Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f038d3a5-f576-4a65-a9ae-8dd0f582dfd7.roa
File:                     f038d3a5-f576-4a65-a9ae-8dd0f582dfd7.roa (raw, json)
Hash identifier:          g4szdUBPAgStZEjm2siRMdX/G3rhwF45svxqB9ahVMQ=
Subject key identifier:   64:D4:F7:BB:3E:99:05:84:29:46:A6:E9:EC:2B:43:8C:9A:B1:48:D0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28CD7BE2C95C51B7DA8D8F7E7AA289F7EC04FA34
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f038d3a5-f576-4a65-a9ae-8dd0f582dfd7.roa
Signing time:             Sun 19 Oct 2025 21:43:46 +0000
ROA not before:           Sun 19 Oct 2025 21:43:46 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.225.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:cd:7b:e2:c9:5c:51:b7:da:8d:8f:7e:7a:a2:89:f7:ec:04:fa:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 21:43:46 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=ad08d9bfa5e2db9256aa75fff699d4239f838690af16da0068976f08bac93196, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d5:d7:ee:e8:de:d5:1f:d3:6c:da:a4:43:35:
                    8b:cf:cc:0b:2d:57:c4:d2:f8:60:d6:12:c2:20:c0:
                    e9:86:4f:f7:24:10:bf:f7:3e:bc:4a:04:f5:6e:02:
                    44:a5:bc:95:60:55:12:0b:b6:80:bd:cf:fa:14:c6:
                    40:a5:22:11:ac:9c:58:92:a2:bc:7e:e4:a5:fa:2d:
                    f4:e8:ba:4f:30:d3:8e:f8:f8:7f:83:64:d6:aa:ee:
                    d0:bd:2e:42:d9:81:62:a9:41:e1:b4:d0:f6:f4:72:
                    56:80:a6:50:02:87:3e:48:29:f2:28:6f:7d:68:23:
                    6a:47:91:9a:45:db:fd:a9:07:09:19:96:e0:41:df:
                    fd:71:0f:6e:8e:69:39:79:d7:a3:13:3c:c5:4f:45:
                    34:c1:2b:ab:ce:14:31:d5:08:26:14:fd:56:fc:97:
                    8c:78:0f:5f:18:76:08:c4:d5:96:14:69:ae:37:d0:
                    47:fd:07:5c:14:f5:af:1a:f9:5a:24:d5:13:7d:ed:
                    ff:33:b5:c0:1a:2f:40:e9:80:08:47:7e:74:a4:6d:
                    ee:da:73:01:d0:37:67:9e:a7:67:65:73:4b:e6:72:
                    3b:dd:9a:63:a2:be:d4:37:ec:88:02:0d:f6:6a:ec:
                    80:04:d2:58:8f:81:f4:76:9a:35:6f:98:0f:4e:db:
                    90:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:D4:F7:BB:3E:99:05:84:29:46:A6:E9:EC:2B:43:8C:9A:B1:48:D0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f038d3a5-f576-4a65-a9ae-8dd0f582dfd7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.225.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         9b:10:2e:49:a4:73:e0:a0:2f:9f:24:cd:c4:c0:af:fc:6b:ef:
         b1:5b:6e:0f:b9:dc:17:b0:f5:4f:6c:1c:f1:5a:57:ed:df:df:
         de:12:b6:20:24:8b:14:8c:7d:c5:fb:11:46:0b:c1:f9:7e:c5:
         2b:de:35:7a:58:c2:2e:bc:c1:39:d4:87:b1:ba:d9:9c:cb:3a:
         8d:bd:e0:0e:e6:85:01:1c:a6:ad:e5:68:1f:fa:d6:f7:2c:02:
         07:53:a5:3d:1a:e9:38:94:cf:37:68:7e:ab:35:2b:18:57:5b:
         14:1f:b6:63:9b:4d:a7:fc:2e:f5:d7:3c:6a:63:77:58:0f:f7:
         fc:1d:c7:ac:6c:6a:89:de:17:6c:a3:9f:54:cb:bb:32:a6:92:
         ff:4f:a5:98:83:f2:db:b7:ff:c7:e5:e4:bd:6d:78:64:53:8d:
         35:a6:5e:c6:ce:87:e9:26:7c:73:04:be:53:36:03:b4:81:d9:
         c0:5a:29:9d:4d:ec:53:8e:66:b2:2e:c5:73:42:77:c9:c8:9a:
         bb:cc:43:11:3e:6d:44:7d:4e:0f:37:b4:6d:1f:39:eb:8e:8e:
         20:4f:b8:08:59:09:30:a1:bd:55:8d:cc:ba:20:d8:95:3a:df:
         50:bf:d5:b4:bc:b3:5a:71:f3:1f:e5:80:0b:42:8a:e7:2a:b0:
         5a:39:32:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKM174slcUbfajY9+eqKJ9+wE+jQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjE0MzQ2WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZDA4ZDliZmE1ZTJkYjkyNTZhYTc1ZmZmNjk5ZDQyMzlm
ODM4NjkwYWYxNmRhMDA2ODk3NmYwOGJhYzkzMTk2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCP1dfu6N7VH9Ns2qRDNYvPzAstV8TS+GDWEsIgwOmGT/ck
EL/3PrxKBPVuAkSlvJVgVRILtoC9z/oUxkClIhGsnFiSorx+5KX6LfTouk8w0474
+H+DZNaq7tC9LkLZgWKpQeG00Pb0claAplAChz5IKfIob31oI2pHkZpF2/2pBwkZ
luBB3/1xD26OaTl516MTPMVPRTTBK6vOFDHVCCYU/Vb8l4x4D18YdgjE1ZYUaa43
0Ef9B1wU9a8a+Vok1RN97f8ztcAaL0DpgAhHfnSkbe7acwHQN2eep2dlc0vmcjvd
mmOivtQ37IgCDfZq7IAE0liPgfR2mjVvmA9O25ARAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZNT3uz6ZBYQpRqbp7CtDjJqxSNAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YwMzhkM2E1LWY1NzYtNGE2NS1hOWFlLThkZDBmNTgyZGZkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUN4WAwDQYJKoZIhvcNAQELBQADggEBAJsQLkmkc+CgL58kzcTAr/xr77Fb
bg+53Bew9U9sHPFaV+3f394StiAkixSMfcX7EUYLwfl+xSveNXpYwi68wTnUh7G6
2ZzLOo294A7mhQEcpq3laB/61vcsAgdTpT0a6TiUzzdofqs1KxhXWxQftmObTaf8
LvXXPGpjd1gP9/wdx6xsaoneF2yjn1TLuzKmkv9PpZiD8tu3/8fl5L1teGRTjTWm
XsbOh+kmfHMEvlM2A7SB2cBaKZ1N7FOOZrIuxXNCd8nImrvMQxE+bUR9Tg83tG0f
OeuOjiBPuAhZCTChvVWNzLog2JU631C/1bS8s1px8x/lgAtCiucqsFo5MrQ=
-----END CERTIFICATE-----