Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9df3daa4-5df0-43cb-996d-53b1e35f7189.roa
File:                     9df3daa4-5df0-43cb-996d-53b1e35f7189.roa (raw, json)
Hash identifier:          QnBDdDHLAyEIoakZ1Aahy87I+RwFbmpSElo7Am5tUVo=
Subject key identifier:   1F:2A:80:EE:A3:3D:37:B7:82:71:FE:34:9C:CE:D1:08:BF:BB:34:50
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       56C12AF763C07AF7FE156F20BF93C9674C5D2BDB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9df3daa4-5df0-43cb-996d-53b1e35f7189.roa
Signing time:             Sun 19 Oct 2025 13:01:12 +0000
ROA not before:           Sun 19 Oct 2025 13:01:12 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.228.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:c1:2a:f7:63:c0:7a:f7:fe:15:6f:20:bf:93:c9:67:4c:5d:2b:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 13:01:12 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=a5387564b7de978f40b9ee62cd950af8b883fad19727dcb5f4a24058cbc1b0b0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:21:e6:73:31:c6:f2:b4:c5:1c:ec:c3:4b:5a:
                    0b:4b:ae:74:29:86:2d:3a:cc:ee:74:e4:1d:4c:81:
                    fa:21:08:5d:14:5e:4c:68:59:df:9e:6e:58:e7:a7:
                    19:ad:66:9f:55:60:df:aa:cd:9b:a6:ab:2e:87:59:
                    19:15:d3:3c:ca:f6:fc:c9:20:0d:d8:77:04:b8:19:
                    03:f7:0e:cb:2c:31:f2:92:bc:9e:e3:fb:8b:50:e4:
                    a0:bc:b4:5e:34:87:f3:99:b4:d7:63:3a:d7:bf:bd:
                    5b:cb:c6:0f:ba:13:f0:10:46:a4:39:65:78:6a:37:
                    fa:39:2b:a2:f5:34:f7:81:3b:5d:0f:b4:04:71:b5:
                    e7:2d:76:35:91:09:ea:86:8c:bb:46:01:dc:9c:04:
                    96:ee:73:3a:17:bd:57:84:c6:13:84:f4:76:8a:69:
                    80:4a:3d:84:eb:5c:d5:33:3e:ba:70:d2:22:08:16:
                    f4:99:8a:ac:b6:76:4f:c3:c3:b1:6f:22:f5:72:24:
                    6e:d5:0b:8a:5a:19:46:f3:d8:f4:ce:33:64:a4:09:
                    72:25:d5:76:ee:cb:39:cd:88:5e:fb:91:50:e4:cc:
                    e1:45:d4:10:ec:47:c4:66:73:bf:6f:32:fc:d2:24:
                    3d:84:c2:37:e4:b8:cf:ed:34:98:96:df:82:7b:04:
                    f4:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:2A:80:EE:A3:3D:37:B7:82:71:FE:34:9C:CE:D1:08:BF:BB:34:50
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9df3daa4-5df0-43cb-996d-53b1e35f7189.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b1:04:fd:44:f1:96:4e:f8:da:b8:e8:7f:91:75:09:40:3a:11:
         27:1d:d2:4d:fa:34:fc:07:e0:9c:3f:24:96:58:97:a2:d2:0e:
         43:3a:4c:28:ee:e3:dc:b3:cd:e2:a1:41:88:48:3b:13:8f:0c:
         8b:01:e5:11:bb:5e:93:55:fd:41:67:e7:58:17:b6:99:8e:75:
         76:72:38:dd:19:cd:b7:30:a6:a2:aa:ac:76:1b:45:55:2c:99:
         8c:08:94:f9:f7:27:3b:72:31:ad:b5:3a:de:d0:8e:49:23:12:
         bb:23:2f:8c:a2:65:62:18:e6:bf:fa:f0:c1:ca:ac:56:39:bc:
         1d:70:8f:73:91:63:95:03:ba:fb:81:4c:3c:14:87:bf:1d:d8:
         45:1f:23:31:7a:d8:fc:24:50:d6:6e:1e:e6:26:b3:7a:5d:90:
         34:3b:2f:68:25:99:91:82:a6:3c:08:5d:63:ea:94:f1:e4:b4:
         25:17:ca:b0:75:03:90:aa:0a:17:11:91:67:36:4b:79:d1:cc:
         66:47:34:ed:1c:90:a1:d7:e6:2b:b2:e8:8f:41:e8:0e:cf:eb:
         ab:c3:1d:b6:9a:49:b6:2d:fa:74:ec:b2:33:fe:9d:39:c4:9e:
         90:8d:36:29:61:c8:05:31:f8:44:93:1c:1e:ae:7e:b6:80:78:
         09:79:81:c9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVsEq92PAevf+FW8gv5PJZ0xdK9swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTMwMTEyWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNTM4NzU2NGI3ZGU5NzhmNDBiOWVlNjJjZDk1MGFmOGI4
ODNmYWQxOTcyN2RjYjVmNGEyNDA1OGNiYzFiMGIwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSIeZzMcbytMUc7MNLWgtLrnQphi06zO505B1MgfohCF0U
XkxoWd+ebljnpxmtZp9VYN+qzZumqy6HWRkV0zzK9vzJIA3YdwS4GQP3DsssMfKS
vJ7j+4tQ5KC8tF40h/OZtNdjOte/vVvLxg+6E/AQRqQ5ZXhqN/o5K6L1NPeBO10P
tARxtectdjWRCeqGjLtGAdycBJbuczoXvVeExhOE9HaKaYBKPYTrXNUzPrpw0iII
FvSZiqy2dk/Dw7FvIvVyJG7VC4paGUbz2PTOM2SkCXIl1XbuyznNiF77kVDkzOFF
1BDsR8Rmc79vMvzSJD2EwjfkuM/tNJiW34J7BPTLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHyqA7qM9N7eCcf40nM7RCL+7NFAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlkZjNkYWE0LTVkZjAtNDNjYi05OTZkLTUzYjFlMzVmNzE4OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAINIOQwDQYJKoZIhvcNAQELBQADggEBALEE/UTxlk742rjof5F1CUA6EScd
0k36NPwH4Jw/JJZYl6LSDkM6TCju49yzzeKhQYhIOxOPDIsB5RG7XpNV/UFn51gX
tpmOdXZyON0ZzbcwpqKqrHYbRVUsmYwIlPn3JztyMa21Ot7QjkkjErsjL4yiZWIY
5r/68MHKrFY5vB1wj3ORY5UDuvuBTDwUh78d2EUfIzF62PwkUNZuHuYms3pdkDQ7
L2glmZGCpjwIXWPqlPHktCUXyrB1A5CqChcRkWc2S3nRzGZHNO0ckKHX5iuy6I9B
6A7P66vDHbaaSbYt+nTssjP+nTnEnpCNNilhyAUx+ESTHB6ufraAeAl5gck=
-----END CERTIFICATE-----