Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/20ada779-48d1-4f61-b456-80519ecf598e.roa
File:                     20ada779-48d1-4f61-b456-80519ecf598e.roa (raw, json)
Hash identifier:          6fzl9zAUSos/knPI+VrAoZZCJxghCoK3XmcAJ3wyLlM=
Subject key identifier:   0B:70:4A:7E:1E:06:B8:53:82:75:B5:C4:02:A8:2C:8B:A7:8E:64:DB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1AEDBDA84402233F5FE5553AAAF537C82EE8FEAB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/20ada779-48d1-4f61-b456-80519ecf598e.roa
Signing time:             Sun 19 Oct 2025 20:42:36 +0000
ROA not before:           Sun 19 Oct 2025 20:42:36 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.225.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:ed:bd:a8:44:02:23:3f:5f:e5:55:3a:aa:f5:37:c8:2e:e8:fe:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 20:42:36 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=07f5d932460bef00193d6c3dc739697c306fd22eb808ec077b789673eb830031, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:d0:0c:85:98:81:da:e6:6a:12:96:4f:51:84:
                    c1:91:de:01:3a:4c:01:c8:ec:2c:53:c8:9e:76:d0:
                    de:0d:d4:ac:4e:ad:02:ec:a0:ff:5b:a1:a4:b3:9d:
                    ed:46:c2:e9:f4:0e:76:1a:4a:90:e3:75:80:98:71:
                    3d:06:a3:36:5b:e0:b3:96:95:71:8d:50:01:44:c5:
                    66:27:dd:64:e4:7e:94:38:1b:f5:58:46:e5:6d:e7:
                    66:4e:48:45:a7:0c:37:8e:c2:8e:a5:52:6d:a5:1f:
                    a7:71:97:ba:e5:ab:31:11:f1:d0:e2:27:33:af:6c:
                    62:37:d6:8c:5d:cc:a3:a2:83:a8:79:3a:5b:ae:f3:
                    86:09:db:8e:61:04:49:ec:ba:e6:01:29:99:79:d5:
                    44:eb:29:c9:5b:c2:33:c1:73:54:87:41:a3:7e:fe:
                    4c:fe:33:49:74:60:42:a4:c7:c7:ce:6a:58:54:c0:
                    cd:23:04:01:2a:9e:06:8d:a0:71:53:76:91:07:97:
                    28:0f:9c:b3:f3:bb:b4:cf:e1:fc:65:74:a4:73:4c:
                    73:cb:1b:dc:20:2a:f3:76:ad:40:43:2f:d8:b2:19:
                    d4:dc:71:31:0d:39:da:ad:b8:45:b0:b5:c8:59:bd:
                    87:3a:1e:35:ae:25:ff:37:af:37:b9:cb:4f:d7:92:
                    9f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:70:4A:7E:1E:06:B8:53:82:75:B5:C4:02:A8:2C:8B:A7:8E:64:DB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/20ada779-48d1-4f61-b456-80519ecf598e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.225.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:95:a7:d5:5e:e4:89:78:9a:5d:ab:e7:59:2e:62:c5:b3:d9:
         72:29:97:0b:e2:0b:fe:74:15:06:ec:8e:eb:77:53:b9:b7:9f:
         c8:0f:b4:bf:28:79:b6:11:a8:f8:2d:d7:8b:31:3c:d3:6a:f5:
         e6:b1:80:0b:2e:0b:21:b2:63:9a:38:f4:0b:f5:63:b4:b6:62:
         9c:ed:9d:aa:cc:4f:7c:ad:e1:ee:04:dc:c1:4a:8f:1e:9c:06:
         44:aa:d8:ea:71:0e:ec:cb:8e:6c:a7:81:86:d3:f3:c9:88:e6:
         4e:18:a5:0b:a7:6c:2a:cf:f6:41:97:97:90:85:4c:ef:7c:be:
         69:b5:cc:92:db:f7:6c:4f:0a:21:cd:61:c0:10:a2:d7:cb:55:
         73:4b:93:53:23:2e:da:26:86:a4:3e:79:19:ec:c8:4c:a6:0e:
         17:2d:d0:96:8a:b0:aa:fa:08:1e:6a:3e:97:9b:65:b3:d1:62:
         34:e1:89:f2:9a:ab:77:7a:d5:ad:4d:78:bc:4e:69:02:d1:10:
         d9:2f:24:d5:5f:2f:59:3d:43:b9:b7:86:cd:23:c7:55:2b:18:
         b8:e9:65:f0:c9:e6:b2:92:19:86:17:7d:a8:62:fe:3f:ac:5e:
         29:a1:54:15:92:5f:75:a5:4f:f1:dd:3c:db:06:05:b8:71:14:
         ca:6d:d6:b1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGu29qEQCIz9f5VU6qvU3yC7o/qswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjA0MjM2WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwN2Y1ZDkzMjQ2MGJlZjAwMTkzZDZjM2RjNzM5Njk3YzMw
NmZkMjJlYjgwOGVjMDc3Yjc4OTY3M2ViODMwMDMxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCr0AyFmIHa5moSlk9RhMGR3gE6TAHI7CxTyJ520N4N1KxO
rQLsoP9boaSzne1Gwun0DnYaSpDjdYCYcT0GozZb4LOWlXGNUAFExWYn3WTkfpQ4
G/VYRuVt52ZOSEWnDDeOwo6lUm2lH6dxl7rlqzER8dDiJzOvbGI31oxdzKOig6h5
Oluu84YJ245hBEnsuuYBKZl51UTrKclbwjPBc1SHQaN+/kz+M0l0YEKkx8fOalhU
wM0jBAEqngaNoHFTdpEHlygPnLPzu7TP4fxldKRzTHPLG9wgKvN2rUBDL9iyGdTc
cTENOdqtuEWwtchZvYc6HjWuJf83rze5y0/Xkp+RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUC3BKfh4GuFOCdbXEAqgsi6eOZNswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzIwYWRhNzc5LTQ4ZDEtNGY2MS1iNDU2LTgwNTE5ZWNmNTk4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN4dQwDQYJKoZIhvcNAQELBQADggEBAHeVp9Ve5Il4ml2r51kuYsWz2XIp
lwviC/50FQbsjut3U7m3n8gPtL8oebYRqPgt14sxPNNq9eaxgAsuCyGyY5o49Av1
Y7S2YpztnarMT3yt4e4E3MFKjx6cBkSq2OpxDuzLjmyngYbT88mI5k4YpQunbCrP
9kGXl5CFTO98vmm1zJLb92xPCiHNYcAQotfLVXNLk1MjLtomhqQ+eRnsyEymDhct
0JaKsKr6CB5qPpebZbPRYjThifKaq3d61a1NeLxOaQLRENkvJNVfL1k9Q7m3hs0j
x1UrGLjpZfDJ5rKSGYYXfahi/j+sXimhVBWSX3WlT/HdPNsGBbhxFMpt1rE=
-----END CERTIFICATE-----