Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b0ddaadc-c768-4c1d-ac3a-00bdb86fb2b8.roa
File:                     b0ddaadc-c768-4c1d-ac3a-00bdb86fb2b8.roa (raw, json)
Hash identifier:          hQ1G3rTVV9VulzxX4ueL1h0WdMpS7NoP1C0VqMmJbls=
Subject key identifier:   29:26:8A:6D:A1:7D:50:2B:A3:88:28:74:83:E4:B4:E5:6D:0E:DD:3A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       57BCEF06386E02FC8ED9F3E6CD4F6B143293FD75
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b0ddaadc-c768-4c1d-ac3a-00bdb86fb2b8.roa
Signing time:             Sun 19 Oct 2025 21:20:08 +0000
ROA not before:           Sun 19 Oct 2025 21:20:08 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.33.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:bc:ef:06:38:6e:02:fc:8e:d9:f3:e6:cd:4f:6b:14:32:93:fd:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 21:20:08 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=0d0b35f9d009769d0bf1d7310e757ecf44d957287eefe3089788610b7833ee50, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:11:c9:c9:fa:df:e4:b0:9c:b3:37:ce:b8:52:
                    94:15:5a:44:d7:30:39:ed:bc:aa:20:47:34:9d:ac:
                    69:0e:d0:2a:07:0a:f6:48:cd:3d:34:4f:83:72:81:
                    17:6c:c8:30:9a:96:30:d5:f1:e6:e8:bb:29:c2:54:
                    7d:4e:24:9d:3f:51:31:09:c3:8f:c6:bd:56:7e:07:
                    85:72:8c:aa:ad:3c:0e:68:04:5a:c6:bd:37:9e:b6:
                    c0:ff:bc:e8:52:f6:14:81:01:06:71:77:b6:81:92:
                    d0:55:68:69:a6:59:13:1b:3d:ae:81:48:94:e9:b4:
                    f8:c9:16:68:96:0d:6c:17:0f:66:c0:a7:47:4f:3b:
                    dc:ca:72:0e:96:e6:bd:b4:99:da:84:53:67:8e:cc:
                    0f:c4:0e:7f:0c:b7:7d:c8:31:09:42:02:87:b5:89:
                    85:e4:24:6c:d5:5a:23:17:a0:4a:6f:c2:b4:02:c7:
                    e4:3b:ed:3b:e3:4b:d7:12:52:bc:e7:4f:28:7d:c7:
                    90:6e:ea:09:63:05:3c:63:91:bf:54:58:b4:df:01:
                    84:fa:ab:96:a1:23:b0:de:8a:22:3f:b9:2a:13:41:
                    1d:cb:f1:19:5f:c5:bf:19:98:db:6b:6a:b3:80:81:
                    97:b6:c3:9f:75:e6:c0:a2:c3:51:e8:3b:d3:3e:e2:
                    f2:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:26:8A:6D:A1:7D:50:2B:A3:88:28:74:83:E4:B4:E5:6D:0E:DD:3A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b0ddaadc-c768-4c1d-ac3a-00bdb86fb2b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.33.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:6c:48:d3:35:92:8a:16:22:67:ac:46:28:b1:77:bb:96:1d:
         5d:75:a4:39:99:2a:14:60:01:20:8b:d7:e6:1f:1b:2c:d3:6a:
         f7:1e:8d:8f:ba:36:07:9e:5c:b5:0d:4d:b3:96:3f:69:ee:cc:
         69:d4:51:19:ec:14:9e:82:b2:8a:ef:78:db:43:b5:7b:8e:d6:
         d4:de:71:ab:14:1b:60:06:37:65:91:cd:e5:89:76:ce:2a:ad:
         6a:51:47:f6:37:27:7c:95:28:9d:1e:c8:c0:c3:7e:b1:79:50:
         61:dc:be:8b:4e:ed:22:77:d6:9d:05:f9:92:6f:93:01:3b:41:
         0e:29:98:cb:7a:5f:2b:4e:18:21:4a:04:aa:43:ed:cd:20:2e:
         d0:b1:40:db:8c:6d:68:05:1d:b3:2a:09:3e:cb:ad:58:5c:31:
         08:6a:74:70:29:ab:82:77:58:aa:0a:f1:56:a1:ff:71:e3:d4:
         b9:9b:ae:1f:e2:5a:9e:87:1d:a0:ff:b9:b6:eb:b1:32:98:c2:
         8f:99:76:b0:e9:7a:40:b8:af:50:d2:7e:17:58:32:bb:91:10:
         99:eb:79:b8:3a:88:7c:01:c9:80:dc:c3:02:e6:52:28:30:34:
         92:39:fd:a7:26:60:72:0b:01:b0:e0:52:25:5a:a4:57:24:92:
         b9:19:26:ee
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV7zvBjhuAvyO2fPmzU9rFDKT/XUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjEyMDA4WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZDBiMzVmOWQwMDk3NjlkMGJmMWQ3MzEwZTc1N2VjZjQ0
ZDk1NzI4N2VlZmUzMDg5Nzg4NjEwYjc4MzNlZTUwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkEcnJ+t/ksJyzN864UpQVWkTXMDntvKogRzSdrGkO0CoH
CvZIzT00T4NygRdsyDCaljDV8ebouynCVH1OJJ0/UTEJw4/GvVZ+B4VyjKqtPA5o
BFrGvTeetsD/vOhS9hSBAQZxd7aBktBVaGmmWRMbPa6BSJTptPjJFmiWDWwXD2bA
p0dPO9zKcg6W5r20mdqEU2eOzA/EDn8Mt33IMQlCAoe1iYXkJGzVWiMXoEpvwrQC
x+Q77TvjS9cSUrznTyh9x5Bu6gljBTxjkb9UWLTfAYT6q5ahI7DeiiI/uSoTQR3L
8Rlfxb8ZmNtrarOAgZe2w5915sCiw1HoO9M+4vJbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKSaKbaF9UCujiCh0g+S05W0O3TowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IwZGRhYWRjLWM3NjgtNGMxZC1hYzNhLTAwYmRiODZmYjJiOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAINIZwwDQYJKoZIhvcNAQELBQADggEBAB5sSNM1kooWImesRiixd7uWHV11
pDmZKhRgASCL1+YfGyzTavcejY+6NgeeXLUNTbOWP2nuzGnUURnsFJ6CsorveNtD
tXuO1tTecasUG2AGN2WRzeWJds4qrWpRR/Y3J3yVKJ0eyMDDfrF5UGHcvotO7SJ3
1p0F+ZJvkwE7QQ4pmMt6XytOGCFKBKpD7c0gLtCxQNuMbWgFHbMqCT7LrVhcMQhq
dHApq4J3WKoK8Vah/3Hj1Lmbrh/iWp6HHaD/ubbrsTKYwo+ZdrDpekC4r1DSfhdY
MruREJnrebg6iHwByYDcwwLmUigwNJI5/acmYHILAbDgUiVapFckkrkZJu4=
-----END CERTIFICATE-----