Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/52961c5b-08b6-4825-b8a2-fc1767c29f2b.roa
File:                     52961c5b-08b6-4825-b8a2-fc1767c29f2b.roa (raw, json)
Hash identifier:          WxcJKIBk86pR7gOZqMuJB68yIeIRJIJmm68wsWd6uww=
Subject key identifier:   DB:35:9E:61:54:65:20:94:38:7B:1B:AD:E0:8E:B9:3D:5D:57:4D:22
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5485CA69D83124782508D1616E3268F2DA570075
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/52961c5b-08b6-4825-b8a2-fc1767c29f2b.roa
Signing time:             Sun 19 Oct 2025 14:31:18 +0000
ROA not before:           Sun 19 Oct 2025 14:31:18 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.224.248.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:85:ca:69:d8:31:24:78:25:08:d1:61:6e:32:68:f2:da:57:00:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 14:31:18 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=fbb2ec5386273e5f8aefd1b3690ba3e3bfe3cbda6a924554a9461fe98eba5284, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e1:06:26:99:a5:3d:6d:16:33:ba:32:a3:26:
                    e5:42:cc:0e:73:b4:8e:90:12:54:d3:92:80:76:c6:
                    ea:b6:c1:d0:d2:d9:44:df:ac:f7:00:76:6e:76:57:
                    c3:8c:b3:69:b5:c9:c9:6b:4d:b9:e0:75:0b:2c:2e:
                    2b:3f:92:fa:1e:e7:e1:80:7b:ac:94:e5:a3:0c:e0:
                    fc:99:16:64:03:d1:bc:c6:90:53:ae:2b:26:0f:11:
                    dd:f7:42:23:e0:9d:3f:89:19:ba:ff:83:61:fb:0f:
                    49:75:26:9a:19:56:83:26:6d:06:b9:6d:aa:09:45:
                    29:14:09:d9:c0:3a:02:a8:6f:a7:71:25:22:93:b7:
                    1e:0b:5a:b0:d0:70:99:7b:52:3f:dd:92:52:d8:41:
                    4f:31:8a:85:5a:ca:da:3f:8c:b2:85:ea:43:cd:8b:
                    fc:7b:47:05:1d:29:68:cf:02:9d:25:5d:f6:f3:d9:
                    cb:5e:f5:92:ca:52:89:d2:26:55:26:b2:65:d1:8a:
                    9f:c0:91:af:c3:7a:82:16:39:3a:d7:bc:e2:11:93:
                    14:62:9b:1c:00:a9:ed:6a:f6:c8:80:7c:5e:15:8a:
                    e4:56:0c:f9:6f:d0:d2:2f:92:77:8b:2d:de:e2:ac:
                    cf:fd:7e:cc:9b:0a:a7:5b:e6:f0:46:62:6a:4b:1e:
                    d9:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:35:9E:61:54:65:20:94:38:7B:1B:AD:E0:8E:B9:3D:5D:57:4D:22
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/52961c5b-08b6-4825-b8a2-fc1767c29f2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.224.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:d1:e8:b1:c5:34:99:4e:80:8e:d7:27:5f:e3:9c:e8:16:5a:
         d4:1a:5f:4c:20:f9:da:f6:b6:73:76:7b:9b:8d:c7:1d:96:45:
         65:b5:0c:c0:8a:81:ce:7d:34:c5:0a:7b:d5:a8:7f:36:86:bd:
         ae:aa:64:9f:ba:59:4f:6f:51:cd:e0:e1:53:54:2f:b1:b0:e3:
         4e:6b:51:70:7f:b8:9c:53:ef:c4:09:49:5f:cc:48:3e:e5:36:
         f0:d8:6f:ba:80:6a:31:a8:79:c1:c8:4f:b0:42:d7:e0:48:62:
         37:e1:28:6a:d0:51:f6:80:f3:4a:d5:ec:da:b0:6c:63:45:a1:
         75:e3:c6:df:cd:1b:02:0c:29:fb:71:06:ea:4f:71:05:30:fb:
         4d:2d:40:6b:af:6f:ee:28:8e:a4:39:0c:96:50:2c:d7:ce:05:
         59:76:32:62:40:59:49:4c:90:56:3f:01:97:b3:b5:ce:6e:ba:
         84:f4:1a:41:85:84:f2:0f:b4:59:4a:fd:3e:d7:84:7d:14:ad:
         64:ff:b8:0c:87:98:06:c6:38:69:3b:0b:07:1f:91:e6:7c:83:
         14:36:36:28:18:bf:6c:ef:77:8c:31:29:50:c8:64:3a:bb:c6:
         7a:6c:0b:6d:65:a9:57:5c:ba:59:ee:85:d4:90:bf:aa:69:8c:
         e7:19:2e:b7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVIXKadgxJHglCNFhbjJo8tpXAHUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTQzMTE4WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYmIyZWM1Mzg2MjczZTVmOGFlZmQxYjM2OTBiYTNlM2Jm
ZTNjYmRhNmE5MjQ1NTRhOTQ2MWZlOThlYmE1Mjg0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCp4QYmmaU9bRYzujKjJuVCzA5ztI6QElTTkoB2xuq2wdDS
2UTfrPcAdm52V8OMs2m1yclrTbngdQssLis/kvoe5+GAe6yU5aMM4PyZFmQD0bzG
kFOuKyYPEd33QiPgnT+JGbr/g2H7D0l1JpoZVoMmbQa5baoJRSkUCdnAOgKob6dx
JSKTtx4LWrDQcJl7Uj/dklLYQU8xioVayto/jLKF6kPNi/x7RwUdKWjPAp0lXfbz
2cte9ZLKUonSJlUmsmXRip/Aka/DeoIWOTrXvOIRkxRimxwAqe1q9siAfF4ViuRW
DPlv0NIvkneLLd7irM/9fsybCqdb5vBGYmpLHtl5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2zWeYVRlIJQ4exut4I65PV1XTSIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUyOTYxYzViLTA4YjYtNDgyNS1iOGEyLWZjMTc2N2MyOWYyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIN4PgwDQYJKoZIhvcNAQELBQADggEBAIvR6LHFNJlOgI7XJ1/jnOgWWtQa
X0wg+dr2tnN2e5uNxx2WRWW1DMCKgc59NMUKe9WofzaGva6qZJ+6WU9vUc3g4VNU
L7Gw405rUXB/uJxT78QJSV/MSD7lNvDYb7qAajGoecHIT7BC1+BIYjfhKGrQUfaA
80rV7NqwbGNFoXXjxt/NGwIMKftxBupPcQUw+00tQGuvb+4ojqQ5DJZQLNfOBVl2
MmJAWUlMkFY/AZeztc5uuoT0GkGFhPIPtFlK/T7XhH0UrWT/uAyHmAbGOGk7Cwcf
keZ8gxQ2NigYv2zvd4wxKVDIZDq7xnpsC21lqVdculnuhdSQv6ppjOcZLrc=
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:08:53 2025 by rpki-client