Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5e89fd2c-5358-4ba7-88be-0937f937eb83.roa
File:                     5e89fd2c-5358-4ba7-88be-0937f937eb83.roa (raw, json)
Hash identifier:          64UWt4YESQfhiYAlKvj2RFaRc7ugBiJ2H0JEvzDdp3o=
Subject key identifier:   61:F6:A0:C0:A1:AC:9B:09:39:CA:A3:83:99:29:3A:91:A4:2D:C8:C3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       239D9DC0A658F7536A206E12AE1D223CDD40973C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5e89fd2c-5358-4ba7-88be-0937f937eb83.roa
Signing time:             Sun 19 Oct 2025 18:33:51 +0000
ROA not before:           Sun 19 Oct 2025 18:33:51 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.225.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:9d:9d:c0:a6:58:f7:53:6a:20:6e:12:ae:1d:22:3c:dd:40:97:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 18:33:51 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=973061dfd81bb7ee72f736c6835dadf81a694b3ee3bcdec84e450ec6933aeca2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:3a:fc:f6:e7:60:61:18:e0:96:66:06:65:18:
                    7f:7d:44:a8:71:86:8c:e1:68:fa:67:8d:29:4f:56:
                    85:44:28:8c:5d:0f:0c:22:85:db:c6:07:08:77:79:
                    61:cd:9b:a9:e6:d3:84:58:b8:39:0e:01:3a:cd:a1:
                    e6:90:b3:13:7e:98:83:e2:6e:44:83:5d:58:f7:cb:
                    23:c8:06:96:1c:f6:ae:b3:3f:23:b6:ff:2c:d5:60:
                    13:50:1a:80:9f:c1:62:6b:1d:0c:d6:23:26:eb:44:
                    cb:60:44:ff:6b:e9:60:db:20:52:5d:82:40:34:db:
                    8f:b4:47:61:ba:3d:ab:cd:63:42:82:f9:7a:54:14:
                    41:a3:7e:57:2c:4d:50:fa:b8:8b:e7:36:a8:d8:2d:
                    17:8d:1b:95:e6:d8:d8:2e:09:a5:a3:9b:f5:7d:50:
                    03:ee:2b:d4:64:f7:27:05:b8:69:8b:32:81:77:61:
                    46:21:3f:b4:83:5e:10:25:63:6a:f3:02:66:dc:29:
                    26:af:d1:9e:eb:0a:5a:03:86:4c:49:2e:dd:d9:59:
                    53:c6:40:fe:a2:a9:47:06:45:75:d3:a9:bf:83:5f:
                    1c:d9:09:28:6e:8b:5d:97:8f:2f:f2:05:db:99:cf:
                    50:24:79:96:e8:d7:49:db:5b:ee:bb:9b:09:10:d6:
                    25:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:F6:A0:C0:A1:AC:9B:09:39:CA:A3:83:99:29:3A:91:A4:2D:C8:C3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5e89fd2c-5358-4ba7-88be-0937f937eb83.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.225.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:97:eb:8d:0b:b3:43:79:8e:32:5b:57:43:91:7b:b5:b0:f3:
         c9:1c:80:c0:5f:3f:37:99:00:44:e6:a4:94:af:8e:0b:54:57:
         17:8a:ec:77:2f:e7:86:e9:01:a7:f6:ac:d2:d6:eb:33:7d:1e:
         d3:3e:0c:5d:88:0d:54:06:66:3d:fb:f8:f4:1e:dc:a1:79:ed:
         f3:88:68:4e:52:35:d3:b7:7a:9e:93:ea:d8:49:37:f5:3f:7f:
         1b:11:47:23:02:fc:a7:22:39:8b:1e:6e:a3:b3:ef:96:5b:69:
         6e:f5:cb:15:81:06:a7:b6:bc:99:9a:f6:d3:06:e5:48:4f:eb:
         3e:6f:5c:48:5a:80:70:18:71:1b:79:cf:61:f0:0f:90:ff:81:
         be:38:33:d8:97:99:72:54:d1:fa:cf:34:c1:f8:4d:39:9a:cd:
         2c:e6:67:e2:96:d5:ea:a5:37:ec:42:02:d0:af:9b:ee:77:92:
         cf:55:96:c6:15:79:63:4e:39:a7:21:b3:be:36:c7:d6:5a:de:
         65:59:b7:69:a2:9a:fa:dd:ad:30:ad:03:2d:0e:fc:aa:da:9d:
         bd:79:ec:c1:21:bf:f8:eb:40:74:87:1b:71:6d:47:b4:f2:35:
         1d:08:fc:57:62:c4:b1:72:e7:7c:69:00:5f:df:82:45:b0:ed:
         e7:ae:eb:54
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI52dwKZY91NqIG4Srh0iPN1AlzwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTgzMzUxWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NzMwNjFkZmQ4MWJiN2VlNzJmNzM2YzY4MzVkYWRmODFh
Njk0YjNlZTNiY2RlYzg0ZTQ1MGVjNjkzM2FlY2EyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNOvz252BhGOCWZgZlGH99RKhxhozhaPpnjSlPVoVEKIxd
DwwihdvGBwh3eWHNm6nm04RYuDkOATrNoeaQsxN+mIPibkSDXVj3yyPIBpYc9q6z
PyO2/yzVYBNQGoCfwWJrHQzWIybrRMtgRP9r6WDbIFJdgkA024+0R2G6PavNY0KC
+XpUFEGjflcsTVD6uIvnNqjYLReNG5Xm2NguCaWjm/V9UAPuK9Rk9ycFuGmLMoF3
YUYhP7SDXhAlY2rzAmbcKSav0Z7rCloDhkxJLt3ZWVPGQP6iqUcGRXXTqb+DXxzZ
CShui12Xjy/yBduZz1AkeZbo10nbW+67mwkQ1iUxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYfagwKGsmwk5yqODmSk6kaQtyMMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVlODlmZDJjLTUzNTgtNGJhNy04OGJlLTA5MzdmOTM3ZWI4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN4fMwDQYJKoZIhvcNAQELBQADggEBABGX640Ls0N5jjJbV0ORe7Ww88kc
gMBfPzeZAETmpJSvjgtUVxeK7Hcv54bpAaf2rNLW6zN9HtM+DF2IDVQGZj37+PQe
3KF57fOIaE5SNdO3ep6T6thJN/U/fxsRRyMC/KciOYsebqOz75ZbaW71yxWBBqe2
vJma9tMG5UhP6z5vXEhagHAYcRt5z2HwD5D/gb44M9iXmXJU0frPNMH4TTmazSzm
Z+KW1eqlN+xCAtCvm+53ks9VlsYVeWNOOachs742x9Za3mVZt2mimvrdrTCtAy0O
/Kranb157MEhv/jrQHSHG3FtR7TyNR0I/FdixLFy53xpAF/fgkWw7eeu61Q=
-----END CERTIFICATE-----