Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/783ff5b4-12af-4347-a4f2-67e80017084e.roa
File:                     783ff5b4-12af-4347-a4f2-67e80017084e.roa (raw, json)
Hash identifier:          njblZxj4Ckzu1wBacagY/4AofY90J73lnG+WB+55y1k=
Subject key identifier:   FE:58:48:96:00:51:7D:3C:CF:AC:6C:72:EC:37:F0:58:C1:CE:DC:52
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       387FD66DFF5E7BC74186F1ECF9B4D29FF895A8EA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/783ff5b4-12af-4347-a4f2-67e80017084e.roa
Signing time:             Sat 18 Oct 2025 11:12:32 +0000
ROA not before:           Sat 18 Oct 2025 11:12:32 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.249.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:7f:d6:6d:ff:5e:7b:c7:41:86:f1:ec:f9:b4:d2:9f:f8:95:a8:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 11:12:32 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=8c5bf5c2d8bc792a52a19d0772fc965bcfbbee56ab28ead508a24a0a650b1b1c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:28:71:20:7a:8d:1d:20:9b:9b:b7:ba:b5:f6:
                    8e:c5:be:24:c0:21:83:d4:fe:a0:03:71:81:30:b8:
                    08:05:f2:6c:51:06:5e:95:9b:7f:f8:f3:d8:e7:f9:
                    c0:a7:07:d1:3c:90:b7:6e:67:ce:31:be:2d:73:29:
                    e9:93:79:92:f3:2d:d1:4f:66:1f:41:05:8c:96:37:
                    68:24:69:fd:00:69:4d:e4:be:8d:11:0d:03:ca:bd:
                    fa:17:77:3b:ec:57:e6:c5:83:45:ad:eb:6d:c6:12:
                    f8:b4:ff:8a:8b:d7:d3:f9:f2:0e:b1:a9:d0:12:b1:
                    98:4e:e4:3f:08:66:9f:44:8a:25:5a:b2:c3:d9:cb:
                    85:e3:35:b9:62:2a:21:79:00:59:74:24:ce:60:12:
                    56:7f:36:f5:5a:bf:47:e7:54:01:62:60:11:e6:ad:
                    be:35:fe:44:68:57:ad:b8:82:75:77:8a:45:30:60:
                    4e:38:b8:18:c0:c4:53:2a:55:ec:0e:b7:e2:3b:ff:
                    34:d8:a1:58:33:f6:d3:5b:6a:89:ba:a0:1b:b5:3c:
                    0e:95:4d:00:fc:38:a9:41:23:ec:75:9b:76:9f:18:
                    01:68:ac:15:02:0e:d8:56:93:85:d5:3c:e0:03:cd:
                    e7:b4:a3:d2:7c:fb:3a:5e:cf:3f:1e:6e:4b:10:65:
                    a7:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:58:48:96:00:51:7D:3C:CF:AC:6C:72:EC:37:F0:58:C1:CE:DC:52
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/783ff5b4-12af-4347-a4f2-67e80017084e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.249.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:0f:02:ab:58:a7:1b:bf:4a:e8:17:2d:58:7e:d5:6f:10:22:
         da:cd:12:22:b0:2a:17:be:be:ca:8b:bc:7f:f8:e6:f5:57:7b:
         42:e2:ff:2d:b2:72:f2:78:2b:ab:01:c3:1a:12:74:fe:15:6e:
         01:8e:62:57:21:c2:8a:49:a1:bc:7a:a5:fd:5e:89:16:52:54:
         ca:f0:5b:a1:98:32:02:aa:7c:9a:36:b9:f7:4d:70:36:4b:75:
         5e:cb:b9:0e:7e:7f:49:eb:cf:45:36:20:f6:c7:92:2b:34:75:
         02:77:54:71:01:2f:e3:47:7d:24:ba:6f:7f:0f:85:9d:2a:6d:
         92:8f:45:06:ae:a5:01:32:d4:74:60:8f:ed:b9:ff:0d:d6:87:
         c2:6a:2d:50:2e:e4:88:25:c4:9f:64:90:34:8b:6d:83:81:63:
         f9:14:08:a1:77:d6:33:03:29:29:20:4a:b7:33:85:5c:24:cb:
         36:ec:08:43:15:93:b6:09:3a:ee:93:2a:58:67:20:fe:e5:67:
         76:70:22:4a:4a:40:80:54:8b:4d:7b:07:57:6e:20:82:2e:d5:
         fe:6e:8f:8d:4d:d0:aa:56:d8:0a:f6:2d:b2:9a:f4:a4:ec:d2:
         84:e9:e6:9e:5a:9f:e1:ca:4c:46:3f:2a:4c:95:8e:29:53:c7:
         c4:a4:c8:82
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOH/Wbf9ee8dBhvHs+bTSn/iVqOowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTExMjMyWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YzViZjVjMmQ4YmM3OTJhNTJhMTlkMDc3MmZjOTY1YmNm
YmJlZTU2YWIyOGVhZDUwOGEyNGEwYTY1MGIxYjFjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1KHEgeo0dIJubt7q19o7FviTAIYPU/qADcYEwuAgF8mxR
Bl6Vm3/489jn+cCnB9E8kLduZ84xvi1zKemTeZLzLdFPZh9BBYyWN2gkaf0AaU3k
vo0RDQPKvfoXdzvsV+bFg0Wt623GEvi0/4qL19P58g6xqdASsZhO5D8IZp9EiiVa
ssPZy4XjNbliKiF5AFl0JM5gElZ/NvVav0fnVAFiYBHmrb41/kRoV624gnV3ikUw
YE44uBjAxFMqVewOt+I7/zTYoVgz9tNbaom6oBu1PA6VTQD8OKlBI+x1m3afGAFo
rBUCDthWk4XVPOADzee0o9J8+zpezz8ebksQZafbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/lhIlgBRfTzPrGxy7DfwWMHO3FIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc4M2ZmNWI0LTEyYWYtNDM0Ny1hNGYyLTY3ZTgwMDE3MDg0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIN+cgwDQYJKoZIhvcNAQELBQADggEBABIPAqtYpxu/SugXLVh+1W8QItrN
EiKwKhe+vsqLvH/45vVXe0Li/y2ycvJ4K6sBwxoSdP4VbgGOYlchwopJobx6pf1e
iRZSVMrwW6GYMgKqfJo2ufdNcDZLdV7LuQ5+f0nrz0U2IPbHkis0dQJ3VHEBL+NH
fSS6b38PhZ0qbZKPRQaupQEy1HRgj+25/w3Wh8JqLVAu5IglxJ9kkDSLbYOBY/kU
CKF31jMDKSkgSrczhVwkyzbsCEMVk7YJOu6TKlhnIP7lZ3ZwIkpKQIBUi017B1du
IIIu1f5uj41N0KpW2Ar2LbKa9KTs0oTp5p5an+HKTEY/KkyVjilTx8SkyII=
-----END CERTIFICATE-----