Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9ca18979-3491-47fc-b4bc-6c23097c25d6.roa
File:                     9ca18979-3491-47fc-b4bc-6c23097c25d6.roa (raw, json)
Hash identifier:          DKWwRXdZ62Db4NtREAXB5WT94+0gj7DLxbfBCT0WvxQ=
Subject key identifier:   8C:D6:8B:E3:68:AB:9B:E1:81:61:1F:2F:CA:4B:7E:93:4B:27:FF:98
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       60F2028090BB2BE9539E65A62111B3F9703BAE97
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9ca18979-3491-47fc-b4bc-6c23097c25d6.roa
Signing time:             Sun 19 Oct 2025 15:13:31 +0000
ROA not before:           Sun 19 Oct 2025 15:13:31 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.224.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:f2:02:80:90:bb:2b:e9:53:9e:65:a6:21:11:b3:f9:70:3b:ae:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 15:13:31 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=61804b4efd3347ea6ba316b2f8ea577bb0b39d85f2a806c672e15a952679ade7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:82:3a:1a:e4:58:83:a8:20:2e:84:24:e0:19:
                    a1:af:9d:76:cc:4b:45:33:26:4c:4a:87:f8:74:9f:
                    90:1b:48:68:32:23:bb:04:9f:c0:b6:31:2c:7a:df:
                    3c:32:ae:e3:58:0e:4a:4c:7e:9f:22:6f:ca:03:f5:
                    55:64:cd:d6:c7:3a:4c:26:49:38:01:e9:42:e3:7b:
                    bd:68:53:d8:f2:61:76:17:63:2b:a2:a8:b8:09:86:
                    a1:7d:1c:48:12:bf:e5:46:a2:8b:ca:b7:df:0b:b6:
                    b2:df:9a:86:21:01:c2:88:b7:13:2a:cf:b1:78:01:
                    c6:31:a6:60:4d:4f:76:fd:aa:a0:b4:42:7f:26:49:
                    17:38:10:05:fc:4a:47:f0:f7:28:1d:a5:05:d6:9c:
                    5b:6a:cc:50:43:de:34:4a:56:e5:a1:c8:be:55:73:
                    8b:31:a7:96:0b:5a:e8:2d:bf:b3:4c:91:c4:44:5c:
                    bf:35:47:f9:1a:46:77:97:71:18:45:0b:b5:0f:45:
                    6c:c8:cc:98:da:72:56:4a:26:0e:d7:b3:74:0e:a0:
                    b4:9c:9d:51:b3:23:1d:f0:b5:e4:3b:13:1c:26:09:
                    f7:d2:63:53:83:19:03:34:24:2d:39:a4:e8:76:76:
                    c4:36:d9:13:a9:72:6a:e0:59:ad:59:16:23:99:a3:
                    fd:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:D6:8B:E3:68:AB:9B:E1:81:61:1F:2F:CA:4B:7E:93:4B:27:FF:98
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9ca18979-3491-47fc-b4bc-6c23097c25d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.224.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:91:dc:07:fa:db:82:72:44:c7:da:f4:9f:61:2b:09:98:76:
         77:29:6a:f1:29:94:7c:f6:38:66:8f:6d:5a:b9:f1:b8:6f:68:
         85:9c:97:da:4d:ba:cb:c2:9a:23:f7:58:ec:1a:b8:54:1b:15:
         75:b0:8a:7d:3f:8d:5a:02:72:b4:cc:3a:79:7c:8f:52:aa:ec:
         7a:09:dc:b8:3f:54:a3:16:fd:19:0b:0f:13:a7:6e:25:12:62:
         6c:c4:05:ef:fa:9e:7c:50:03:ad:1d:55:9f:c6:e4:93:a8:bd:
         b3:cb:1c:2c:78:a6:7b:ea:d9:aa:8b:a2:4b:1e:60:3e:9a:84:
         31:30:46:cf:c8:11:1d:dd:78:7d:58:f4:e8:60:e5:33:ab:c8:
         e0:3e:d1:50:9a:47:89:3d:b2:26:72:ee:67:de:fb:71:99:6e:
         98:77:38:b9:4b:b6:60:e3:82:bc:c4:c2:01:73:37:7c:d7:61:
         49:90:51:6d:5f:c3:ff:51:32:5d:37:b0:ac:38:36:73:53:bd:
         1a:d2:7e:ec:0e:9b:76:30:bf:25:25:bc:35:38:73:7e:78:0d:
         62:e2:30:89:70:c1:7f:69:04:3b:fd:81:c8:43:73:78:45:f6:
         48:92:d7:31:6b:fd:34:34:77:65:de:cb:ea:e9:c4:d1:ba:56:
         0c:f8:68:ed
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYPICgJC7K+lTnmWmIRGz+XA7rpcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTUxMzMxWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTgwNGI0ZWZkMzM0N2VhNmJhMzE2YjJmOGVhNTc3YmIw
YjM5ZDg1ZjJhODA2YzY3MmUxNWE5NTI2NzlhZGU3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvgjoa5FiDqCAuhCTgGaGvnXbMS0UzJkxKh/h0n5AbSGgy
I7sEn8C2MSx63zwyruNYDkpMfp8ib8oD9VVkzdbHOkwmSTgB6ULje71oU9jyYXYX
YyuiqLgJhqF9HEgSv+VGoovKt98LtrLfmoYhAcKItxMqz7F4AcYxpmBNT3b9qqC0
Qn8mSRc4EAX8Skfw9ygdpQXWnFtqzFBD3jRKVuWhyL5Vc4sxp5YLWugtv7NMkcRE
XL81R/kaRneXcRhFC7UPRWzIzJjaclZKJg7Xs3QOoLScnVGzIx3wteQ7ExwmCffS
Y1ODGQM0JC05pOh2dsQ22ROpcmrgWa1ZFiOZo/2BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjNaL42irm+GBYR8vykt+k0sn/5gwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzljYTE4OTc5LTM0OTEtNDdmYy1iNGJjLTZjMjMwOTdjMjVkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIN4GgwDQYJKoZIhvcNAQELBQADggEBALCR3Af624JyRMfa9J9hKwmYdncp
avEplHz2OGaPbVq58bhvaIWcl9pNusvCmiP3WOwauFQbFXWwin0/jVoCcrTMOnl8
j1Kq7HoJ3Lg/VKMW/RkLDxOnbiUSYmzEBe/6nnxQA60dVZ/G5JOovbPLHCx4pnvq
2aqLokseYD6ahDEwRs/IER3deH1Y9Ohg5TOryOA+0VCaR4k9siZy7mfe+3GZbph3
OLlLtmDjgrzEwgFzN3zXYUmQUW1fw/9RMl03sKw4NnNTvRrSfuwOm3YwvyUlvDU4
c354DWLiMIlwwX9pBDv9gchDc3hF9kiS1zFr/TQ0d2Xey+rpxNG6Vgz4aO0=
-----END CERTIFICATE-----