Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8df963fc-9050-42be-a7fc-a651c2a4e9e0.roa
File:                     8df963fc-9050-42be-a7fc-a651c2a4e9e0.roa (raw, json)
Hash identifier:          csEEmP5aMg0vFMbGXj54V6VybDtawNnmoFKZ3q5+XlQ=
Subject key identifier:   3E:F7:9E:88:73:E7:5F:9B:AE:B0:57:31:A5:F8:3E:0A:35:01:E2:E9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5AAFC6F98FE4BDF040242F77371642D028099DF6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8df963fc-9050-42be-a7fc-a651c2a4e9e0.roa
Signing time:             Sun 19 Oct 2025 21:10:09 +0000
ROA not before:           Sun 19 Oct 2025 21:10:09 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.227.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:af:c6:f9:8f:e4:bd:f0:40:24:2f:77:37:16:42:d0:28:09:9d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 21:10:09 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=8d203d2c64f1c7520055e8265799c6770ef713d2f366a40644c003ea4d24fc34, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8b:61:d6:5b:b9:b3:3c:79:52:b0:1b:a2:d6:
                    ff:33:5d:54:9e:65:c5:4f:67:fd:f1:8a:72:35:e5:
                    97:9a:03:6e:0d:19:d7:5c:99:a6:df:91:65:7e:35:
                    9d:9c:b2:a4:4c:96:c8:a5:90:39:93:45:74:dd:69:
                    6f:2c:e8:b9:8c:1a:9a:f4:31:7a:a6:be:35:05:f0:
                    4c:92:9e:2b:d4:a2:78:9f:33:6f:7c:d0:9b:b4:cb:
                    9f:f0:93:bd:5b:19:7d:cf:24:1c:7c:95:82:37:52:
                    10:0f:95:75:6e:2b:63:26:e9:c0:43:89:5f:21:a7:
                    1a:bb:97:18:4d:eb:ef:85:a9:c2:c6:8e:c8:c5:7c:
                    5e:e6:7e:52:81:c8:95:82:39:c2:39:75:01:d5:22:
                    d2:0a:06:24:69:8d:26:17:fa:b8:73:6a:f0:c0:ac:
                    9d:6e:a9:26:aa:87:a7:8a:3f:88:90:b8:1a:dc:13:
                    d4:6c:bb:2f:e0:6d:a6:ad:e8:00:d8:d4:db:4a:b3:
                    02:43:7e:5b:d5:9e:4c:d4:91:61:eb:db:7e:ee:5e:
                    e1:5b:a5:b1:39:de:ae:c4:e4:a6:be:58:e4:7a:4d:
                    a4:a3:66:ce:3d:4f:0a:8f:af:70:06:0c:ad:2d:56:
                    f3:64:df:1a:07:55:b3:a4:29:15:c6:ec:2f:a0:91:
                    5d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:F7:9E:88:73:E7:5F:9B:AE:B0:57:31:A5:F8:3E:0A:35:01:E2:E9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8df963fc-9050-42be-a7fc-a651c2a4e9e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.227.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:5f:a9:21:94:e8:c5:49:d1:52:6b:6c:d2:ea:88:e2:d0:bc:
         27:2f:c5:7b:c4:95:6b:49:84:f3:1b:27:4b:a7:f5:9f:50:21:
         60:d2:14:95:0f:93:28:ec:3c:c4:77:9e:e5:d4:5b:cd:54:fb:
         c5:53:e7:5d:19:c6:98:42:7a:bf:de:df:47:93:98:bd:d8:f5:
         e7:0d:a2:4a:1d:08:ed:ef:49:9d:fc:a4:5a:f8:9c:34:8a:bf:
         c6:62:68:c2:b4:a1:61:19:7f:64:50:6f:2c:9e:47:50:5f:1b:
         62:dd:cf:a1:4e:3f:bc:c3:95:0e:1e:a5:a3:9a:02:a3:de:13:
         0e:3f:03:00:a0:6e:0c:62:32:3d:d2:1d:8e:be:f3:c1:89:6a:
         cc:b0:b7:bf:83:3a:c0:d0:c6:f9:9a:50:f5:69:13:a9:66:8b:
         39:b6:fe:3b:58:56:f0:07:22:63:44:5b:78:71:47:4a:99:15:
         71:26:8c:93:57:7d:fd:f0:ac:5f:3f:6e:de:2c:75:fc:79:44:
         01:3b:6c:ce:a3:9e:56:51:06:c4:be:a5:20:f0:78:d0:14:ba:
         b3:9c:ee:49:7a:81:2d:be:36:20:da:ef:9a:c0:4d:12:54:fa:
         32:80:4b:2a:ff:80:82:3f:ca:71:3c:c0:1f:d2:49:4f:29:d4:
         59:09:97:86
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWq/G+Y/kvfBAJC93NxZC0CgJnfYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjExMDA5WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZDIwM2QyYzY0ZjFjNzUyMDA1NWU4MjY1Nzk5YzY3NzBl
ZjcxM2QyZjM2NmE0MDY0NGMwMDNlYTRkMjRmYzM0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoi2HWW7mzPHlSsBui1v8zXVSeZcVPZ/3xinI15ZeaA24N
GddcmabfkWV+NZ2csqRMlsilkDmTRXTdaW8s6LmMGpr0MXqmvjUF8EySnivUonif
M2980Ju0y5/wk71bGX3PJBx8lYI3UhAPlXVuK2Mm6cBDiV8hpxq7lxhN6++FqcLG
jsjFfF7mflKByJWCOcI5dQHVItIKBiRpjSYX+rhzavDArJ1uqSaqh6eKP4iQuBrc
E9Rsuy/gbaat6ADY1NtKswJDflvVnkzUkWHr237uXuFbpbE53q7E5Ka+WOR6TaSj
Zs49TwqPr3AGDK0tVvNk3xoHVbOkKRXG7C+gkV0ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPveeiHPnX5uusFcxpfg+CjUB4ukwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhkZjk2M2ZjLTkwNTAtNDJiZS1hN2ZjLWE2NTFjMmE0ZTllMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN4zkwDQYJKoZIhvcNAQELBQADggEBAJNfqSGU6MVJ0VJrbNLqiOLQvCcv
xXvElWtJhPMbJ0un9Z9QIWDSFJUPkyjsPMR3nuXUW81U+8VT510ZxphCer/e30eT
mL3Y9ecNokodCO3vSZ38pFr4nDSKv8ZiaMK0oWEZf2RQbyyeR1BfG2Ldz6FOP7zD
lQ4epaOaAqPeEw4/AwCgbgxiMj3SHY6+88GJasywt7+DOsDQxvmaUPVpE6lmizm2
/jtYVvAHImNEW3hxR0qZFXEmjJNXff3wrF8/bt4sdfx5RAE7bM6jnlZRBsS+pSDw
eNAUurOc7kl6gS2+NiDa75rATRJU+jKASyr/gII/ynE8wB/SSU8p1FkJl4Y=
-----END CERTIFICATE-----