Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1af89387-44f7-48ab-b440-a1f0e00ffb66.roa
File:                     1af89387-44f7-48ab-b440-a1f0e00ffb66.roa (raw, json)
Hash identifier:          2BsUziXeb+rDzgrVe4Nju/T/ucHyrKR7sn1/pmBECNY=
Subject key identifier:   FE:07:CB:8C:74:44:7C:B7:75:8A:DD:E9:F3:68:87:5E:E3:47:7D:1A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0A0EEBACC7CE453B1151792314C1FC2495AB2074
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1af89387-44f7-48ab-b440-a1f0e00ffb66.roa
Signing time:             Sun 19 Oct 2025 20:00:09 +0000
ROA not before:           Sun 19 Oct 2025 20:00:09 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.227.160.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:0e:eb:ac:c7:ce:45:3b:11:51:79:23:14:c1:fc:24:95:ab:20:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 20:00:09 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=1becac4a93851489cc838b1dc2bfde17dcd9560eec57b24b97e448984a9acda5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2c:21:1a:d5:02:8f:26:50:24:f3:b0:0b:9b:
                    39:af:09:9e:cf:26:5b:f6:1b:97:45:c5:13:07:f9:
                    0f:4f:3a:e6:c6:89:d8:3f:ef:f0:e6:60:7a:97:90:
                    7c:8b:f2:92:4e:fe:11:d0:35:71:85:2d:74:0e:de:
                    06:bf:b4:74:e7:b9:65:d0:eb:e6:81:36:17:c8:4a:
                    69:4b:86:2b:5f:c6:fc:a9:f1:6b:d9:3c:6f:75:fd:
                    fe:d4:75:d9:d6:61:3a:64:59:03:66:c5:8a:43:71:
                    8a:ae:50:1c:b5:05:0a:eb:8c:9a:91:fb:71:9a:15:
                    aa:bf:02:1c:4c:7f:54:de:be:64:17:b6:6f:e4:4b:
                    0d:e1:9c:54:f0:e9:05:f7:51:60:d1:13:43:c4:4a:
                    c1:28:30:e9:90:0a:fc:d9:79:76:fe:a3:77:a2:32:
                    fd:03:fd:68:89:fc:80:a4:56:4f:51:7d:57:df:9b:
                    f9:70:e6:32:89:18:c4:12:68:48:bf:2e:e9:fc:32:
                    1d:cd:3c:59:2d:a0:ee:97:12:ef:31:cd:68:f4:dd:
                    3f:43:bc:e8:37:ac:5a:32:f0:e1:63:02:8c:be:f1:
                    5f:da:90:86:c2:97:5d:2e:eb:86:3f:42:df:f7:dc:
                    0c:84:67:7d:3f:94:11:98:06:53:96:0e:27:f5:d1:
                    ca:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:07:CB:8C:74:44:7C:B7:75:8A:DD:E9:F3:68:87:5E:E3:47:7D:1A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1af89387-44f7-48ab-b440-a1f0e00ffb66.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.227.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:60:74:0c:43:fe:d3:2a:a9:33:e2:3e:e9:c1:e9:92:03:7f:
         a1:62:86:47:93:a5:d7:9d:c7:86:6a:0b:1b:99:3b:97:94:6b:
         a0:e8:74:57:29:56:d5:21:92:6d:6b:2f:ec:b4:39:b9:83:04:
         3e:89:fc:c1:20:cf:5b:07:07:a1:88:8b:e9:77:72:d2:64:a2:
         50:d7:db:4b:e0:fe:e2:01:76:da:a7:5a:fb:23:6a:7d:7e:fe:
         36:a7:65:63:7c:f8:71:20:e3:59:74:25:5f:69:67:e9:6d:07:
         89:35:51:0e:06:b2:27:d7:b0:80:a3:2d:28:01:db:2d:9e:fb:
         70:4f:02:ed:3a:f8:90:18:6e:80:3e:3a:54:83:ec:51:b6:32:
         75:88:82:e5:22:a5:3f:f2:4b:54:fe:76:b5:54:12:d8:43:c1:
         1d:ff:10:da:1f:ca:66:d3:63:b6:5a:4e:09:2a:e9:27:d5:bd:
         e5:82:60:31:aa:00:62:7c:25:cd:7e:ba:9e:74:66:c6:67:13:
         4c:47:4e:2a:6e:8f:54:27:8e:04:d1:36:51:ef:45:c6:18:4c:
         9c:b7:02:d9:25:41:0e:59:bb:2d:3e:28:fb:cb:d1:29:a9:39:
         6d:16:76:ff:13:7c:28:8a:b0:b7:c0:3d:7e:03:17:0f:97:17:
         8b:ee:fc:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCg7rrMfORTsRUXkjFMH8JJWrIHQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjAwMDA5WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYmVjYWM0YTkzODUxNDg5Y2M4MzhiMWRjMmJmZGUxN2Rj
ZDk1NjBlZWM1N2IyNGI5N2U0NDg5ODRhOWFjZGE1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuLCEa1QKPJlAk87ALmzmvCZ7PJlv2G5dFxRMH+Q9POubG
idg/7/DmYHqXkHyL8pJO/hHQNXGFLXQO3ga/tHTnuWXQ6+aBNhfISmlLhitfxvyp
8WvZPG91/f7UddnWYTpkWQNmxYpDcYquUBy1BQrrjJqR+3GaFaq/AhxMf1TevmQX
tm/kSw3hnFTw6QX3UWDRE0PESsEoMOmQCvzZeXb+o3eiMv0D/WiJ/ICkVk9RfVff
m/lw5jKJGMQSaEi/Lun8Mh3NPFktoO6XEu8xzWj03T9DvOg3rFoy8OFjAoy+8V/a
kIbCl10u64Y/Qt/33AyEZ30/lBGYBlOWDif10cr1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/gfLjHREfLd1it3p82iHXuNHfRowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFhZjg5Mzg3LTQ0ZjctNDhhYi1iNDQwLWExZjBlMDBmZmI2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEN46AwDQYJKoZIhvcNAQELBQADggEBAEZgdAxD/tMqqTPiPunB6ZIDf6Fi
hkeTpdedx4ZqCxuZO5eUa6DodFcpVtUhkm1rL+y0ObmDBD6J/MEgz1sHB6GIi+l3
ctJkolDX20vg/uIBdtqnWvsjan1+/janZWN8+HEg41l0JV9pZ+ltB4k1UQ4GsifX
sICjLSgB2y2e+3BPAu06+JAYboA+OlSD7FG2MnWIguUipT/yS1T+drVUEthDwR3/
ENofymbTY7ZaTgkq6SfVveWCYDGqAGJ8Jc1+up50ZsZnE0xHTipuj1QnjgTRNlHv
RcYYTJy3AtklQQ5Zuy0+KPvL0SmpOW0Wdv8TfCiKsLfAPX4DFw+XF4vu/Lk=
-----END CERTIFICATE-----