Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b519a5e-78d8-4224-ae97-85b48b1ec211.roa
File:                     3b519a5e-78d8-4224-ae97-85b48b1ec211.roa (raw, json)
Hash identifier:          NfDPLSBMY6JFE39xPwARneptk34I4pvZWyP53xj15Io=
Subject key identifier:   6E:AC:F8:5C:3F:FC:5C:80:64:26:57:71:47:AA:09:A6:D1:5A:F9:1C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       13D73BE6E1CB7BDC104525AD1A1932A25B295FB5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b519a5e-78d8-4224-ae97-85b48b1ec211.roa
Signing time:             Sat 18 Oct 2025 22:40:06 +0000
ROA not before:           Sat 18 Oct 2025 22:40:06 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.249.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:d7:3b:e6:e1:cb:7b:dc:10:45:25:ad:1a:19:32:a2:5b:29:5f:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 22:40:06 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=ea7ce1dc55fc00f08f567e3ef8241d44a7c5dcda9cf138c995915a5878e26b1b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:18:a7:5b:5d:e2:6c:de:fa:52:3c:4c:15:c3:
                    c8:44:db:6b:bb:dd:03:ef:c6:78:7a:74:ec:4c:2b:
                    86:ff:08:4c:60:22:ca:d2:be:3c:fd:8c:a1:47:bb:
                    a6:e7:28:0e:0d:4f:0e:bb:22:cb:90:3a:9a:71:30:
                    f8:ad:94:40:21:04:01:04:e3:2b:1e:92:ce:01:5e:
                    13:11:aa:1b:cf:c1:52:bb:52:75:22:1b:16:13:12:
                    3e:91:83:32:5c:ce:e8:44:70:02:65:fc:92:d0:c6:
                    65:c1:ff:0d:b9:91:ce:97:90:ef:4a:23:b8:1c:99:
                    df:cd:d2:58:97:17:ac:7d:12:8c:56:18:8b:47:c1:
                    ed:b3:85:30:2c:b2:00:21:91:fb:fd:2a:57:38:4f:
                    e4:c8:41:69:7f:6a:22:33:23:8f:46:e4:6d:bd:60:
                    7a:7b:e8:0c:ec:e4:20:63:28:d7:c0:30:eb:62:ee:
                    6b:c7:9c:1d:e8:78:b8:f9:52:10:e2:9e:57:7d:ac:
                    e1:02:d7:97:34:3c:7d:08:70:02:9a:88:24:74:4b:
                    68:89:22:93:31:76:b4:06:90:96:bd:37:4b:d7:ec:
                    c0:bb:b6:b4:9b:45:c4:96:71:be:0c:7e:a4:0f:32:
                    29:2f:67:2a:bf:20:e6:5d:1e:ed:dc:f2:85:81:2d:
                    c8:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:AC:F8:5C:3F:FC:5C:80:64:26:57:71:47:AA:09:A6:D1:5A:F9:1C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b519a5e-78d8-4224-ae97-85b48b1ec211.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.249.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:43:f6:c5:02:cf:0d:5d:aa:4b:e7:81:81:97:8e:0a:3c:ba:
         72:37:85:b5:a1:45:e2:80:a5:a2:55:b8:3a:39:25:f3:bc:c0:
         a9:b2:68:7d:ba:56:4c:b4:b1:e5:f1:0e:75:71:18:a3:c1:23:
         e6:5b:8f:2f:9b:40:79:cd:10:9c:14:0b:96:78:55:5c:90:55:
         bf:50:cf:e8:93:db:d5:6a:6a:b2:43:b9:3b:8c:09:b6:d0:a3:
         89:fc:20:be:09:2a:a2:ec:1d:ff:44:d5:40:f9:9d:5e:07:2d:
         de:8e:07:f6:03:95:e7:b5:c1:1b:b4:4e:e4:05:80:1f:58:6e:
         2e:fb:cf:73:f5:95:d6:a3:2c:f3:35:f7:1e:9f:1b:60:89:ba:
         93:2b:38:7b:f6:40:b9:68:1f:4e:c1:d2:17:36:a5:90:6c:cd:
         2a:a8:1b:e5:cf:69:63:a9:54:9a:c2:b9:75:5f:bb:31:bd:b9:
         9d:6d:bc:7f:c0:fb:6d:f2:34:e1:ab:b9:3e:ff:2f:48:e3:df:
         21:e0:5a:2d:18:ee:ed:1a:ef:6f:8d:27:75:35:77:ef:fc:30:
         7a:97:52:b7:a9:6c:93:66:c9:93:8d:e4:af:dd:48:67:d3:c1:
         31:0c:32:68:62:97:07:72:d0:39:0a:0e:be:ae:d8:38:f0:db:
         2e:72:81:b0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE9c75uHLe9wQRSWtGhkyolspX7UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MjI0MDA2WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTdjZTFkYzU1ZmMwMGYwOGY1NjdlM2VmODI0MWQ0NGE3
YzVkY2RhOWNmMTM4Yzk5NTkxNWE1ODc4ZTI2YjFiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgGKdbXeJs3vpSPEwVw8hE22u73QPvxnh6dOxMK4b/CExg
IsrSvjz9jKFHu6bnKA4NTw67IsuQOppxMPitlEAhBAEE4yseks4BXhMRqhvPwVK7
UnUiGxYTEj6RgzJczuhEcAJl/JLQxmXB/w25kc6XkO9KI7gcmd/N0liXF6x9EoxW
GItHwe2zhTAssgAhkfv9Klc4T+TIQWl/aiIzI49G5G29YHp76Azs5CBjKNfAMOti
7mvHnB3oeLj5UhDinld9rOEC15c0PH0IcAKaiCR0S2iJIpMxdrQGkJa9N0vX7MC7
trSbRcSWcb4MfqQPMikvZyq/IOZdHu3c8oWBLcitAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbqz4XD/8XIBkJldxR6oJptFa+RwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiNTE5YTVlLTc4ZDgtNDIyNC1hZTk3LTg1YjQ4YjFlYzIxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN+fswDQYJKoZIhvcNAQELBQADggEBAE9D9sUCzw1dqkvngYGXjgo8unI3
hbWhReKApaJVuDo5JfO8wKmyaH26Vky0seXxDnVxGKPBI+Zbjy+bQHnNEJwUC5Z4
VVyQVb9Qz+iT29VqarJDuTuMCbbQo4n8IL4JKqLsHf9E1UD5nV4HLd6OB/YDlee1
wRu0TuQFgB9Ybi77z3P1ldajLPM19x6fG2CJupMrOHv2QLloH07B0hc2pZBszSqo
G+XPaWOpVJrCuXVfuzG9uZ1tvH/A+23yNOGruT7/L0jj3yHgWi0Y7u0a72+NJ3U1
d+/8MHqXUrepbJNmyZON5K/dSGfTwTEMMmhilwdy0DkKDr6u2Djw2y5ygbA=
-----END CERTIFICATE-----