Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/24bf05f3-d849-426f-8bd8-1a0bbfb7d036.roa
File:                     24bf05f3-d849-426f-8bd8-1a0bbfb7d036.roa (raw, json)
Hash identifier:          X4+wEKSJ5qkOOI3MESiFGh3knnTruroVwSCrYIAcEUo=
Subject key identifier:   AF:6C:40:24:B9:0A:1C:FA:1A:9B:78:2C:9A:39:E5:D2:FC:14:2D:42
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0CE9978297DC919633E7576C522A727CD887BF4B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/24bf05f3-d849-426f-8bd8-1a0bbfb7d036.roa
Signing time:             Sun 19 Oct 2025 16:33:36 +0000
ROA not before:           Sun 19 Oct 2025 16:33:36 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.224.204.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:e9:97:82:97:dc:91:96:33:e7:57:6c:52:2a:72:7c:d8:87:bf:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 16:33:36 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=14d88c9745341bf017031843382cb9f1c6e3fe392d5ff60620221f1ee619fb59, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:07:6b:80:ee:6d:7d:f0:2b:f2:77:6c:1b:0e:
                    db:08:93:46:20:27:43:92:c9:33:1c:36:e0:f0:b7:
                    04:62:5f:e7:04:18:60:ba:70:2f:8c:97:e8:ab:fa:
                    52:ef:2b:f5:c1:a5:47:20:93:27:a0:07:7f:c6:b4:
                    a6:82:7e:26:15:88:53:02:1a:f9:f4:83:d1:d9:08:
                    42:d7:06:59:f1:0b:82:14:d2:cf:1d:62:ed:84:1e:
                    80:14:65:a4:f0:ba:a6:51:b5:db:a1:18:d0:13:73:
                    42:32:56:87:60:39:56:70:a6:7b:63:62:73:33:97:
                    f2:40:39:55:ea:93:af:cb:a7:69:b5:81:b0:26:1b:
                    60:7e:42:9d:39:39:a7:27:6e:e5:1f:51:7d:e3:d2:
                    45:57:0f:5c:32:85:1a:5d:ae:17:35:47:33:85:d5:
                    1c:22:21:28:dd:8b:65:0e:23:f3:99:d0:20:a5:5f:
                    6c:43:7a:6a:07:0e:b2:af:7c:e0:2f:93:8a:7f:b0:
                    ad:15:68:6a:19:88:d0:52:db:b2:b9:cf:6f:9f:d5:
                    b9:c5:4c:15:59:a8:8d:99:48:26:e1:8a:9c:9b:63:
                    1a:5d:76:79:bf:1a:ac:96:b5:ba:69:4c:3d:f3:c3:
                    d3:a9:a9:63:d8:2b:4c:68:49:28:d8:91:e0:6b:89:
                    a0:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:6C:40:24:B9:0A:1C:FA:1A:9B:78:2C:9A:39:E5:D2:FC:14:2D:42
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/24bf05f3-d849-426f-8bd8-1a0bbfb7d036.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.224.204.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:c4:5e:f3:8c:4b:a5:65:cc:b2:5f:dd:c3:23:3f:29:b8:45:
         5c:f4:11:da:3d:f9:ba:73:14:50:dc:dc:64:4f:3c:8a:2d:10:
         c2:6b:d3:dd:c8:84:2f:40:a4:1e:3b:f3:96:44:ec:1b:76:7b:
         2e:98:ca:62:73:2c:22:de:e1:34:d6:f3:43:84:fe:5e:66:3d:
         8c:1f:90:96:fa:5b:bb:16:ca:38:90:e7:74:6b:e2:2f:85:81:
         70:95:16:13:11:0e:0c:3d:5f:d4:17:0d:bd:f2:7a:eb:f9:55:
         9f:ef:2d:d9:bc:dc:d4:27:15:8d:a1:c6:48:5e:cc:d9:c3:ce:
         04:ac:6c:04:4b:36:eb:0f:76:28:82:47:e1:1f:43:ca:a2:94:
         c7:7f:f2:b1:46:b2:33:c6:95:ec:28:76:88:38:96:f2:0b:ab:
         0a:b9:c0:2e:f1:a6:f0:80:90:72:ef:4a:94:65:44:2a:ed:35:
         fe:c0:f3:0a:8a:1f:53:a6:84:d6:94:e9:1e:b4:b2:0f:1a:73:
         57:d0:68:d3:33:e2:74:f2:f6:c7:49:c2:1d:3d:11:fa:15:10:
         5e:94:68:65:0d:30:11:06:34:e2:60:80:b3:84:61:c2:de:7d:
         9f:b2:e8:d3:d3:7a:da:4f:4f:be:2d:d7:62:f1:76:c8:3d:89:
         ef:87:78:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDOmXgpfckZYz51dsUipyfNiHv0swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTYzMzM2WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNGQ4OGM5NzQ1MzQxYmYwMTcwMzE4NDMzODJjYjlmMWM2
ZTNmZTM5MmQ1ZmY2MDYyMDIyMWYxZWU2MTlmYjU5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlB2uA7m198Cvyd2wbDtsIk0YgJ0OSyTMcNuDwtwRiX+cE
GGC6cC+Ml+ir+lLvK/XBpUcgkyegB3/GtKaCfiYViFMCGvn0g9HZCELXBlnxC4IU
0s8dYu2EHoAUZaTwuqZRtduhGNATc0IyVodgOVZwpntjYnMzl/JAOVXqk6/Lp2m1
gbAmG2B+Qp05OacnbuUfUX3j0kVXD1wyhRpdrhc1RzOF1RwiISjdi2UOI/OZ0CCl
X2xDemoHDrKvfOAvk4p/sK0VaGoZiNBS27K5z2+f1bnFTBVZqI2ZSCbhipybYxpd
dnm/GqyWtbppTD3zw9OpqWPYK0xoSSjYkeBriaCLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUr2xAJLkKHPoam3gsmjnl0vwULUIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI0YmYwNWYzLWQ4NDktNDI2Zi04YmQ4LTFhMGJiZmI3ZDAzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEN4MwwDQYJKoZIhvcNAQELBQADggEBAHnEXvOMS6VlzLJf3cMjPym4RVz0
Edo9+bpzFFDc3GRPPIotEMJr093IhC9ApB4785ZE7Bt2ey6YymJzLCLe4TTW80OE
/l5mPYwfkJb6W7sWyjiQ53Rr4i+FgXCVFhMRDgw9X9QXDb3yeuv5VZ/vLdm83NQn
FY2hxkhezNnDzgSsbARLNusPdiiCR+EfQ8qilMd/8rFGsjPGlewodog4lvILqwq5
wC7xpvCAkHLvSpRlRCrtNf7A8wqKH1OmhNaU6R60sg8ac1fQaNMz4nTy9sdJwh09
EfoVEF6UaGUNMBEGNOJggLOEYcLefZ+y6NPTetpPT74t12Lxdsg9ie+HeC4=
-----END CERTIFICATE-----