Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1cff4af4-a3b4-4d79-953d-45fc7370a811.roa
File:                     1cff4af4-a3b4-4d79-953d-45fc7370a811.roa (raw, json)
Hash identifier:          v/mgYlzC77If7FIk4FCgOENNRRlW1Fa8CGV2XtF4ElY=
Subject key identifier:   55:19:D4:C9:EC:C4:84:E6:9C:53:AF:0E:30:5B:C6:F9:A4:32:C6:F1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       366B22873D28EFE9BA541228529C1D4A64A46A00
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1cff4af4-a3b4-4d79-953d-45fc7370a811.roa
Signing time:             Sun 19 Oct 2025 16:43:44 +0000
ROA not before:           Sun 19 Oct 2025 16:43:44 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.225.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:6b:22:87:3d:28:ef:e9:ba:54:12:28:52:9c:1d:4a:64:a4:6a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 16:43:44 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=5553d26e519549ccb3ebf14f302fe63b0c69addab5f52b3f6d595aada173885f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:29:1d:36:10:8b:fb:53:b7:b9:05:18:01:f9:
                    15:5d:2d:9b:13:b2:b5:e2:91:ed:c1:6a:24:e7:81:
                    d3:b6:63:5d:97:4f:a6:78:b8:2e:12:8f:6c:71:6b:
                    87:42:69:b7:33:db:49:51:f5:ce:67:a9:df:e0:48:
                    92:0a:a1:6e:64:15:d2:77:1a:5e:67:d5:66:8d:d9:
                    e7:5d:f8:54:25:de:a7:b2:d5:88:96:83:22:aa:1f:
                    77:fc:ac:4b:b5:d5:76:4a:8b:32:2a:cc:c3:1a:14:
                    e6:b7:b7:ff:2b:7b:32:fb:51:29:f7:d8:bf:14:e3:
                    7e:ec:7a:6c:f1:09:29:a8:ec:8f:f3:44:4f:19:e6:
                    ef:d2:16:75:eb:c2:9b:e3:57:fd:5b:6d:c8:6d:ff:
                    ff:b6:95:4b:bc:19:a9:7f:68:d1:5e:9c:18:31:a7:
                    8f:1d:5a:11:c1:0e:bb:e1:c0:04:ea:fb:0a:0b:99:
                    6f:20:1f:f1:19:8a:56:df:a6:50:5a:99:a3:e1:33:
                    de:d5:95:14:d6:ec:19:48:a3:1e:17:04:f1:80:3d:
                    33:2d:80:e1:1b:3b:9e:1b:34:99:87:b3:60:1b:df:
                    cb:53:76:01:fe:07:3d:8c:f1:ec:81:89:b6:92:72:
                    ff:de:1d:7f:45:61:80:37:ee:1e:04:c4:30:05:a7:
                    3f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:19:D4:C9:EC:C4:84:E6:9C:53:AF:0E:30:5B:C6:F9:A4:32:C6:F1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1cff4af4-a3b4-4d79-953d-45fc7370a811.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.225.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:81:e5:a8:c0:05:8e:ee:8c:08:47:63:6e:82:45:6c:48:86:
         80:42:9c:79:9d:2b:3c:96:2e:8c:89:bb:f4:4d:78:3f:fd:0c:
         22:cc:6a:ca:2c:6d:35:75:cb:db:7a:e1:c2:65:c8:9f:08:7f:
         09:54:9b:5a:b5:e8:56:2a:b6:33:9b:61:34:c3:aa:0c:bc:cf:
         3c:2b:8f:bd:8d:85:75:38:d1:52:21:d3:a0:6b:f6:aa:3d:b8:
         cf:bc:8e:90:4a:18:13:42:72:f6:00:c5:eb:30:03:c3:51:15:
         05:0b:c4:32:7b:b0:2b:ea:94:7e:17:82:11:de:db:31:d6:ac:
         f9:e6:6c:54:76:52:fa:69:83:39:6e:b5:b4:2f:54:9b:a2:58:
         0f:6b:ec:db:78:47:5e:79:48:b9:64:cb:f5:e7:59:cf:e8:ed:
         01:89:7d:8e:4f:9d:d1:5c:37:47:e0:48:d3:5d:e9:cf:3a:32:
         f5:c7:4a:98:41:71:00:f2:49:8b:ab:2e:53:a1:d3:f0:69:3f:
         03:9e:95:a7:ee:59:c9:49:09:44:0b:79:99:84:df:9e:61:8f:
         f3:7a:44:ed:de:a9:c8:88:dd:d1:38:d4:17:32:63:9f:67:d4:
         3f:28:36:28:4e:8c:e2:89:56:87:59:cd:c3:2c:21:c3:9a:eb:
         f9:88:28:b2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNmsihz0o7+m6VBIoUpwdSmSkagAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTY0MzQ0WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NTUzZDI2ZTUxOTU0OWNjYjNlYmYxNGYzMDJmZTYzYjBj
NjlhZGRhYjVmNTJiM2Y2ZDU5NWFhZGExNzM4ODVmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2KR02EIv7U7e5BRgB+RVdLZsTsrXike3BaiTngdO2Y12X
T6Z4uC4Sj2xxa4dCabcz20lR9c5nqd/gSJIKoW5kFdJ3Gl5n1WaN2edd+FQl3qey
1YiWgyKqH3f8rEu11XZKizIqzMMaFOa3t/8rezL7USn32L8U437semzxCSmo7I/z
RE8Z5u/SFnXrwpvjV/1bbcht//+2lUu8Gal/aNFenBgxp48dWhHBDrvhwATq+woL
mW8gH/EZilbfplBamaPhM97VlRTW7BlIox4XBPGAPTMtgOEbO54bNJmHs2Ab38tT
dgH+Bz2M8eyBibaScv/eHX9FYYA37h4ExDAFpz+1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVRnUyezEhOacU68OMFvG+aQyxvEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFjZmY0YWY0LWEzYjQtNGQ3OS05NTNkLTQ1ZmM3MzcwYTgxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEN4XYwDQYJKoZIhvcNAQELBQADggEBAK+B5ajABY7ujAhHY26CRWxIhoBC
nHmdKzyWLoyJu/RNeD/9DCLMasosbTV1y9t64cJlyJ8IfwlUm1q16FYqtjObYTTD
qgy8zzwrj72NhXU40VIh06Br9qo9uM+8jpBKGBNCcvYAxeswA8NRFQULxDJ7sCvq
lH4XghHe2zHWrPnmbFR2UvppgzlutbQvVJuiWA9r7Nt4R155SLlky/XnWc/o7QGJ
fY5PndFcN0fgSNNd6c86MvXHSphBcQDySYurLlOh0/BpPwOelafuWclJCUQLeZmE
355hj/N6RO3eqciI3dE41BcyY59n1D8oNihOjOKJVodZzcMsIcOa6/mIKLI=
-----END CERTIFICATE-----