Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bb161423-b932-47a0-a7be-e410babd7735.roa
File:                     bb161423-b932-47a0-a7be-e410babd7735.roa (raw, json)
Hash identifier:          Jjkwwl+ATGTKBBspOOAjKL8hcTSbQ5g3aqZlJdy3/rw=
Subject key identifier:   32:48:F4:BA:D2:3B:02:5D:BB:CA:8D:F7:DE:F2:E8:35:C4:D3:9D:96
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4042E8C8B4A16EF4EC1710FF264C13D0ADBE8022
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bb161423-b932-47a0-a7be-e410babd7735.roa
Signing time:             Sun 19 Oct 2025 23:50:05 +0000
ROA not before:           Sun 19 Oct 2025 23:50:05 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.226.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:42:e8:c8:b4:a1:6e:f4:ec:17:10:ff:26:4c:13:d0:ad:be:80:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 23:50:05 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=c34f4c94af659d563908260ce26df99bc28767973bc056b25e6a9bd9c6971dbe, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bf:27:cb:18:f1:a6:4a:2e:c6:5d:3e:5a:79:
                    60:0d:b3:71:e6:01:29:9d:46:88:ed:d3:da:de:fb:
                    e9:04:1b:b6:ac:03:1c:3c:f8:66:33:20:14:14:f4:
                    cb:25:83:37:bf:58:a6:2d:94:7b:fa:61:8b:0d:f9:
                    c8:e3:4f:77:c2:79:56:1d:d0:5e:da:1c:ef:4a:6a:
                    5c:4d:59:6a:c5:07:c5:70:58:c1:a3:85:5d:b2:1c:
                    7e:62:95:67:fb:99:6d:c8:63:94:17:06:2c:93:84:
                    c1:63:dd:b1:04:f5:24:dd:4c:d8:e9:3c:09:2a:84:
                    d0:89:af:7f:01:c4:9d:01:e5:28:43:7a:96:e8:40:
                    96:05:93:8c:28:d1:7e:fc:90:fc:3f:cc:fb:45:0e:
                    4a:b5:00:27:05:18:9c:c3:fb:60:30:2a:bd:a7:f3:
                    04:16:12:01:ca:02:d0:18:c7:9e:01:be:d8:b6:3e:
                    c0:b3:a6:d2:9a:68:72:4f:35:00:cc:de:3c:b2:2a:
                    7b:9e:88:90:6f:33:52:b2:12:cc:f0:db:78:69:11:
                    72:d2:53:7a:57:b2:92:57:77:2e:3e:88:f6:64:80:
                    9d:28:d8:fc:7f:78:1b:35:18:ea:82:16:54:75:06:
                    fc:42:4d:cb:57:69:c0:3f:2d:e0:08:b7:40:c7:bb:
                    27:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:48:F4:BA:D2:3B:02:5D:BB:CA:8D:F7:DE:F2:E8:35:C4:D3:9D:96
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bb161423-b932-47a0-a7be-e410babd7735.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.226.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:58:1f:49:52:74:7b:17:84:90:49:3f:78:2a:64:b1:73:62:
         c7:bd:0d:dd:01:e9:5f:0d:e5:8f:ad:4e:be:95:a4:3a:d6:54:
         1d:d8:29:22:38:3f:d5:db:42:06:fd:a1:34:e0:c4:23:94:b4:
         10:81:cb:4d:b8:69:49:0d:d6:b3:28:7b:69:09:d1:09:2f:cf:
         0d:f2:84:a8:14:b5:98:57:83:31:6e:97:5d:1c:35:42:5f:a7:
         22:01:6d:54:dd:14:62:fd:70:b3:0f:aa:1c:25:58:3c:d7:54:
         09:29:ec:56:95:87:df:bb:f9:f5:e0:7d:7d:fc:5c:3c:75:ed:
         6e:04:78:fc:9c:7c:14:f8:98:cd:b6:99:28:f9:33:58:26:0a:
         bb:dd:ea:3a:e6:1a:db:bb:b1:bc:be:22:5f:18:2c:1f:26:f1:
         ce:3f:82:6d:6e:65:f0:54:a1:2f:c1:21:48:76:d8:54:a0:7a:
         ef:22:7a:eb:c9:ec:de:66:d2:f0:0c:33:0b:4f:f7:9a:a4:e5:
         87:d1:4c:e2:46:ef:60:96:67:0d:1c:04:f0:12:b2:2b:49:ed:
         be:a4:94:e9:74:03:71:c7:0d:51:cc:33:5b:5d:70:f2:0f:e2:
         86:bf:53:3d:db:89:26:1f:9b:8a:2e:0f:ad:d1:95:83:93:f1:
         8b:ea:d9:a6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQELoyLShbvTsFxD/JkwT0K2+gCIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjM1MDA1WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMzRmNGM5NGFmNjU5ZDU2MzkwODI2MGNlMjZkZjk5YmMy
ODc2Nzk3M2JjMDU2YjI1ZTZhOWJkOWM2OTcxZGJlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1vyfLGPGmSi7GXT5aeWANs3HmASmdRojt09re++kEG7as
Axw8+GYzIBQU9Mslgze/WKYtlHv6YYsN+cjjT3fCeVYd0F7aHO9KalxNWWrFB8Vw
WMGjhV2yHH5ilWf7mW3IY5QXBiyThMFj3bEE9STdTNjpPAkqhNCJr38BxJ0B5ShD
epboQJYFk4wo0X78kPw/zPtFDkq1ACcFGJzD+2AwKr2n8wQWEgHKAtAYx54Bvti2
PsCzptKaaHJPNQDM3jyyKnueiJBvM1KyEszw23hpEXLSU3pXspJXdy4+iPZkgJ0o
2Px/eBs1GOqCFlR1BvxCTctXacA/LeAIt0DHuyeFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMkj0utI7Al27yo333vLoNcTTnZYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JiMTYxNDIzLWI5MzItNDdhMC1hN2JlLWU0MTBiYWJkNzczNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN4r4wDQYJKoZIhvcNAQELBQADggEBAIVYH0lSdHsXhJBJP3gqZLFzYse9
Dd0B6V8N5Y+tTr6VpDrWVB3YKSI4P9XbQgb9oTTgxCOUtBCBy024aUkN1rMoe2kJ
0Qkvzw3yhKgUtZhXgzFul10cNUJfpyIBbVTdFGL9cLMPqhwlWDzXVAkp7FaVh9+7
+fXgfX38XDx17W4EePycfBT4mM22mSj5M1gmCrvd6jrmGtu7sby+Il8YLB8m8c4/
gm1uZfBUoS/BIUh22FSgeu8ieuvJ7N5m0vAMMwtP95qk5YfRTOJG72CWZw0cBPAS
sitJ7b6klOl0A3HHDVHMM1tdcPIP4oa/Uz3biSYfm4ouD63RlYOT8Yvq2aY=
-----END CERTIFICATE-----