:79:34:77:dc:02:45:67:44:a2:da:bf:c1:67:e9:
         5f:9f:02:93:bd:b1:de:3f:81:45:14:a0:2f:03:52:f9:85:52:
         59:f3:7e:02:10:96:42:9f:1b:94:7a:21:55:b5:06:0b:ad:bb:
         60:7a:9e:1d:fa:5f:36:0a:12:c7:e8:a3:af:c4:b1:f6:4a:91:
         69:16:61:2a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGtk6VKjqg06pyoU88zohl68DYWIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTE1MDA1WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNGU4MWFlNDZkMTY2ZjU1YjMxNDJiODBlNzNkN2I3YWYw
YWNkMzI0ZDY1NzQ3OWU2NjI3OTUxNWY5N2ViNzZhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdTCXTtyS/CDzgwN4l4fs3d7E6c9/t5BHzxtIU/AnNggvu
nbpB5mGbQ7lCJNvbXtZ/4wG/ALu4PO8Lgrxz0Ya+YA0JL9/o3IHzqnkFbV+wfdVe
tFsq/gPyUAIhj628L6BOFJXgr0WIefRPMuHMWXumkUyNfj363J5Ulc/eDIe1VzGJ
eUPuAQYYTWBvFrMfOLI2gJBk/NvwK/CV4OKqnnlfjVOGpWLQoxrZFmhELx26IbHB
OUaEdKXJP37EeKx1AVJaKBtHbtcymblk7FE4dXOrdM6LMBeLf5WLULULEIksOTKQ
HhAzqet73CvabOfkz/aITZAnecWf3/Y/Q+IFB+3HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUT4EmOYpHDcMc/dwrsYbHtBhM1nUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE4NTY1Mjc3LTU0NTktNGQ2YS1iYTUzLTk4YzBhMWQ4YzMwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEN4CIwDQYJKoZIhvcNAQELBQADggEBAA/p+fpxZBQmGaT63KkIYVu4R1z2
KGERyB6+dbSfKIXBFojLmZHD/A7qpZ4xSIQ9DNgGRbGcUG0GmlNNsgvJKoqQ6E7C
VsHhRI8C5J3ig8vAC3Hd1pWwED5yUivQAUGpVAE+4DIgPY2cNoDhGrWS/878lWQL
eDSHVyCs7E4cDfwzAlcG0XhJTW+QzYmlDVr7opHk723hDmZe/Zh5ABNviDbqnEh+
GoEgOahbdLvUJW28+OCZa2crd2l5NHfcAkVnRKLav8Fn6V+fApO9sd4/gUUUoC8D
UvmFUlnzfgIQlkKfG5R6IVW1Bgutu2B6nh36XzYKEsfoo6/EsfZKkWkWYSo=
-----END CERTIFICATE-----