Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b7a8494b-b559-4892-8b02-57de7718ee93.roa
File:                     b7a8494b-b559-4892-8b02-57de7718ee93.roa (raw, json)
Hash identifier:          24wlKWHva38gaUmqXrRg1NgXpVnpACBgGsT8v36dUJs=
Subject key identifier:   B0:69:DA:89:D7:43:92:8A:6A:46:CD:E4:8C:DF:7C:D7:B0:A0:4C:46
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       42C86A678E4F89492392FD7CE09DC440B07BA877
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b7a8494b-b559-4892-8b02-57de7718ee93.roa
Signing time:             Sun 19 Oct 2025 08:51:17 +0000
ROA not before:           Sun 19 Oct 2025 08:51:17 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.227.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:c8:6a:67:8e:4f:89:49:23:92:fd:7c:e0:9d:c4:40:b0:7b:a8:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 08:51:17 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=b38bae20a58a9acdd41f78a8916b0f5b20eff25b516b41e7cc0efc7a4e20985a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:19:c7:b7:57:4a:2f:7e:69:6f:cc:bf:62:8a:
                    78:de:7b:66:7e:3a:0a:ab:63:bb:7e:54:e7:91:b9:
                    88:39:e8:e5:e4:f9:2b:52:20:17:48:df:9f:7c:38:
                    79:e7:da:38:f7:ed:90:5a:47:05:59:52:7d:74:bc:
                    c3:0d:e5:46:9f:de:ad:df:e5:4d:92:5d:66:93:b9:
                    11:78:42:78:b8:f9:62:f8:6d:d6:57:50:57:b1:db:
                    d7:1a:3d:d0:3a:b7:3e:4f:49:ab:f1:ef:0e:d0:98:
                    d0:62:6e:58:fb:97:73:98:d8:2a:c0:21:b1:d2:22:
                    f7:41:e8:f0:a3:e0:9e:6e:fd:62:8c:ee:ac:5a:31:
                    8a:72:f9:55:5e:68:d7:4b:94:8f:a6:21:e2:b4:2e:
                    bf:d0:d9:8e:cf:a9:76:98:51:19:9b:e3:bd:df:49:
                    60:03:92:fb:af:e6:de:97:f2:f1:aa:b8:f1:ed:d7:
                    18:fa:28:cf:cc:7b:a9:85:06:39:38:77:35:6c:44:
                    59:4e:7b:2d:57:1c:1d:3b:a1:15:b3:ae:e3:ed:92:
                    4c:01:8c:02:ee:08:a3:2f:08:5c:7a:80:6a:b9:78:
                    24:f1:ae:02:2b:db:e1:dd:dc:66:7b:9a:5c:b5:c4:
                    03:ec:bf:10:c5:01:b3:62:44:ab:7f:4d:c6:b6:6b:
                    1a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:69:DA:89:D7:43:92:8A:6A:46:CD:E4:8C:DF:7C:D7:B0:A0:4C:46
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b7a8494b-b559-4892-8b02-57de7718ee93.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.227.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:71:0b:fc:38:99:ff:85:dd:2b:3b:e9:ef:3a:ce:36:26:85:
         b2:ad:f9:f1:b2:f2:17:ac:c3:c2:b1:f7:20:bf:74:85:5a:0a:
         fb:93:0e:22:1d:5a:c6:a6:f5:6e:46:78:3c:73:39:73:d5:dd:
         93:95:84:e2:db:f7:3c:97:fb:39:02:32:40:81:86:e0:2b:ac:
         3a:67:f5:67:2f:83:e1:e8:09:28:89:0f:eb:17:b6:b0:80:d0:
         ab:6f:4d:90:12:b8:04:33:ac:ac:24:42:73:aa:e6:03:06:49:
         32:c8:d7:8a:62:6a:62:6f:ff:81:2f:ee:ef:68:71:e6:ea:b5:
         35:f4:5b:4f:6e:b5:21:0e:37:08:19:28:3f:c3:d1:b8:f6:d3:
         25:86:bb:9b:63:12:9e:00:97:b2:e8:6d:98:57:6c:06:4e:db:
         96:43:eb:82:58:66:30:e0:66:61:b3:5d:32:db:c3:d1:08:a8:
         fb:e3:d2:8e:ad:da:7c:f8:49:bd:77:57:44:2c:36:e8:8b:77:
         51:58:3c:48:aa:6e:d2:43:1b:d0:a1:f0:c2:fd:36:2b:65:f9:
         9c:af:1e:71:bc:f6:3c:8e:ef:9e:ff:60:f1:e1:79:56:26:60:
         27:b8:c4:da:81:c9:8c:22:a9:fc:f7:2b:b1:c6:11:dc:55:01:
         e4:ae:ac:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQshqZ45PiUkjkv184J3EQLB7qHcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDg1MTE3WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMzhiYWUyMGE1OGE5YWNkZDQxZjc4YTg5MTZiMGY1YjIw
ZWZmMjViNTE2YjQxZTdjYzBlZmM3YTRlMjA5ODVhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBGce3V0ovfmlvzL9iinjee2Z+OgqrY7t+VOeRuYg56OXk
+StSIBdI3598OHnn2jj37ZBaRwVZUn10vMMN5Uaf3q3f5U2SXWaTuRF4Qni4+WL4
bdZXUFex29caPdA6tz5PSavx7w7QmNBiblj7l3OY2CrAIbHSIvdB6PCj4J5u/WKM
7qxaMYpy+VVeaNdLlI+mIeK0Lr/Q2Y7PqXaYURmb473fSWADkvuv5t6X8vGquPHt
1xj6KM/Me6mFBjk4dzVsRFlOey1XHB07oRWzruPtkkwBjALuCKMvCFx6gGq5eCTx
rgIr2+Hd3GZ7mly1xAPsvxDFAbNiRKt/Tca2axqHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsGnaiddDkopqRs3kjN9817CgTEYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I3YTg0OTRiLWI1NTktNDg5Mi04YjAyLTU3ZGU3NzE4ZWU5My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN4/swDQYJKoZIhvcNAQELBQADggEBAK1xC/w4mf+F3Ss76e86zjYmhbKt
+fGy8hesw8Kx9yC/dIVaCvuTDiIdWsam9W5GeDxzOXPV3ZOVhOLb9zyX+zkCMkCB
huArrDpn9Wcvg+HoCSiJD+sXtrCA0KtvTZASuAQzrKwkQnOq5gMGSTLI14piamJv
/4Ev7u9ocebqtTX0W09utSEONwgZKD/D0bj20yWGu5tjEp4Al7LobZhXbAZO25ZD
64JYZjDgZmGzXTLbw9EIqPvj0o6t2nz4Sb13V0QsNuiLd1FYPEiqbtJDG9Ch8ML9
Nitl+ZyvHnG89jyO757/YPHheVYmYCe4xNqByYwiqfz3K7HGEdxVAeSurE4=
-----END CERTIFICATE-----