Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3fe34922-d20e-4d79-a696-63218e343754.roa
File:                     3fe34922-d20e-4d79-a696-63218e343754.roa (raw, json)
Hash identifier:          FDk7oJlzUJm7M+/Hy+4a2Ru9FD7bvrqeeRMxgnddJ+8=
Subject key identifier:   C3:E5:ED:FE:97:A7:87:89:EF:58:7F:A6:5E:46:E1:1A:22:F5:19:12
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5A552C733C6F1F118B8ABF414D935005A335FF12
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3fe34922-d20e-4d79-a696-63218e343754.roa
Signing time:             Sun 19 Oct 2025 11:40:10 +0000
ROA not before:           Sun 19 Oct 2025 11:40:10 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.240.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:55:2c:73:3c:6f:1f:11:8b:8a:bf:41:4d:93:50:05:a3:35:ff:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 11:40:10 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=ed960736f679785b1267f274f377f8c8ceeef4df91b33398078c27f6a3620d1d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:63:2f:18:dc:03:52:e1:52:a6:9b:73:a3:3d:
                    65:1d:37:87:b5:60:9a:2b:1c:da:27:a6:72:c6:2d:
                    45:40:94:fb:3c:7b:6f:7f:cf:84:eb:f8:bb:27:88:
                    0f:b2:9b:91:01:d9:a2:3c:c0:26:98:0c:c3:69:01:
                    ec:81:01:c8:06:2f:f8:5e:f0:4d:03:c6:3f:4c:9e:
                    8f:7f:49:57:1c:51:7c:62:58:47:4f:43:a2:16:99:
                    2a:ae:fa:02:2a:5c:12:5b:9e:12:a9:f4:02:bc:d8:
                    69:92:d1:7e:bc:90:48:2c:20:91:62:de:bc:2b:be:
                    5b:ed:03:96:9a:b4:14:e4:ba:55:c7:68:69:24:76:
                    2d:ba:ac:b5:9f:81:69:21:c7:6e:cb:69:95:70:79:
                    c3:1e:54:c4:d3:25:73:1c:97:67:d8:3f:a2:47:d1:
                    d3:56:42:9d:22:2c:34:b3:9c:16:34:02:76:93:74:
                    3d:3c:c6:3d:fe:05:bd:b5:26:be:5e:38:a8:94:a2:
                    64:f8:73:62:1a:ff:5f:71:71:90:3c:10:00:47:40:
                    3a:32:95:ea:24:5b:24:b1:d2:47:9c:f7:b0:90:97:
                    6f:00:7d:eb:e3:a7:6e:2a:d7:da:7d:2c:8d:bf:98:
                    ae:7b:c7:b3:ee:80:f1:54:2f:48:c4:70:e5:c5:70:
                    0f:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:E5:ED:FE:97:A7:87:89:EF:58:7F:A6:5E:46:E1:1A:22:F5:19:12
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3fe34922-d20e-4d79-a696-63218e343754.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:65:79:b2:05:ae:25:7e:d7:03:ca:a1:9d:40:44:b0:16:ca:
         c5:8f:63:58:38:bf:43:82:df:94:e5:60:c6:a9:96:66:65:f1:
         c4:ce:c5:bd:74:b9:d6:b7:0c:85:10:54:9d:30:14:df:a7:71:
         48:8f:ce:da:cd:88:58:ca:30:ed:62:91:48:d3:13:bd:49:1c:
         97:30:5e:48:09:49:d5:47:69:94:57:01:ba:ec:09:20:01:ef:
         e2:42:74:00:2c:fb:85:2f:9b:c9:25:fc:72:39:67:4d:39:ff:
         09:e8:d8:87:58:d5:15:15:43:72:8a:50:36:b4:18:89:72:37:
         d8:14:1e:64:39:b7:9f:3c:26:d2:d5:8c:bb:b4:ea:bd:1b:29:
         2f:12:da:47:8d:8a:ee:df:48:4b:2d:72:c6:89:23:bd:52:be:
         98:ec:b8:0d:b6:e3:f6:57:19:dd:9f:bc:62:43:1d:15:8b:b3:
         09:ce:47:59:55:38:a0:cc:00:dc:3f:16:2b:73:2a:e8:86:74:
         b4:0e:52:12:09:dd:f0:c1:39:cb:05:c1:f2:c5:30:91:ed:5e:
         3b:fc:e8:1b:2c:70:37:dd:2e:ef:6d:43:b3:55:90:59:bc:62:
         f1:7a:f7:e2:f2:2c:b7:39:17:9d:b9:c5:90:d8:56:d2:87:14:
         23:15:fc:7d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWlUsczxvHxGLir9BTZNQBaM1/xIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTE0MDEwWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDk2MDczNmY2Nzk3ODViMTI2N2YyNzRmMzc3ZjhjOGNl
ZWVmNGRmOTFiMzMzOTgwNzhjMjdmNmEzNjIwZDFkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRYy8Y3ANS4VKmm3OjPWUdN4e1YJorHNonpnLGLUVAlPs8
e29/z4Tr+LsniA+ym5EB2aI8wCaYDMNpAeyBAcgGL/he8E0Dxj9Mno9/SVccUXxi
WEdPQ6IWmSqu+gIqXBJbnhKp9AK82GmS0X68kEgsIJFi3rwrvlvtA5aatBTkulXH
aGkkdi26rLWfgWkhx27LaZVwecMeVMTTJXMcl2fYP6JH0dNWQp0iLDSznBY0AnaT
dD08xj3+Bb21Jr5eOKiUomT4c2Ia/19xcZA8EABHQDoyleokWySx0kec97CQl28A
fevjp24q19p9LI2/mK57x7PugPFUL0jEcOXFcA+BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUw+Xt/penh4nvWH+mXkbhGiL1GRIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNmZTM0OTIyLWQyMGUtNGQ3OS1hNjk2LTYzMjE4ZTM0Mzc1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAENIPAwDQYJKoZIhvcNAQELBQADggEBAAxlebIFriV+1wPKoZ1ARLAWysWP
Y1g4v0OC35TlYMaplmZl8cTOxb10uda3DIUQVJ0wFN+ncUiPztrNiFjKMO1ikUjT
E71JHJcwXkgJSdVHaZRXAbrsCSAB7+JCdAAs+4Uvm8kl/HI5Z005/wno2IdY1RUV
Q3KKUDa0GIlyN9gUHmQ5t588JtLVjLu06r0bKS8S2keNiu7fSEstcsaJI71Svpjs
uA224/ZXGd2fvGJDHRWLswnOR1lVOKDMANw/FitzKuiGdLQOUhIJ3fDBOcsFwfLF
MJHtXjv86BsscDfdLu9tQ7NVkFm8YvF69+LyLLc5F525xZDYVtKHFCMV/H0=
-----END CERTIFICATE-----