Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/53fd0fa2-7df2-450d-86c8-351d87864b98.roa
File:                     53fd0fa2-7df2-450d-86c8-351d87864b98.roa (raw, json)
Hash identifier:          +kVTleLKveErR7pr7aF24sqHlFcob61ze7uBe3pq4fA=
Subject key identifier:   38:64:6D:3A:77:2C:4C:F2:F5:5E:A1:AC:0B:8D:B5:84:F6:C3:99:FF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       23AC1963A3AB49A0C074F0A90C42E7362587C7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/53fd0fa2-7df2-450d-86c8-351d87864b98.roa
Signing time:             Sun 19 Oct 2025 21:23:56 +0000
ROA not before:           Sun 19 Oct 2025 21:23:56 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.33.0.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:ac:19:63:a3:ab:49:a0:c0:74:f0:a9:0c:42:e7:36:25:87:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 21:23:56 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=b9eb528d1ba4f13becd3cba0bd1e39521bb56bffb758800766dd9395e71dea98, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:38:20:3c:5a:e8:fd:70:67:09:4a:92:93:e4:
                    c1:ab:aa:f9:1b:be:32:1d:8b:3c:2a:2a:84:39:c4:
                    29:54:e8:d7:01:8e:84:05:db:09:40:9c:53:7b:f1:
                    ae:ce:5f:c7:b6:35:dd:59:2c:a3:ad:3e:1e:a8:cf:
                    d6:f1:c0:32:ff:c4:b7:59:be:14:bb:ec:6d:d1:60:
                    13:d5:19:2f:fa:76:c7:2c:9d:86:8f:7e:26:ba:38:
                    08:87:3c:a1:f1:71:a2:05:ef:5f:63:3c:a7:67:46:
                    df:85:64:3e:a9:7a:86:77:d4:5c:bc:f8:5e:f7:a2:
                    64:74:82:74:a2:13:ef:4f:be:21:f0:06:77:7f:a8:
                    34:07:3f:cf:c0:95:86:33:0a:6c:e8:87:38:95:ae:
                    73:f6:3a:49:1e:db:18:56:68:59:71:ed:11:9e:ef:
                    71:e3:47:9c:6b:da:a0:f0:fa:41:dd:fa:07:ef:75:
                    80:a0:dd:95:ce:06:0b:5d:31:e0:01:76:3b:3f:13:
                    1d:9a:d1:62:20:7d:34:b7:5e:66:42:2c:cf:f0:3b:
                    65:af:83:ff:75:a9:fb:d8:fb:e8:d3:cc:cf:a6:e8:
                    8d:fd:7a:f1:18:3e:45:7d:2f:8a:12:35:74:cd:a1:
                    39:14:5c:ec:71:4f:8d:13:c7:69:50:d7:6f:39:ce:
                    65:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:64:6D:3A:77:2C:4C:F2:F5:5E:A1:AC:0B:8D:B5:84:F6:C3:99:FF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/53fd0fa2-7df2-450d-86c8-351d87864b98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.33.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3e:6b:2f:8e:26:77:6b:6d:3c:25:cd:97:d2:52:da:49:e1:70:
         b8:72:cb:7f:86:84:e8:67:7a:50:97:06:74:5b:2c:4f:21:b5:
