Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a0da04f2-94f3-4f80-b7d0-970ff6b1db4d.roa
File:                     a0da04f2-94f3-4f80-b7d0-970ff6b1db4d.roa (raw, json)
Hash identifier:          rGsrpZ4J7M1sgEkiotqE/Ik6M7zeWc4JecuzObUqQkU=
Subject key identifier:   12:9E:25:A5:D9:05:B0:7F:0D:20:E2:BE:DC:3F:C2:3B:69:4C:9A:12
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       66DB8714C17A080937401524C41CB22E3C652B72
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a0da04f2-94f3-4f80-b7d0-970ff6b1db4d.roa
Signing time:             Sun 19 Oct 2025 19:12:34 +0000
ROA not before:           Sun 19 Oct 2025 19:12:34 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.33.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:db:87:14:c1:7a:08:09:37:40:15:24:c4:1c:b2:2e:3c:65:2b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 19:12:34 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=94d6a1b2286317e37753ea35318ec8fb1c228e8254f1361ee4780bfb5521f584, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:09:20:4b:86:a0:c9:ca:5a:14:b4:b5:3d:ed:
                    55:f6:82:c4:ea:50:51:77:33:27:a6:d7:9a:ea:e8:
                    db:6a:16:61:29:14:ea:e9:5e:b0:3e:ed:4e:f4:2f:
                    ce:b3:0f:c2:1b:4b:16:87:d9:b6:91:5b:73:ce:4d:
                    38:92:b5:7e:44:58:20:26:44:f1:34:07:eb:2e:ec:
                    80:eb:45:ba:b5:eb:60:03:c9:a1:7a:99:77:37:74:
                    1d:3d:7d:f7:e2:0c:ab:c1:f7:81:e5:d6:7b:52:0f:
                    c0:a1:8b:c3:15:b3:2e:2f:be:14:13:aa:42:36:35:
                    e7:c3:48:80:3d:0b:45:ca:e4:3c:6e:be:5c:a5:3c:
                    47:d6:d7:38:0f:c3:12:32:ef:60:99:db:33:7c:98:
                    2e:3e:48:e6:12:b8:68:24:42:48:5b:cd:da:ec:06:
                    9a:6e:01:4e:ca:11:eb:58:1d:c4:a0:87:c5:7f:bf:
                    40:c7:a4:ff:54:c5:78:4a:e0:81:d9:3c:d3:a0:c1:
                    2a:83:0f:f7:40:bd:65:17:2a:98:98:cb:0a:bf:a8:
                    71:6e:61:0d:35:e0:84:cd:3e:88:0e:29:95:96:b4:
                    07:ed:b4:b0:9f:32:3c:13:4a:a2:cd:c6:fb:4a:39:
                    03:1f:dd:09:b2:6a:93:dc:9e:bf:d2:ac:e7:92:02:
                    b2:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:9E:25:A5:D9:05:B0:7F:0D:20:E2:BE:DC:3F:C2:3B:69:4C:9A:12
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a0da04f2-94f3-4f80-b7d0-970ff6b1db4d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.33.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:cd:1e:4f:0e:85:7c:2c:7f:57:2b:a6:b5:82:60:b1:78:2e:
         18:d0:39:65:39:27:f5:51:a3:e4:f0:52:8a:75:21:20:76:37:
         6a:1d:77:e1:d6:a7:1f:1f:98:af:9c:c6:a4:a0:0f:bf:33:29:
         52:f8:e2:ff:d1:e9:ef:24:1d:d7:66:65:a1:38:16:d4:65:70:
         cb:39:ca:de:08:78:3c:02:ef:2b:3e:7a:ad:d2:b5:90:6d:44:
         37:66:e6:02:4e:c2:59:e8:77:aa:d5:df:36:49:97:54:3d:39:
         34:3f:53:a2:e0:71:91:2e:f3:b2:ba:35:cf:c4:44:8a:0a:f9:
         8e:49:9e:0e:76:fa:6d:9f:93:92:f0:8d:e3:cd:ff:51:68:c5:
         7a:50:4c:11:96:23:bf:50:f5:ac:2f:90:f6:21:69:22:af:9b:
         fc:8e:0e:72:e1:39:1b:b8:d6:43:e4:76:14:e7:09:25:53:a0:
         f5:d1:a0:81:a8:ef:96:71:ef:9f:d3:32:d1:2c:a6:3e:df:18:
         d6:b1:3b:16:61:6f:44:b3:b9:56:2a:d7:b7:11:99:14:40:b0:
         a9:07:17:ea:34:46:a1:0b:64:a4:8b:ef:db:dc:b2:46:7c:e6:
         b2:2b:68:5e:ac:61:ad:db:1e:88:2e:a6:d3:66:79:50:b0:12:
         96:6d:49:02
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZtuHFMF6CAk3QBUkxByyLjxlK3IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTkxMjM0WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NGQ2YTFiMjI4NjMxN2UzNzc1M2VhMzUzMThlYzhmYjFj
MjI4ZTgyNTRmMTM2MWVlNDc4MGJmYjU1MjFmNTg0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbCSBLhqDJyloUtLU97VX2gsTqUFF3Myem15rq6NtqFmEp
FOrpXrA+7U70L86zD8IbSxaH2baRW3POTTiStX5EWCAmRPE0B+su7IDrRbq162AD
yaF6mXc3dB09fffiDKvB94Hl1ntSD8Chi8MVsy4vvhQTqkI2NefDSIA9C0XK5Dxu
vlylPEfW1zgPwxIy72CZ2zN8mC4+SOYSuGgkQkhbzdrsBppuAU7KEetYHcSgh8V/
v0DHpP9UxXhK4IHZPNOgwSqDD/dAvWUXKpiYywq/qHFuYQ014ITNPogOKZWWtAft
tLCfMjwTSqLNxvtKOQMf3QmyapPcnr/SrOeSArLhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEp4lpdkFsH8NIOK+3D/CO2lMmhIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EwZGEwNGYyLTk0ZjMtNGY4MC1iN2QwLTk3MGZmNmIxZGI0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANIVkwDQYJKoZIhvcNAQELBQADggEBALDNHk8OhXwsf1crprWCYLF4LhjQ
OWU5J/VRo+TwUop1ISB2N2odd+HWpx8fmK+cxqSgD78zKVL44v/R6e8kHddmZaE4
FtRlcMs5yt4IeDwC7ys+eq3StZBtRDdm5gJOwlnod6rV3zZJl1Q9OTQ/U6LgcZEu
87K6Nc/ERIoK+Y5Jng52+m2fk5LwjePN/1FoxXpQTBGWI79Q9awvkPYhaSKvm/yO
DnLhORu41kPkdhTnCSVToPXRoIGo75Zx75/TMtEspj7fGNaxOxZhb0SzuVYq17cR
mRRAsKkHF+o0RqELZKSL79vcskZ85rIraF6sYa3bHoguptNmeVCwEpZtSQI=
-----END CERTIFICATE-----