Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/69fc5239-7e27-4f05-a870-f712402b7d30.roa
File:                     69fc5239-7e27-4f05-a870-f712402b7d30.roa (raw, json)
Hash identifier:          moZ7tYCfJuqgshpneKEsesXpsAk+wlI7LFDM8UZZ3AA=
Subject key identifier:   3D:66:F5:4E:05:3B:68:23:FC:03:35:2B:CE:92:53:91:ED:B6:2D:DD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5E8C85766EF39E155617FFA50BA4044FB541DBDD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/69fc5239-7e27-4f05-a870-f712402b7d30.roa
Signing time:             Sun 19 Oct 2025 21:52:25 +0000
ROA not before:           Sun 19 Oct 2025 21:52:25 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.225.98.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:8c:85:76:6e:f3:9e:15:56:17:ff:a5:0b:a4:04:4f:b5:41:db:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 21:52:25 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=0b3aac923f14ecd4796fc7b8e30f142cd2a96ff7ee8fcc134ef6dcef233957dd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:cd:09:3a:bc:ec:1b:26:d0:dd:0c:a1:25:bb:
                    84:ce:d9:52:00:b2:3a:19:01:74:31:32:08:b4:fa:
                    18:52:3b:da:18:cb:92:50:10:7d:0c:8a:05:c0:b8:
                    54:b9:83:0f:9b:47:2a:f3:f8:79:83:80:e2:35:5b:
                    ab:84:7b:c6:17:84:fa:19:93:33:38:14:fc:48:de:
                    ec:ce:57:26:01:08:d6:11:2a:a2:08:f1:15:77:d2:
                    b6:a5:98:bc:d3:24:1f:7d:4a:8f:13:b9:f5:a1:35:
                    1f:1b:6d:ec:47:0e:5e:0a:69:f9:bd:2c:fd:37:d0:
                    d7:c0:e4:f0:0b:f3:22:da:26:c6:6c:6d:82:de:6e:
                    5a:bb:06:d0:df:3b:5d:bf:4f:14:a0:2e:51:dd:85:
                    18:ed:61:57:26:92:b8:b2:ec:a3:9f:ae:e6:da:d5:
                    f0:e9:7b:e7:f1:5d:2f:0f:bf:63:a1:33:89:a1:de:
                    e0:e6:64:49:3a:ed:ab:29:53:ad:5d:60:42:39:58:
                    2e:a2:01:58:38:61:f5:f4:0b:2c:d3:98:64:ba:f3:
                    be:96:bc:af:73:3d:a0:74:fa:b7:e0:ba:7a:0c:5c:
                    39:1b:5c:4d:e4:63:a4:e4:de:15:96:37:b4:f7:83:
                    6a:50:3c:cf:d8:0a:5e:bb:94:f3:e7:46:b3:66:49:
                    b9:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:66:F5:4E:05:3B:68:23:FC:03:35:2B:CE:92:53:91:ED:B6:2D:DD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/69fc5239-7e27-4f05-a870-f712402b7d30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.225.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:0a:80:06:1f:2b:6f:63:8b:d9:b4:7e:34:20:88:e9:26:71:
         91:9d:ab:cf:a0:b9:ef:4b:f4:ab:06:2e:ed:cd:ff:ad:11:60:
         74:3a:13:4e:c6:40:0f:b5:49:9a:f2:32:c8:05:75:87:af:f6:
         ec:86:44:d7:04:64:31:d0:fe:9d:5a:40:d2:bb:4b:bc:47:88:
         e6:00:65:24:20:9b:c1:0c:ba:cb:a0:63:53:2c:07:52:80:4a:
         b3:23:2a:be:e6:b0:2e:d6:ab:df:9f:35:f9:ec:d2:df:28:32:
         d6:73:fb:2d:1a:65:87:bd:bc:49:8f:12:d1:d7:ef:6a:33:19:
         8b:7e:b0:b0:11:04:ba:26:a4:a0:ff:3d:c0:11:1c:a5:f8:e8:
         5a:f2:a8:8e:fb:57:45:2c:51:ee:4b:80:09:cd:dd:c3:11:04:
         81:57:39:16:bc:f8:47:06:6c:47:92:6a:fe:b0:a6:34:18:0e:
         b2:92:63:b9:6c:3b:08:30:6b:fd:45:ee:64:13:45:1b:22:59:
         41:b7:11:dd:12:6c:9a:34:4f:c8:53:b9:e5:bb:c7:d4:a5:c0:
         5f:51:6a:4f:98:37:e2:47:a1:32:85:3d:d9:5c:2f:21:17:11:
         9c:c1:29:76:10:03:7c:ac:2f:95:0c:bf:dd:3f:7d:21:25:af:
         a7:b4:46:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXoyFdm7znhVWF/+lC6QET7VB290wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjE1MjI1WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjNhYWM5MjNmMTRlY2Q0Nzk2ZmM3YjhlMzBmMTQyY2Qy
YTk2ZmY3ZWU4ZmNjMTM0ZWY2ZGNlZjIzMzk1N2RkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxzQk6vOwbJtDdDKElu4TO2VIAsjoZAXQxMgi0+hhSO9oY
y5JQEH0MigXAuFS5gw+bRyrz+HmDgOI1W6uEe8YXhPoZkzM4FPxI3uzOVyYBCNYR
KqII8RV30ralmLzTJB99So8TufWhNR8bbexHDl4Kafm9LP030NfA5PAL8yLaJsZs
bYLeblq7BtDfO12/TxSgLlHdhRjtYVcmkriy7KOfruba1fDpe+fxXS8Pv2OhM4mh
3uDmZEk67aspU61dYEI5WC6iAVg4YfX0CyzTmGS6876WvK9zPaB0+rfgunoMXDkb
XE3kY6Tk3hWWN7T3g2pQPM/YCl67lPPnRrNmSblBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPWb1TgU7aCP8AzUrzpJTke22Ld0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY5ZmM1MjM5LTdlMjctNGYwNS1hODcwLWY3MTI0MDJiN2QzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEN4WIwDQYJKoZIhvcNAQELBQADggEBAHQKgAYfK29ji9m0fjQgiOkmcZGd
q8+gue9L9KsGLu3N/60RYHQ6E07GQA+1SZryMsgFdYev9uyGRNcEZDHQ/p1aQNK7
S7xHiOYAZSQgm8EMusugY1MsB1KASrMjKr7msC7Wq9+fNfns0t8oMtZz+y0aZYe9
vEmPEtHX72ozGYt+sLARBLompKD/PcARHKX46FryqI77V0UsUe5LgAnN3cMRBIFX
ORa8+EcGbEeSav6wpjQYDrKSY7lsOwgwa/1F7mQTRRsiWUG3Ed0SbJo0T8hTueW7
x9SlwF9Rak+YN+JHoTKFPdlcLyEXEZzBKXYQA3ysL5UMv90/fSElr6e0Rk8=
-----END CERTIFICATE-----