Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aaffc9ff-83a4-4ab5-8f78-17e421b9e56d.roa
File:                     aaffc9ff-83a4-4ab5-8f78-17e421b9e56d.roa (raw, json)
Hash identifier:          G+ICxQMos/xUC9pByi/OBk+e/Fe7QENXi27aCnSkZsM=
Subject key identifier:   F4:89:26:9A:09:83:C8:4C:29:33:24:A1:11:85:A0:A9:0E:04:7A:D2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       302B3004A9CF741B9857BB93ADEB442AD44B3BFD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aaffc9ff-83a4-4ab5-8f78-17e421b9e56d.roa
Signing time:             Sun 19 Oct 2025 12:30:18 +0000
ROA not before:           Sun 19 Oct 2025 12:30:18 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:2b:30:04:a9:cf:74:1b:98:57:bb:93:ad:eb:44:2a:d4:4b:3b:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 12:30:18 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=4198036fa6e89edb78633ed62e2d295ca0d83d4ae805277abbe1e5271aeeb37b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d1:b7:9d:f7:15:75:79:fa:06:05:e8:a5:66:
                    b2:99:19:f1:18:1f:7c:35:bc:c6:53:e9:40:2f:e7:
                    5e:4b:60:fd:0a:98:8e:75:7f:e2:c5:8a:9e:f3:ce:
                    cd:3f:9b:71:be:37:ac:5c:b3:48:9f:6e:33:62:4c:
                    55:66:bf:e3:e0:2c:d8:e3:10:53:29:81:e3:29:49:
                    87:90:3c:0b:d7:ce:8e:0d:a5:48:3c:4f:08:74:79:
                    bc:17:25:3f:b6:2d:18:0d:77:19:dd:6d:a5:65:eb:
                    18:d8:ac:fc:da:07:9b:71:0a:8c:3e:98:0a:f9:6a:
                    89:b2:6e:cf:d6:d6:ea:ad:52:e9:5d:bb:02:ad:8c:
                    de:2a:01:b6:db:68:e1:6e:ee:78:7b:cb:e3:40:55:
                    6a:16:f6:75:22:c7:95:f0:0f:c7:fa:73:74:0a:70:
                    93:1e:3a:4d:b8:f7:1c:3e:6e:3b:e6:98:08:77:38:
                    e8:6e:12:52:63:2e:a1:2b:93:5d:97:c0:d9:60:0e:
                    ee:a3:7c:8b:fe:49:3a:a5:70:3e:ea:90:0c:c8:ee:
                    99:5c:26:f2:40:f7:3a:5f:12:be:e7:63:ca:2a:ea:
                    81:41:bc:55:bd:2d:0f:41:98:ca:1a:a4:0e:a8:a4:
                    b4:76:d0:07:2b:84:d0:ab:e8:8b:96:5c:ea:0a:a9:
                    58:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:89:26:9A:09:83:C8:4C:29:33:24:A1:11:85:A0:A9:0E:04:7A:D2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/aaffc9ff-83a4-4ab5-8f78-17e421b9e56d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:e3:5b:dd:ff:e9:8b:5a:2d:20:b1:98:bc:40:bb:45:7b:70:
         a2:ed:f8:21:9f:63:4e:87:d3:d6:2f:74:7d:9e:df:e9:bd:42:
         68:1e:6f:75:5d:13:96:07:b0:5a:9d:3d:ce:8e:be:d9:9e:99:
         18:4a:2c:68:e2:29:07:08:70:a4:cd:4d:04:2e:ea:14:8e:67:
         b4:df:6b:53:b1:97:61:8b:77:e8:1e:29:29:b0:00:49:c2:fd:
         52:23:4b:2a:7a:8b:8c:77:a6:90:24:ba:9b:aa:dd:8e:44:45:
         66:1f:eb:af:1c:de:8d:78:d1:ea:e6:2e:9d:5a:6a:b9:d8:51:
         93:50:36:ce:b6:48:c0:74:e4:e4:a4:69:57:3e:a0:b5:62:a9:
         08:94:cd:e1:8e:b3:75:84:05:32:8a:e7:32:bf:e2:62:59:47:
         ae:56:83:b2:66:fd:df:62:8b:28:63:7b:a5:07:6f:7c:91:37:
         e3:3f:fc:1c:4c:c7:bd:44:27:68:a1:cc:bd:b9:c6:1a:46:d1:
         7c:da:ec:af:e3:78:b8:c3:71:18:fe:a7:dc:26:88:a1:9f:09:
         04:92:47:3a:35:68:85:ad:07:cf:ce:16:20:b6:57:3f:86:72:
         39:32:10:7e:2d:b0:3e:9c:b4:9d:c3:a7:37:d4:18:c7:a1:56:
         97:7e:2f:5f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMCswBKnPdBuYV7uTretEKtRLO/0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTIzMDE4WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTk4MDM2ZmE2ZTg5ZWRiNzg2MzNlZDYyZTJkMjk1Y2Ew
ZDgzZDRhZTgwNTI3N2FiYmUxZTUyNzFhZWViMzdiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC30bed9xV1efoGBeilZrKZGfEYH3w1vMZT6UAv515LYP0K
mI51f+LFip7zzs0/m3G+N6xcs0ifbjNiTFVmv+PgLNjjEFMpgeMpSYeQPAvXzo4N
pUg8Twh0ebwXJT+2LRgNdxndbaVl6xjYrPzaB5txCow+mAr5aomybs/W1uqtUuld
uwKtjN4qAbbbaOFu7nh7y+NAVWoW9nUix5XwD8f6c3QKcJMeOk249xw+bjvmmAh3
OOhuElJjLqErk12XwNlgDu6jfIv+STqlcD7qkAzI7plcJvJA9zpfEr7nY8oq6oFB
vFW9LQ9BmMoapA6opLR20AcrhNCr6IuWXOoKqVhzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9IkmmgmDyEwpMyShEYWgqQ4EetIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FhZmZjOWZmLTgzYTQtNGFiNS04Zjc4LTE3ZTQyMWI5ZTU2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANIPEwDQYJKoZIhvcNAQELBQADggEBAEPjW93/6YtaLSCxmLxAu0V7cKLt
+CGfY06H09YvdH2e3+m9Qmgeb3VdE5YHsFqdPc6OvtmemRhKLGjiKQcIcKTNTQQu
6hSOZ7Tfa1Oxl2GLd+geKSmwAEnC/VIjSyp6i4x3ppAkupuq3Y5ERWYf668c3o14
0ermLp1aarnYUZNQNs62SMB05OSkaVc+oLViqQiUzeGOs3WEBTKK5zK/4mJZR65W
g7Jm/d9iiyhje6UHb3yRN+M//BxMx71EJ2ihzL25xhpG0Xza7K/jeLjDcRj+p9wm
iKGfCQSSRzo1aIWtB8/OFiC2Vz+GcjkyEH4tsD6ctJ3DpzfUGMehVpd+L18=
-----END CERTIFICATE-----