Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/94feebd9-f139-405b-8e25-5390cfd4af05.roa
File:                     94feebd9-f139-405b-8e25-5390cfd4af05.roa (raw, json)
Hash identifier:          0cuYMVLcMlBxOQCWL0NFGI5Nhl3wp2SW66lv1N/3tdw=
Subject key identifier:   DB:6E:A6:D3:4B:0F:13:65:A0:D0:FC:6D:3E:92:65:7E:F2:0E:DC:CF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7E81D67329BD90666D7A4A258750159E7CC7ADB0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/94feebd9-f139-405b-8e25-5390cfd4af05.roa
Signing time:             Sun 19 Oct 2025 22:02:33 +0000
ROA not before:           Sun 19 Oct 2025 22:02:33 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.35.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:81:d6:73:29:bd:90:66:6d:7a:4a:25:87:50:15:9e:7c:c7:ad:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 22:02:33 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=5826e0ea0e8512734c0b04963529f5b9e305806de78802ef90061e4e77d9dac9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:29:f7:2d:95:34:65:26:8c:8e:6a:56:6c:5d:
                    8f:eb:d5:42:88:cf:ac:bc:ff:a9:8e:3f:d8:7b:d8:
                    cb:f0:e6:0c:ab:e5:a5:18:0e:4a:c1:d2:27:88:82:
                    62:98:dd:ae:a6:6d:ed:7c:69:bb:62:78:30:db:6c:
                    fe:4e:69:c7:70:23:0f:f9:72:a8:39:ac:dc:30:cd:
                    4c:03:96:4b:3b:d6:42:b1:27:e1:7f:12:00:63:a2:
                    d0:1f:7d:bf:a3:a2:e3:c5:8b:97:aa:20:bf:46:56:
                    e3:4e:7e:ea:e3:83:0a:15:b1:9b:a9:7e:18:0d:f4:
                    21:75:95:2a:1f:c9:c0:e3:9e:9e:dd:7d:08:07:57:
                    cd:75:1d:9b:3e:f7:aa:56:b0:d4:63:07:9e:3e:84:
                    35:3e:da:f9:d6:4e:dd:2f:d5:1a:f4:08:e6:9a:d9:
                    69:99:f2:79:0c:f8:c9:6b:70:b3:85:11:c2:a4:78:
                    89:7d:90:ce:17:b1:0f:f9:c8:91:f4:8c:0a:46:cd:
                    a6:29:0d:99:00:35:f8:95:06:08:84:81:6a:4a:f6:
                    cd:c1:f2:31:ac:41:44:a4:ea:30:d9:b8:58:34:62:
                    11:86:fb:81:6f:63:95:3d:00:4b:0a:68:57:2e:e0:
                    9d:b7:bf:40:b0:d6:bb:05:bd:75:e7:81:99:7e:d8:
                    46:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:6E:A6:D3:4B:0F:13:65:A0:D0:FC:6D:3E:92:65:7E:F2:0E:DC:CF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/94feebd9-f139-405b-8e25-5390cfd4af05.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.35.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:c4:e0:26:3a:88:5d:c3:4e:84:57:df:2f:73:22:a7:a0:55:
         29:f3:d9:eb:4a:85:d9:59:3c:e3:54:82:99:92:7d:0c:83:96:
         88:74:7f:51:26:a9:e5:fb:36:70:2c:fd:c3:63:98:9b:66:fd:
         b3:19:45:4f:11:e7:1f:5b:43:a5:ec:e5:dd:69:78:ef:b1:85:
         32:bf:60:2f:cc:54:15:27:78:38:e5:20:0e:c6:87:cf:1e:64:
         de:ca:4e:6a:b9:7e:9a:c6:31:5a:13:b1:d6:e7:6f:cd:75:11:
         53:e8:7a:e2:72:ef:b8:94:ec:40:b2:15:46:6a:d1:58:ed:c0:
         ce:79:18:60:31:52:07:27:97:e1:5b:1d:5a:9e:24:e3:80:1e:
         4b:58:9e:4d:b2:3b:b0:02:69:4a:04:ef:93:90:67:f7:59:eb:
         3a:4d:b1:2a:01:41:d6:76:35:48:b1:f8:e8:4e:90:30:1a:11:
         2a:3a:94:0e:6a:68:dc:b5:02:e6:f3:22:66:5a:06:d1:09:73:
         9a:93:6a:93:32:bf:f3:e4:53:a4:70:69:9c:14:c5:90:c5:7a:
         76:b2:aa:1c:16:ba:4c:c7:1c:94:df:ac:92:eb:29:c4:be:e8:
         a0:9d:63:c9:a4:cc:f8:82:99:f1:0f:1a:06:0c:3e:cf:79:62:
         a7:90:17:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfoHWcym9kGZtekolh1AVnnzHrbAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjIwMjMzWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ODI2ZTBlYTBlODUxMjczNGMwYjA0OTYzNTI5ZjViOWUz
MDU4MDZkZTc4ODAyZWY5MDA2MWU0ZTc3ZDlkYWM5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJKfctlTRlJoyOalZsXY/r1UKIz6y8/6mOP9h72Mvw5gyr
5aUYDkrB0ieIgmKY3a6mbe18abtieDDbbP5OacdwIw/5cqg5rNwwzUwDlks71kKx
J+F/EgBjotAffb+jouPFi5eqIL9GVuNOfurjgwoVsZupfhgN9CF1lSofycDjnp7d
fQgHV811HZs+96pWsNRjB54+hDU+2vnWTt0v1Rr0COaa2WmZ8nkM+MlrcLOFEcKk
eIl9kM4XsQ/5yJH0jApGzaYpDZkANfiVBgiEgWpK9s3B8jGsQUSk6jDZuFg0YhGG
+4FvY5U9AEsKaFcu4J23v0Cw1rsFvXXngZl+2EbbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU226m00sPE2Wg0PxtPpJlfvIO3M8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk0ZmVlYmQ5LWYxMzktNDA1Yi04ZTI1LTUzOTBjZmQ0YWYwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANI3gwDQYJKoZIhvcNAQELBQADggEBAKLE4CY6iF3DToRX3y9zIqegVSnz
2etKhdlZPONUgpmSfQyDloh0f1EmqeX7NnAs/cNjmJtm/bMZRU8R5x9bQ6Xs5d1p
eO+xhTK/YC/MVBUneDjlIA7Gh88eZN7KTmq5fprGMVoTsdbnb811EVPoeuJy77iU
7ECyFUZq0VjtwM55GGAxUgcnl+FbHVqeJOOAHktYnk2yO7ACaUoE75OQZ/dZ6zpN
sSoBQdZ2NUix+OhOkDAaESo6lA5qaNy1AubzImZaBtEJc5qTapMyv/PkU6RwaZwU
xZDFenayqhwWukzHHJTfrJLrKcS+6KCdY8mkzPiCmfEPGgYMPs95YqeQF9g=
-----END CERTIFICATE-----