Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41d86942-b292-44de-abf2-a281a40ecc3b.roa
File:                     41d86942-b292-44de-abf2-a281a40ecc3b.roa (raw, json)
Hash identifier:          vZvLVM8GW1MZKfLqqrAG2VVvpcaj6StiSz+3kH0MsnI=
Subject key identifier:   9D:C1:26:56:AF:AA:DC:DE:A8:EB:24:98:9C:73:46:DA:A7:57:5A:D7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       63F857EF6A38AD66CA407089F67F7966E80AEAC7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41d86942-b292-44de-abf2-a281a40ecc3b.roa
Signing time:             Sun 19 Oct 2025 16:03:46 +0000
ROA not before:           Sun 19 Oct 2025 16:03:46 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.35.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:f8:57:ef:6a:38:ad:66:ca:40:70:89:f6:7f:79:66:e8:0a:ea:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 16:03:46 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=360874033da5d71513e95b660a02f3e4796747b09986937a7fad7607b5c61fdb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:1a:cc:2e:84:6f:9b:e4:0d:1d:32:ce:6f:24:
                    83:10:4c:01:68:9e:c0:cf:c9:4e:a0:14:e0:06:59:
                    e5:17:37:65:89:5a:2a:3a:e8:10:01:88:2b:d7:8d:
                    77:e6:c9:9f:16:bc:25:7f:e5:23:e8:e0:b3:fd:46:
                    4d:ad:45:a1:be:25:15:b5:c8:8b:a2:f5:3a:d8:5c:
                    84:b9:52:a4:1d:1e:b4:55:21:0e:70:53:ea:51:ea:
                    0c:45:74:d6:8b:7e:56:99:1a:56:44:8e:d0:52:72:
                    63:bb:fa:74:db:a7:8a:bf:15:8b:8f:be:bc:ae:9c:
                    a6:2d:cb:54:18:8e:4e:9b:45:e3:64:db:7e:79:5e:
                    b7:55:58:b5:ee:ef:75:c3:7c:74:92:1b:f2:9e:b5:
                    5e:6b:31:d5:7c:07:b5:fe:91:1c:3c:7d:bf:c5:2a:
                    d6:67:71:af:cf:c3:e1:20:dc:91:0a:3e:2f:7b:67:
                    e5:d2:2d:7d:0e:1f:75:1b:ee:7b:0a:a7:ac:75:ea:
                    b9:49:a3:0e:79:8a:61:a8:81:22:c8:e9:b6:ba:b6:
                    b4:86:3f:1f:32:10:a3:c6:91:01:ea:ce:2e:5a:05:
                    01:47:e4:4b:67:75:74:71:d3:61:16:00:a2:7d:dd:
                    f7:2f:1c:95:6b:ad:e3:b7:57:e8:30:f8:59:86:ed:
                    d6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C1:26:56:AF:AA:DC:DE:A8:EB:24:98:9C:73:46:DA:A7:57:5A:D7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/41d86942-b292-44de-abf2-a281a40ecc3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.35.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:e1:26:37:43:98:7b:19:85:1a:c5:c4:1d:40:71:05:56:aa:
         32:a4:4b:e6:78:f9:97:78:6f:89:4f:7f:f7:aa:68:87:86:91:
         ee:71:f7:90:46:b0:cf:8d:3a:09:72:e7:6c:36:d7:53:7d:2a:
         15:1f:08:ad:f8:9e:6e:56:cb:9f:7e:f2:a1:92:68:95:c8:1c:
         b1:ce:a5:aa:c0:ff:10:bc:3f:43:90:4e:ca:db:0f:e6:a5:57:
         29:f4:36:8b:3b:31:cf:de:50:fe:0f:89:cc:2f:43:e3:3c:78:
         db:cf:c4:a7:e1:2f:d3:3e:8e:77:79:76:30:ec:65:aa:b7:c9:
         ce:f7:6a:56:55:ca:2a:af:df:39:75:37:78:b5:c5:75:7d:45:
         92:68:8b:5f:d7:ff:42:18:60:ff:51:8c:88:bb:72:ec:d1:57:
         cd:6f:a7:62:2e:ac:87:7a:cd:78:c7:f6:60:52:19:a1:b0:3e:
         25:45:5a:ea:25:b9:31:1f:ee:74:26:67:c7:03:19:6a:5e:34:
         3a:7b:1e:93:fc:a4:d8:37:3a:7e:7f:94:f9:60:a4:7a:81:64:
         69:f2:20:59:8d:b1:b5:8c:3e:c1:96:8a:60:6b:85:8d:ca:b5:
         f7:f7:1b:1b:20:8c:a5:08:91:95:81:b2:76:a3:e2:0e:d0:74:
         d6:17:48:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY/hX72o4rWbKQHCJ9n95ZugK6scwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTYwMzQ2WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNjA4NzQwMzNkYTVkNzE1MTNlOTViNjYwYTAyZjNlNDc5
Njc0N2IwOTk4NjkzN2E3ZmFkNzYwN2I1YzYxZmRiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyGswuhG+b5A0dMs5vJIMQTAFonsDPyU6gFOAGWeUXN2WJ
Wio66BABiCvXjXfmyZ8WvCV/5SPo4LP9Rk2tRaG+JRW1yIui9TrYXIS5UqQdHrRV
IQ5wU+pR6gxFdNaLflaZGlZEjtBScmO7+nTbp4q/FYuPvryunKYty1QYjk6bReNk
2355XrdVWLXu73XDfHSSG/KetV5rMdV8B7X+kRw8fb/FKtZnca/Pw+Eg3JEKPi97
Z+XSLX0OH3Ub7nsKp6x16rlJow55imGogSLI6ba6trSGPx8yEKPGkQHqzi5aBQFH
5EtndXRx02EWAKJ93fcvHJVrreO3V+gw+FmG7dY3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUncEmVq+q3N6o6ySYnHNG2qdXWtcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQxZDg2OTQyLWIyOTItNDRkZS1hYmYyLWEyODFhNDBlY2MzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAINI8gwDQYJKoZIhvcNAQELBQADggEBABLhJjdDmHsZhRrFxB1AcQVWqjKk
S+Z4+Zd4b4lPf/eqaIeGke5x95BGsM+NOgly52w211N9KhUfCK34nm5Wy59+8qGS
aJXIHLHOparA/xC8P0OQTsrbD+alVyn0Nos7Mc/eUP4PicwvQ+M8eNvPxKfhL9M+
jnd5djDsZaq3yc73alZVyiqv3zl1N3i1xXV9RZJoi1/X/0IYYP9RjIi7cuzRV81v
p2IurId6zXjH9mBSGaGwPiVFWuoluTEf7nQmZ8cDGWpeNDp7HpP8pNg3On5/lPlg
pHqBZGnyIFmNsbWMPsGWimBrhY3Ktff3GxsgjKUIkZWBsnaj4g7QdNYXSBs=
-----END CERTIFICATE-----