Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/996c1536-35b5-4286-bcd4-b3f861c68503.roa
File:                     996c1536-35b5-4286-bcd4-b3f861c68503.roa (raw, json)
Hash identifier:          xRVfdgHNDx6jX8QtIVDHaKJWx2aKckX2EmTX70Scg0c=
Subject key identifier:   7C:59:7F:98:66:E8:19:39:0E:6D:C0:6A:2B:17:2F:0E:B0:FB:96:D7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7041C3863EE8981C08AFCD0071257A94310411C9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/996c1536-35b5-4286-bcd4-b3f861c68503.roa
Signing time:             Sun 19 Oct 2025 22:33:34 +0000
ROA not before:           Sun 19 Oct 2025 22:33:34 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.224.110.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:41:c3:86:3e:e8:98:1c:08:af:cd:00:71:25:7a:94:31:04:11:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 22:33:34 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=b1850d87c392972359af1f013a1ba067f6d90d04bb06bb846a6f428de345c2c0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2d:cc:b9:21:03:a1:62:5c:72:bc:36:fa:cf:
                    38:64:65:09:3d:3b:56:76:bc:ab:32:cf:9d:67:06:
                    12:0b:04:0b:92:0b:36:b8:b3:68:41:78:9d:aa:c7:
                    a3:49:40:ad:4b:05:75:32:db:dc:2a:0c:ef:86:55:
                    6e:c5:84:97:f8:c7:8b:95:af:5a:50:ea:67:47:a7:
                    cc:a6:df:9d:db:1d:d5:42:50:9f:41:fe:33:a1:4e:
                    0f:48:97:b3:2b:f1:9b:63:e3:11:20:98:23:17:90:
                    3e:91:0e:24:96:e1:25:51:2d:05:2c:7f:42:ab:d4:
                    89:68:0d:4f:00:4f:f2:5c:f0:9b:81:63:3b:ba:e9:
                    c2:b8:82:3a:a5:7a:a5:01:8b:a6:35:34:7a:01:19:
                    bb:b0:a2:f9:b7:03:1e:d8:66:7d:50:18:9c:0b:85:
                    a6:72:3d:9f:0a:bd:4d:b9:1a:0a:77:bb:2f:a0:61:
                    09:d3:85:e1:d4:0d:d6:24:ba:72:98:e5:13:ba:c1:
                    4a:55:48:93:5d:66:dc:83:89:f9:e7:14:75:a0:58:
                    50:db:16:cc:87:c2:ef:01:95:32:4d:0e:c2:c7:f8:
                    27:13:f2:3f:73:09:2a:a3:45:99:9b:98:71:5d:fa:
                    4d:07:13:13:d2:7b:e4:9f:7a:4c:f7:aa:70:f2:6d:
                    5e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:59:7F:98:66:E8:19:39:0E:6D:C0:6A:2B:17:2F:0E:B0:FB:96:D7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/996c1536-35b5-4286-bcd4-b3f861c68503.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.224.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:6d:38:51:2a:43:cd:ae:be:ba:bc:0f:fa:29:3e:a9:69:ca:
         a1:33:09:ed:33:92:a2:f3:38:4a:d1:f7:f0:53:b8:f6:fc:68:
         98:40:49:fe:89:ab:35:fb:fd:1d:3b:96:77:79:4a:cf:a1:0d:
         2c:58:5c:46:98:03:1e:50:51:ca:bd:21:32:58:9e:d9:7f:4c:
         30:be:6a:0e:20:8e:a0:0c:97:cd:3e:9f:5a:8a:c0:8f:f3:3c:
         0b:17:bb:38:f7:9a:d2:b5:46:e5:1a:18:8b:e0:41:d4:ff:f9:
         f9:3a:16:b6:b6:a1:5c:12:62:ae:3c:98:03:df:1d:6c:33:ba:
         18:de:28:8d:67:51:87:f3:44:cd:7a:14:32:1d:43:4f:05:77:
         f2:b5:da:6f:2b:1d:3f:03:b2:73:e5:33:f9:48:be:c4:a6:d3:
         e2:4a:5f:64:3f:22:db:02:47:be:4a:99:d4:2d:ee:52:7b:00:
         59:14:13:91:d3:fb:b7:4b:e2:04:ef:f0:73:6d:6d:b6:a0:b3:
         a8:32:47:48:6b:83:aa:b1:3d:b4:64:66:f5:1b:f3:15:b6:ec:
         2e:e6:92:31:3c:a9:f5:5b:c8:b5:12:5d:1b:e2:23:fa:c6:5e:
         53:e8:c4:26:08:93:3c:0d:7e:68:ab:fd:f8:32:b6:da:6a:5a:
         54:13:ea:2a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcEHDhj7omBwIr80AcSV6lDEEEckwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjIzMzM0WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMTg1MGQ4N2MzOTI5NzIzNTlhZjFmMDEzYTFiYTA2N2Y2
ZDkwZDA0YmIwNmJiODQ2YTZmNDI4ZGUzNDVjMmMwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoLcy5IQOhYlxyvDb6zzhkZQk9O1Z2vKsyz51nBhILBAuS
Cza4s2hBeJ2qx6NJQK1LBXUy29wqDO+GVW7FhJf4x4uVr1pQ6mdHp8ym353bHdVC
UJ9B/jOhTg9Il7Mr8Ztj4xEgmCMXkD6RDiSW4SVRLQUsf0Kr1IloDU8AT/Jc8JuB
Yzu66cK4gjqleqUBi6Y1NHoBGbuwovm3Ax7YZn1QGJwLhaZyPZ8KvU25Ggp3uy+g
YQnTheHUDdYkunKY5RO6wUpVSJNdZtyDifnnFHWgWFDbFsyHwu8BlTJNDsLH+CcT
8j9zCSqjRZmbmHFd+k0HExPSe+Sfekz3qnDybV75AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfFl/mGboGTkObcBqKxcvDrD7ltcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk5NmMxNTM2LTM1YjUtNDI4Ni1iY2Q0LWIzZjg2MWM2ODUwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEN4G4wDQYJKoZIhvcNAQELBQADggEBAK9tOFEqQ82uvrq8D/opPqlpyqEz
Ce0zkqLzOErR9/BTuPb8aJhASf6JqzX7/R07lnd5Ss+hDSxYXEaYAx5QUcq9ITJY
ntl/TDC+ag4gjqAMl80+n1qKwI/zPAsXuzj3mtK1RuUaGIvgQdT/+fk6Fra2oVwS
Yq48mAPfHWwzuhjeKI1nUYfzRM16FDIdQ08Fd/K12m8rHT8DsnPlM/lIvsSm0+JK
X2Q/ItsCR75KmdQt7lJ7AFkUE5HT+7dL4gTv8HNtbbags6gyR0hrg6qxPbRkZvUb
8xW27C7mkjE8qfVbyLUSXRviI/rGXlPoxCYIkzwNfmir/fgyttpqWlQT6io=
-----END CERTIFICATE-----