         97:48:60:75:79:30:f8:99:36:d1:20:a5:97:2f:0d:dc:c9:53:
         02:ac:0f:37:70:85:ed:ca:3d:aa:48:33:31:9b:6c:33:a5:61:
         d4:3f:33:7e:46:1d:b5:d8:26:93:c6:61:52:20:a1:cc:67:6f:
         67:a2:62:8b:64:d5:45:4c:29:e3:27:52:a8:77:93:ac:86:b3:
         be:a4:0e:04:2f:0f:67:5a:bb:0c:17:78:59:c8:02:dd:69:f3:
         c4:e9:92:fa:c8:5e:be:cc:46:02:4e:4f:8f:ec:b9:db:bd:2a:
         59:ca:63:ea:c0:b5:92:b5:a3:32:d9:9e:d0:c8:11:95:69:23:
         30:7e:47:a4:6d:19:58:c5:63:09:30:21:c5:a3:2c:1b:1d:0e:
         f4:7a:8c:27:7f:f0:21:e4:e2:74:15:0a:11:81:c1:b7:12:46:
         27:18:21:4c:d3:80:a3:f7:e5:15:e5:09:cc:97:15:62:f2:bf:
         8f:12:b1:5e:4d:c8:98:39:bc:45:73:35:c9:6d:07:76:bc:74:
         e5:0b:2c:06:23:08:4e:23:cd:17:71:05:e3:2d:a1:4d:75:23:
         0c:e3:8e:35
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITI6wZY6OrSaDAdPCpDELnNiWHxzANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzJkZjZmM2IzYTM0YjYzODZkMWEzMmQ4ZjRmYTMxNzhlZjMx
ODg3ZDhiNDI4ZGZhYTQ3NjAeFw0yNTEwMTkyMTIzNTZaFw0yNTExMjMyMzU5NTla
MHoxSTBHBgNVBAUTQGI5ZWI1MjhkMWJhNGYxM2JlY2QzY2JhMGJkMWUzOTUyMWJi
NTZiZmZiNzU4ODAwNzY2ZGQ5Mzk1ZTcxZGVhOTgxLTArBgNVBAMTJDVmMjc2MDQ1
LTViOWYtNDVlZi05MjNkLWYzZmNlMjRhNjIyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJc4IDxa6P1wZwlKkpPkwauq+Ru+Mh2LPCoqhDnEKVTo1wGO
hAXbCUCcU3vxrs5fx7Y13Vkso60+HqjP1vHAMv/Et1m+FLvsbdFgE9UZL/p2xyyd
ho9+Jro4CIc8ofFxogXvX2M8p2dG34VkPql6hnfUXLz4XveiZHSCdKIT70++IfAG
d3+oNAc/z8CVhjMKbOiHOJWuc/Y6SR7bGFZoWXHtEZ7vceNHnGvaoPD6Qd36B+91
gKDdlc4GC10x4AF2Oz8THZrRYiB9NLdeZkIsz/A7Za+D/3Wp+9j76NPMz6bojf16
8Rg+RX0vihI1dM2hORRc7HFPjRPHaVDXbznOZRUCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBQ4ZG06dyxM8vVeoawLjbWE9sOZ/zAfBgNVHSMEGDAWgBQlrdNCsB63pY6t
GZAmiLVLP4H0uDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzg1MWNlZjE3LTEz
MmEtNDMzNy1iN2QxLWJmMTZhNTJmZmQwMy9kZjZmM2IzYTM0YjYzODZkMWEzMmQ4
ZjRmYTMxNzhlZjMxODg3ZDhiNDI4ZGZhYTQ3Ni5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9mNzAzNjk2ZS1lNDdiLTRjMjAtYmQ5My02Zjgw
OTA0ZTQyZDIvNTNmZDBmYTItN2RmMi00NTBkLTg2YzgtMzUxZDg3ODY0Yjk4LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMt
NmY4MDkwNGU0MmQyL3RqaHRHakxZOVBveGVPOHhpSDJMUW8zNnBIWS5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAw0hADANBgkqhkiG9w0BAQsFAAOCAQEAPmsvjiZ3a208Jc2X0lLaSeFwuHLL
f4aE6Gd6UJcGdFssTyG1l0hgdXkw+Jk20SClly8N3MlTAqwPN3CF7co9qkgzMZts
M6Vh1D8zfkYdtdgmk8ZhUiChzGdvZ6Jii2TVRUwp4ydSqHeTrIazvqQOBC8PZ1q7
DBd4WcgC3WnzxOmS+shevsxGAk5Pj+y5270qWcpj6sC1krWjMtme0MgRlWkjMH5H
pG0ZWMVjCTAhxaMsGx0O9HqMJ3/wIeTidBUKEYHBtxJGJxghTNOAo/flFeUJzJcV
YvK/jxKxXk3ImDm8RXM1yW0Hdrx05QssBiMITiPNF3EF4y2hTXUjDOOONQ==
-----END CERTIFICATE-----