Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1fbdb3b5-e8ae-4c0e-ba0c-246787532bc4.roa
File:                     1fbdb3b5-e8ae-4c0e-ba0c-246787532bc4.roa (raw, json)
Hash identifier:          XXV8fYzPTCWbZFZT8IcvW2M/Fs1BNKNnzxb2eDPTs9w=
Subject key identifier:   5B:70:2C:92:1D:DE:83:68:BC:49:E6:E4:26:07:15:88:45:30:7D:65
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6C7EDCBD897145A23972E1ED26A17FC5DF8F01E6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1fbdb3b5-e8ae-4c0e-ba0c-246787532bc4.roa
Signing time:             Sun 19 Oct 2025 11:13:38 +0000
ROA not before:           Sun 19 Oct 2025 11:13:38 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.227.242.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:7e:dc:bd:89:71:45:a2:39:72:e1:ed:26:a1:7f:c5:df:8f:01:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 11:13:38 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=b3f410e7745cb44b39c384ad8ddddd02c3bedf7cd950280988fcce6f92ff862c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:2d:41:3d:96:34:ab:6f:49:eb:94:89:c0:d9:
                    07:ab:45:85:63:2c:6d:34:7d:82:a4:cf:e9:2b:10:
                    42:ca:0f:56:2d:c5:8b:fb:cd:9e:76:aa:76:ea:43:
                    b2:d3:e4:85:14:cb:a0:fb:92:f7:5f:ca:98:2d:e9:
                    86:75:5b:9f:e2:5f:b1:18:35:ec:4e:0f:a4:52:4c:
                    70:e3:c0:d8:71:e3:12:76:50:6b:2f:02:3a:07:38:
                    37:e2:7b:42:75:89:a6:87:ab:2f:33:bb:00:b9:d8:
                    e0:2b:f4:8d:9f:67:7a:17:69:dd:12:a5:14:cd:01:
                    9f:3b:90:ae:77:23:91:c6:73:03:c5:21:7b:cf:91:
                    e4:f8:ad:44:68:49:8b:73:40:dd:09:41:5d:67:9f:
                    89:1f:15:be:38:ce:26:e6:5e:10:8b:2b:67:99:0f:
                    57:a5:a6:8a:12:23:16:47:c1:cd:1c:02:8b:0a:eb:
                    c8:d8:ea:24:00:4c:38:60:b7:a2:37:4b:28:a4:bd:
                    d2:00:11:17:fd:f6:6e:79:33:f0:25:c5:82:93:fc:
                    8b:07:c5:b8:8b:2d:e7:d1:dc:58:52:27:13:39:0a:
                    fd:38:73:5e:12:bf:7c:d4:da:bd:d4:94:01:f8:2b:
                    ff:9f:db:0c:57:5d:3d:1e:2e:f5:1e:9d:63:79:89:
                    53:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:70:2C:92:1D:DE:83:68:BC:49:E6:E4:26:07:15:88:45:30:7D:65
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1fbdb3b5-e8ae-4c0e-ba0c-246787532bc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.227.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:fa:a6:d9:9a:43:ba:cd:7b:7b:34:07:2f:49:1d:f0:4f:ab:
         73:a2:bb:b9:ae:e4:b9:98:b2:69:b3:23:55:5b:81:95:cc:bb:
         14:79:5c:30:99:8d:46:91:19:5d:c6:f6:b3:bc:5c:a2:83:ee:
         36:2c:c4:74:f7:72:7a:11:ab:c6:55:36:31:86:36:6c:ae:e4:
         d3:d3:b0:ab:d1:b2:ac:7a:fb:92:fe:bd:ac:69:a7:29:94:3c:
         87:20:a4:69:ad:3c:03:33:b7:49:d8:60:52:60:79:64:49:33:
         61:b6:02:c5:a0:e8:84:ec:d8:a5:39:af:18:2e:ee:df:f9:8d:
         ca:0b:7e:22:c8:e2:62:cd:89:b5:a1:7b:36:05:90:a4:4f:b9:
         4f:a4:38:67:3e:9f:ff:8e:5a:70:54:34:0b:97:66:8d:6a:f3:
         f9:65:52:a3:2b:55:f4:cf:79:28:94:44:33:73:63:3d:d7:3d:
         d4:1a:27:41:aa:7d:90:ce:8a:6c:cf:29:2c:e8:01:70:c8:ce:
         06:14:34:33:bd:16:f6:97:85:bc:b0:d8:7f:88:31:da:42:54:
         1a:8c:ac:a1:ae:41:29:c6:d2:45:25:e3:61:47:49:24:5f:57:
         9e:6f:56:79:7b:3a:75:c2:ab:3a:e3:67:cc:ad:cd:fb:06:7b:
         e3:5e:66:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbH7cvYlxRaI5cuHtJqF/xd+PAeYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTExMzM4WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiM2Y0MTBlNzc0NWNiNDRiMzljMzg0YWQ4ZGRkZGQwMmMz
YmVkZjdjZDk1MDI4MDk4OGZjY2U2ZjkyZmY4NjJjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoLUE9ljSrb0nrlInA2QerRYVjLG00fYKkz+krEELKD1Yt
xYv7zZ52qnbqQ7LT5IUUy6D7kvdfypgt6YZ1W5/iX7EYNexOD6RSTHDjwNhx4xJ2
UGsvAjoHODfie0J1iaaHqy8zuwC52OAr9I2fZ3oXad0SpRTNAZ87kK53I5HGcwPF
IXvPkeT4rURoSYtzQN0JQV1nn4kfFb44zibmXhCLK2eZD1elpooSIxZHwc0cAosK
68jY6iQATDhgt6I3SyikvdIAERf99m55M/AlxYKT/IsHxbiLLefR3FhSJxM5Cv04
c14Sv3zU2r3UlAH4K/+f2wxXXT0eLvUenWN5iVNbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUW3Askh3eg2i8SebkJgcViEUwfWUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFmYmRiM2I1LWU4YWUtNGMwZS1iYTBjLTI0Njc4NzUzMmJjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEN4/IwDQYJKoZIhvcNAQELBQADggEBACP6ptmaQ7rNe3s0By9JHfBPq3Oi
u7mu5LmYsmmzI1VbgZXMuxR5XDCZjUaRGV3G9rO8XKKD7jYsxHT3cnoRq8ZVNjGG
Nmyu5NPTsKvRsqx6+5L+vaxppymUPIcgpGmtPAMzt0nYYFJgeWRJM2G2AsWg6ITs
2KU5rxgu7t/5jcoLfiLI4mLNibWhezYFkKRPuU+kOGc+n/+OWnBUNAuXZo1q8/ll
UqMrVfTPeSiURDNzYz3XPdQaJ0GqfZDOimzPKSzoAXDIzgYUNDO9FvaXhbyw2H+I
MdpCVBqMrKGuQSnG0kUl42FHSSRfV55vVnl7OnXCqzrjZ8ytzfsGe+NeZi4=
-----END CERTIFICATE-----