Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bb35780d-467c-4bcd-b671-ea81b652ed28.roa
File:                     bb35780d-467c-4bcd-b671-ea81b652ed28.roa (raw, json)
Hash identifier:          CSkAifQ04r0NuVj18GuZMKXGWXDSM9KyAfHdRKU2k2M=
Subject key identifier:   6D:32:E1:4B:1E:DF:3F:BA:49:5D:86:A5:0C:3D:47:90:6F:5F:CA:1D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1B6FEDE3509F67AA77B6CAB994A8E28CFB9759D2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bb35780d-467c-4bcd-b671-ea81b652ed28.roa
Signing time:             Sun 19 Oct 2025 08:21:12 +0000
ROA not before:           Sun 19 Oct 2025 08:21:12 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.33.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:6f:ed:e3:50:9f:67:aa:77:b6:ca:b9:94:a8:e2:8c:fb:97:59:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 08:21:12 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=649971e6797e5e8e55d73dcf4c0939765d0c1b4b7cff6884937046233a8b3cc3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3a:42:44:7f:98:e9:e2:33:85:9c:45:e4:bc:
                    cf:0b:a6:b3:52:30:9c:64:28:ab:92:fe:a2:84:fa:
                    24:12:11:02:bd:3b:dd:ef:6b:9a:16:ba:e8:c7:94:
                    86:06:4b:c4:31:a5:33:60:17:55:8c:b0:cf:a9:7f:
                    b8:e8:43:96:0d:cd:1d:ea:5d:7d:3b:a6:fd:e9:95:
                    af:d5:ce:50:9a:67:d8:67:dc:c2:6d:1d:f8:76:6d:
                    e2:42:67:fc:d3:9c:3f:09:21:6a:12:c7:fb:49:5e:
                    69:f8:d9:9e:33:6b:ad:cc:bc:a4:c7:b1:fb:92:7e:
                    ee:ff:a3:9f:7e:1b:e4:0b:0b:40:15:b0:aa:81:94:
                    08:55:16:e5:af:e6:63:ac:35:c6:ef:8a:3e:29:64:
                    09:a7:27:ae:5d:50:e8:8d:8e:24:86:a7:df:f5:f1:
                    35:8a:bf:77:3f:89:d7:77:7d:51:29:17:f6:e2:c7:
                    72:d6:fe:bd:b4:52:85:3e:5d:d0:1e:e0:fe:fa:e3:
                    6a:80:32:c1:57:ce:b6:3a:fd:95:34:88:e7:15:dc:
                    a4:59:fc:5a:aa:b2:51:14:34:72:5d:ce:f1:9f:52:
                    d6:e0:89:6c:de:f2:ec:e0:5b:25:73:7a:03:eb:71:
                    4f:a8:e1:3c:21:9d:0c:c7:0b:04:73:99:a8:14:88:
                    cf:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:32:E1:4B:1E:DF:3F:BA:49:5D:86:A5:0C:3D:47:90:6F:5F:CA:1D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bb35780d-467c-4bcd-b671-ea81b652ed28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.33.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:ae:cb:cc:e5:c3:96:7a:75:e0:89:0d:cc:3b:cf:b7:c4:f0:
         be:6f:12:41:f1:9e:e4:d3:7d:dc:9f:bc:22:77:68:e4:ca:0a:
         4f:85:9d:9b:f9:12:60:24:ab:4e:e3:58:5a:c6:80:52:08:6d:
         3f:e3:a6:c0:0e:f9:7e:a3:df:c1:cb:86:c3:08:13:38:7f:af:
         99:99:0c:ef:91:04:cb:8c:37:bd:c6:df:d2:e9:f3:0a:35:10:
         ab:10:e1:75:03:30:0f:c7:4d:50:53:86:c8:46:02:f7:54:86:
         45:b2:c5:b4:f6:18:51:2e:25:ce:47:ed:ee:6b:b7:54:54:b3:
         ef:f1:26:f4:ef:3c:55:cb:55:26:65:97:01:5a:1a:2f:ea:6d:
         f9:13:d9:7d:56:cf:8b:77:8e:fb:e7:fe:6b:56:d4:3b:b5:b4:
         b1:a7:63:2e:48:10:21:7a:d2:36:81:6e:3e:0a:c5:49:c8:2e:
         94:b3:02:6d:8a:37:6f:ac:8d:48:9d:25:66:a4:ee:08:07:fe:
         ac:91:a6:87:c8:3f:23:20:b0:cd:8c:9c:9d:82:ea:f6:25:43:
         e1:21:41:8f:85:2d:23:b5:ee:79:bf:d4:c2:8f:bc:35:91:17:
         9b:47:c9:8d:d9:a8:44:18:9b:67:58:7a:25:c1:7a:1f:e1:a4:
         cd:e8:1e:18
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG2/t41CfZ6p3tsq5lKjijPuXWdIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDgyMTEyWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NDk5NzFlNjc5N2U1ZThlNTVkNzNkY2Y0YzA5Mzk3NjVk
MGMxYjRiN2NmZjY4ODQ5MzcwNDYyMzNhOGIzY2MzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+OkJEf5jp4jOFnEXkvM8LprNSMJxkKKuS/qKE+iQSEQK9
O93va5oWuujHlIYGS8QxpTNgF1WMsM+pf7joQ5YNzR3qXX07pv3pla/VzlCaZ9hn
3MJtHfh2beJCZ/zTnD8JIWoSx/tJXmn42Z4za63MvKTHsfuSfu7/o59+G+QLC0AV
sKqBlAhVFuWv5mOsNcbvij4pZAmnJ65dUOiNjiSGp9/18TWKv3c/idd3fVEpF/bi
x3LW/r20UoU+XdAe4P7642qAMsFXzrY6/ZU0iOcV3KRZ/FqqslEUNHJdzvGfUtbg
iWze8uzgWyVzegPrcU+o4TwhnQzHCwRzmagUiM+3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbTLhSx7fP7pJXYalDD1HkG9fyh0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JiMzU3ODBkLTQ2N2MtNGJjZC1iNjcxLWVhODFiNjUyZWQyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANIXQwDQYJKoZIhvcNAQELBQADggEBAJiuy8zlw5Z6deCJDcw7z7fE8L5v
EkHxnuTTfdyfvCJ3aOTKCk+FnZv5EmAkq07jWFrGgFIIbT/jpsAO+X6j38HLhsMI
Ezh/r5mZDO+RBMuMN73G39Lp8wo1EKsQ4XUDMA/HTVBThshGAvdUhkWyxbT2GFEu
Jc5H7e5rt1RUs+/xJvTvPFXLVSZllwFaGi/qbfkT2X1Wz4t3jvvn/mtW1Du1tLGn
Yy5IECF60jaBbj4KxUnILpSzAm2KN2+sjUidJWak7ggH/qyRpofIPyMgsM2MnJ2C
6vYlQ+EhQY+FLSO17nm/1MKPvDWRF5tHyY3ZqEQYm2dYeiXBeh/hpM3oHhg=
-----END CERTIFICATE-----