Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/51552571-373f-43ab-b6fb-1f45561808c6.roa
File:                     51552571-373f-43ab-b6fb-1f45561808c6.roa (raw, json)
Hash identifier:          /mbxjwsR6WARTEEBkH8d7vPjnDQPeZ+a/pVfFxD5FJ8=
Subject key identifier:   AD:39:FE:06:E9:7E:0A:D4:EA:AB:61:09:C0:48:9A:0D:4C:63:B3:33
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       709873DC1A077C3D9505D38C09827392CAE47F37
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/51552571-373f-43ab-b6fb-1f45561808c6.roa
Signing time:             Sun 19 Oct 2025 12:52:24 +0000
ROA not before:           Sun 19 Oct 2025 12:52:24 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.33.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:98:73:dc:1a:07:7c:3d:95:05:d3:8c:09:82:73:92:ca:e4:7f:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 12:52:24 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=3c2b2f63f1e31d2ab4a847ac603619c45631d46c1f89f7775f4c935b70769433, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ed:51:10:28:de:08:19:fe:49:d9:27:d4:0f:
                    1d:16:b2:61:95:eb:00:f7:4a:a8:db:a4:4b:76:bd:
                    0a:51:db:ef:7a:01:59:d2:8f:10:c7:12:d3:cc:e7:
                    7f:68:99:f8:13:19:aa:cc:5a:28:b7:44:71:e8:f2:
                    eb:13:df:eb:95:bd:23:a2:25:59:a4:59:72:c8:83:
                    91:e0:79:d2:7f:6f:01:9f:53:40:e1:53:41:04:df:
                    8f:4d:17:68:ba:3a:e7:e1:0c:9a:f2:47:a6:82:78:
                    ef:6b:9a:1e:a2:f8:e2:c5:c5:01:8b:19:aa:3d:b2:
                    71:f0:d3:ae:d3:27:a2:b1:16:25:ff:e6:fb:9a:30:
                    8f:d0:82:31:52:9c:f7:3c:7b:0d:17:df:d6:e0:17:
                    cd:ee:86:24:6c:8d:52:8b:85:69:12:3a:d6:83:02:
                    5a:e3:a5:98:9d:da:02:a0:bb:3e:4d:c7:97:9a:bf:
                    c8:96:52:a7:6a:3d:9f:93:c5:d2:86:81:00:51:5f:
                    46:86:90:90:b5:d8:ab:0a:6c:32:aa:cb:ca:c2:6f:
                    29:72:1f:99:9b:b2:a0:b5:8c:7f:56:7b:8b:1f:4d:
                    5f:42:57:dd:67:dc:bf:f5:50:44:88:ed:47:8b:20:
                    f3:b3:55:f3:14:c5:f2:22:2d:39:d2:6e:78:7a:54:
                    d1:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:39:FE:06:E9:7E:0A:D4:EA:AB:61:09:C0:48:9A:0D:4C:63:B3:33
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/51552571-373f-43ab-b6fb-1f45561808c6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.33.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         82:96:47:38:fb:25:e4:63:32:57:28:03:eb:58:17:7a:f1:89:
         3c:68:05:01:10:3e:9e:10:b8:10:87:b5:86:ce:f3:5f:5e:54:
         41:62:78:22:91:f6:8e:6f:eb:c6:d6:11:89:10:33:4f:a8:98:
         bf:bc:61:9c:63:50:27:00:eb:0d:ee:fa:00:5b:e5:1e:91:7a:
         85:2b:bd:0f:98:31:11:be:d5:77:d6:ae:ca:8a:91:85:08:a5:
         07:99:0a:72:16:15:79:c4:27:33:4a:8f:94:b6:ba:68:19:7b:
         f7:ec:53:8d:2d:63:9b:2e:94:f7:1d:73:64:e6:f5:f4:6e:da:
         e3:31:28:42:f3:5b:7c:d6:87:43:20:56:6b:1b:9e:3e:7c:66:
         3f:cc:e7:2e:8d:49:f0:48:ab:eb:df:bf:c6:3e:ea:b2:f1:77:
         6e:e2:33:24:40:ce:c0:99:8f:69:40:a8:a0:9c:a1:bb:d3:c0:
         87:95:c2:b9:14:9f:11:33:b0:32:9d:9a:eb:ec:b1:9f:5d:64:
         32:93:b7:d2:f1:d4:0c:e9:81:51:19:bd:1c:c5:74:6b:6a:56:
         2f:80:f8:8a:de:04:15:51:bc:e8:0a:43:ad:64:60:90:c7:8c:
         ad:97:5e:5c:d9:b1:20:4b:96:d8:ef:07:2a:1d:63:45:aa:3a:
         2a:98:14:60
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcJhz3BoHfD2VBdOMCYJzksrkfzcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTI1MjI0WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzJiMmY2M2YxZTMxZDJhYjRhODQ3YWM2MDM2MTljNDU2
MzFkNDZjMWY4OWY3Nzc1ZjRjOTM1YjcwNzY5NDMzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCl7VEQKN4IGf5J2SfUDx0WsmGV6wD3SqjbpEt2vQpR2+96
AVnSjxDHEtPM539omfgTGarMWii3RHHo8usT3+uVvSOiJVmkWXLIg5HgedJ/bwGf
U0DhU0EE349NF2i6OufhDJryR6aCeO9rmh6i+OLFxQGLGao9snHw067TJ6KxFiX/
5vuaMI/QgjFSnPc8ew0X39bgF83uhiRsjVKLhWkSOtaDAlrjpZid2gKguz5Nx5ea
v8iWUqdqPZ+TxdKGgQBRX0aGkJC12KsKbDKqy8rCbylyH5mbsqC1jH9We4sfTV9C
V91n3L/1UESI7UeLIPOzVfMUxfIiLTnSbnh6VNEpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrTn+Bul+CtTqq2EJwEiaDUxjszMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUxNTUyNTcxLTM3M2YtNDNhYi1iNmZiLTFmNDU1NjE4MDhjNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMNIQgwDQYJKoZIhvcNAQELBQADggEBAIKWRzj7JeRjMlcoA+tYF3rxiTxo
BQEQPp4QuBCHtYbO819eVEFieCKR9o5v68bWEYkQM0+omL+8YZxjUCcA6w3u+gBb
5R6ReoUrvQ+YMRG+1XfWrsqKkYUIpQeZCnIWFXnEJzNKj5S2umgZe/fsU40tY5su
lPcdc2Tm9fRu2uMxKELzW3zWh0MgVmsbnj58Zj/M5y6NSfBIq+vfv8Y+6rLxd27i
MyRAzsCZj2lAqKCcobvTwIeVwrkUnxEzsDKdmuvssZ9dZDKTt9Lx1AzpgVEZvRzF
dGtqVi+A+IreBBVRvOgKQ61kYJDHjK2XXlzZsSBLltjvByodY0WqOiqYFGA=
-----END CERTIFICATE-----