Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/98dfce56-310c-482f-9cc1-d425990a842a.roa
File:                     98dfce56-310c-482f-9cc1-d425990a842a.roa (raw, json)
Hash identifier:          yzizfg616nPV+UnrqG95obY1Lyu7EoZjap+86EDZtI8=
Subject key identifier:   92:4E:11:2C:2F:B5:06:CA:C5:8D:A8:DC:B7:37:E7:9D:C4:78:13:74
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6A939217680AAB5CF2021F5808EE558B86A1D5E3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/98dfce56-310c-482f-9cc1-d425990a842a.roa
Signing time:             Sun 19 Oct 2025 20:20:11 +0000
ROA not before:           Sun 19 Oct 2025 20:20:11 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.33.232.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:93:92:17:68:0a:ab:5c:f2:02:1f:58:08:ee:55:8b:86:a1:d5:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 20:20:11 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=c4daef6335e70a41a1c3c042191dc8902306f0084d0ec3f997d4c54a6237aa35, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:cb:1a:68:90:86:a4:32:ae:4e:e3:82:b2:6a:
                    48:c1:99:27:95:7b:15:11:4a:8b:14:b2:28:1e:2a:
                    8c:3c:37:b1:53:05:4e:da:e3:d2:57:25:00:4e:f6:
                    b6:bf:44:de:ca:c6:fb:99:72:b5:72:53:08:b1:86:
                    ae:20:36:de:e2:53:15:bf:38:75:b2:40:c1:a3:57:
                    b5:00:c6:31:2c:4d:05:97:c6:1a:22:46:93:f9:8a:
                    77:e0:51:74:a4:ae:e1:c4:8b:8e:ec:1a:d7:3d:96:
                    ef:dc:e3:09:fd:20:18:67:ab:d2:54:28:cd:69:d9:
                    eb:88:2e:ff:89:d4:ea:0e:6d:09:0c:c4:a0:9b:82:
                    4b:25:3b:00:4f:bf:84:43:dc:cd:85:ba:9b:7e:77:
                    c3:79:12:dd:72:81:9c:47:7f:aa:03:61:fd:17:e0:
                    31:16:38:06:9f:04:ae:86:8a:3f:4f:3f:f9:a7:79:
                    70:59:4c:a5:82:7c:6b:ce:24:96:48:72:52:85:46:
                    67:02:d1:35:02:3a:aa:18:a3:4f:3f:95:28:0e:0a:
                    5b:f2:5e:06:15:2b:79:6c:b7:ab:70:22:fa:15:90:
                    b5:02:da:1f:9d:52:37:e5:03:7a:f2:9a:9e:1d:d2:
                    9f:61:9f:08:08:d0:50:f4:19:03:4a:e4:a4:a6:d9:
                    2b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:4E:11:2C:2F:B5:06:CA:C5:8D:A8:DC:B7:37:E7:9D:C4:78:13:74
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/98dfce56-310c-482f-9cc1-d425990a842a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.33.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:dc:e3:c5:af:e9:07:d6:53:d8:b0:27:e0:d5:6e:58:c4:d0:
         a4:80:f6:0c:40:85:5e:91:80:b9:de:f8:9a:20:29:1f:8a:41:
         ba:6e:6e:b2:d2:33:87:b9:9b:f6:c8:fd:9c:29:c0:99:a1:9d:
         61:30:ef:c0:4e:eb:ce:26:a0:0f:24:19:68:3d:5d:a5:85:fd:
         c3:03:53:21:d1:8a:23:9e:63:f7:ff:86:96:fd:23:99:2f:5b:
         c3:0a:00:d3:1c:55:b5:77:f1:b7:12:7e:89:34:42:4a:d1:10:
         06:f7:7d:37:97:5f:6c:ba:22:ee:00:fc:31:a7:f5:ef:52:26:
         10:3e:12:d6:16:43:be:db:72:5e:15:f2:b9:0c:84:4b:d4:f0:
         0e:f7:87:b3:64:cc:d6:d0:18:3f:7e:93:35:66:e7:99:54:fd:
         4a:d0:2e:d0:ff:25:8e:22:4f:59:81:61:54:74:7e:f1:4f:d9:
         1d:6c:a1:d9:5c:c5:ea:af:45:97:07:75:77:b3:7d:e3:85:4e:
         8b:55:1f:a0:f9:7e:58:36:18:b5:a3:13:4b:27:5a:8c:00:d3:
         30:3e:31:02:0b:8e:1a:77:43:e1:ec:6b:2b:db:c5:5b:0b:03:
         dc:c3:3a:99:ff:85:05:45:e5:27:d0:f8:f1:b2:61:0b:4b:c8:
         9e:4e:12:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUapOSF2gKq1zyAh9YCO5Vi4ah1eMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjAyMDExWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNGRhZWY2MzM1ZTcwYTQxYTFjM2MwNDIxOTFkYzg5MDIz
MDZmMDA4NGQwZWMzZjk5N2Q0YzU0YTYyMzdhYTM1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCAyxpokIakMq5O44KyakjBmSeVexURSosUsigeKow8N7FT
BU7a49JXJQBO9ra/RN7KxvuZcrVyUwixhq4gNt7iUxW/OHWyQMGjV7UAxjEsTQWX
xhoiRpP5infgUXSkruHEi47sGtc9lu/c4wn9IBhnq9JUKM1p2euILv+J1OoObQkM
xKCbgkslOwBPv4RD3M2Fupt+d8N5Et1ygZxHf6oDYf0X4DEWOAafBK6Gij9PP/mn
eXBZTKWCfGvOJJZIclKFRmcC0TUCOqoYo08/lSgOClvyXgYVK3lst6twIvoVkLUC
2h+dUjflA3rymp4d0p9hnwgI0FD0GQNK5KSm2SsnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkk4RLC+1BsrFjajctzfnncR4E3QwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk4ZGZjZTU2LTMxMGMtNDgyZi05Y2MxLWQ0MjU5OTBhODQyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAENIegwDQYJKoZIhvcNAQELBQADggEBAJLc48Wv6QfWU9iwJ+DVbljE0KSA
9gxAhV6RgLne+JogKR+KQbpubrLSM4e5m/bI/ZwpwJmhnWEw78BO684moA8kGWg9
XaWF/cMDUyHRiiOeY/f/hpb9I5kvW8MKANMcVbV38bcSfok0QkrREAb3fTeXX2y6
Iu4A/DGn9e9SJhA+EtYWQ77bcl4V8rkMhEvU8A73h7NkzNbQGD9+kzVm55lU/UrQ
LtD/JY4iT1mBYVR0fvFP2R1sodlcxeqvRZcHdXezfeOFTotVH6D5flg2GLWjE0sn
WowA0zA+MQILjhp3Q+HsayvbxVsLA9zDOpn/hQVF5SfQ+PGyYQtLyJ5OEqI=
-----END CERTIFICATE-----