Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f2d5c2c7-70fa-4e37-b501-76cee3ee75ab.roa
File:                     f2d5c2c7-70fa-4e37-b501-76cee3ee75ab.roa (raw, json)
Hash identifier:          tIXilZj5MxPu+lpQW91gDyHRrDQhGhheSE/StLEt3Lo=
Subject key identifier:   0A:D9:28:68:23:47:88:74:EF:F6:1B:DA:90:90:F1:C0:B7:95:19:23
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       01B521270DCBFA49EB041F0BF4C236D348B44344
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f2d5c2c7-70fa-4e37-b501-76cee3ee75ab.roa
Signing time:             Sun 19 Oct 2025 18:02:23 +0000
ROA not before:           Sun 19 Oct 2025 18:02:23 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.226.36.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:b5:21:27:0d:cb:fa:49:eb:04:1f:0b:f4:c2:36:d3:48:b4:43:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 18:02:23 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=3244fc7079b159cccd81f8484d586c95bc160200b95420d8107bd85d3c64b849, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:be:65:de:be:40:80:8b:73:e4:e2:9c:30:ca:
                    2a:2c:ea:dc:04:91:67:5f:7d:29:6a:3c:e0:10:57:
                    1a:aa:b0:51:69:e5:12:0c:1c:2d:e3:d1:91:37:01:
                    48:a0:9c:3b:9a:0c:c5:c8:05:85:0a:87:15:6f:81:
                    a4:e1:f4:f3:6a:c6:b9:bc:55:6c:87:e3:c3:5f:b3:
                    d9:e2:0e:bc:80:a8:e7:df:38:a9:bb:b6:5d:06:05:
                    b6:66:54:d4:b5:b5:9e:a7:3f:62:04:bf:c6:04:97:
                    48:e6:ea:d5:e5:dd:43:a0:a1:86:f8:d8:53:83:b4:
                    8f:30:1b:82:49:e1:98:a4:f1:c3:f9:5c:99:98:56:
                    34:af:8b:dd:c6:4c:a5:f0:9c:48:4d:b0:f2:ca:1a:
                    06:c4:08:2d:f2:04:76:eb:70:ad:c5:a7:60:3e:42:
                    74:c2:75:39:48:4b:07:dc:ce:73:db:b4:10:5b:6b:
                    65:61:e6:14:1d:05:b3:92:57:3c:67:e4:6c:da:3d:
                    26:49:a6:e0:3f:8f:84:26:58:cb:5c:f7:52:db:69:
                    bc:84:66:74:24:24:6e:13:88:52:fc:41:a3:9e:0d:
                    49:4f:81:01:f4:d8:7c:ae:b7:bd:b9:46:31:b7:88:
                    19:35:94:05:2e:9d:d4:12:8b:41:92:b3:d8:1a:61:
                    44:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:D9:28:68:23:47:88:74:EF:F6:1B:DA:90:90:F1:C0:B7:95:19:23
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f2d5c2c7-70fa-4e37-b501-76cee3ee75ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.226.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:2b:d4:8b:c7:fd:1b:9a:06:a9:7d:fd:26:77:1b:bc:e7:86:
         6d:6a:f4:ae:2b:d3:ec:48:63:62:5c:f3:0e:e8:0b:19:58:0d:
         3d:a3:d1:20:d2:bb:db:1b:66:07:e8:58:49:c7:e3:40:71:a7:
         74:a9:7e:eb:e6:e5:04:4a:76:b9:8b:96:46:5f:28:cb:ac:22:
         a9:5a:00:b8:2f:49:94:26:84:35:94:83:9d:5d:29:da:3d:ea:
         a5:61:74:ea:2b:9a:55:2a:95:26:b0:d1:96:6b:2c:4f:c9:71:
         25:bb:e6:3e:01:39:32:03:25:d4:27:a0:c4:c0:ad:f0:c4:bb:
         fa:af:05:77:f7:50:60:09:44:b8:07:d4:cb:50:06:e7:9d:99:
         a0:e7:35:8d:d0:f1:77:7f:b5:ea:fe:fe:aa:8e:2e:de:35:95:
         d1:0e:30:d4:83:3e:f3:ee:83:65:7b:eb:1e:d1:32:b2:72:72:
         6e:cd:3a:db:6f:28:7e:17:66:d0:2d:4d:4e:d1:4d:9a:da:3e:
         bd:13:15:05:82:65:51:ac:86:9f:e2:31:59:fc:2c:52:52:92:
         e7:eb:6f:bd:12:28:e0:66:f1:b9:bc:37:c0:d3:c1:62:f6:94:
         6b:a1:c9:c8:f4:d7:a6:9b:ed:64:18:3e:89:e2:c8:00:6c:c5:
         77:49:7f:d9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAbUhJw3L+knrBB8L9MI200i0Q0QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTgwMjIzWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjQ0ZmM3MDc5YjE1OWNjY2Q4MWY4NDg0ZDU4NmM5NWJj
MTYwMjAwYjk1NDIwZDgxMDdiZDg1ZDNjNjRiODQ5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7vmXevkCAi3Pk4pwwyios6twEkWdffSlqPOAQVxqqsFFp
5RIMHC3j0ZE3AUignDuaDMXIBYUKhxVvgaTh9PNqxrm8VWyH48Nfs9niDryAqOff
OKm7tl0GBbZmVNS1tZ6nP2IEv8YEl0jm6tXl3UOgoYb42FODtI8wG4JJ4Zik8cP5
XJmYVjSvi93GTKXwnEhNsPLKGgbECC3yBHbrcK3Fp2A+QnTCdTlISwfcznPbtBBb
a2Vh5hQdBbOSVzxn5GzaPSZJpuA/j4QmWMtc91LbabyEZnQkJG4TiFL8QaOeDUlP
gQH02Hyut725RjG3iBk1lAUundQSi0GSs9gaYUR/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCtkoaCNHiHTv9hvakJDxwLeVGSMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YyZDVjMmM3LTcwZmEtNGUzNy1iNTAxLTc2Y2VlM2VlNzVhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIN4iQwDQYJKoZIhvcNAQELBQADggEBAAgr1IvH/RuaBql9/SZ3G7znhm1q
9K4r0+xIY2Jc8w7oCxlYDT2j0SDSu9sbZgfoWEnH40Bxp3Spfuvm5QRKdrmLlkZf
KMusIqlaALgvSZQmhDWUg51dKdo96qVhdOormlUqlSaw0ZZrLE/JcSW75j4BOTID
JdQnoMTArfDEu/qvBXf3UGAJRLgH1MtQBuedmaDnNY3Q8Xd/ter+/qqOLt41ldEO
MNSDPvPug2V76x7RMrJycm7NOttvKH4XZtAtTU7RTZraPr0TFQWCZVGshp/iMVn8
LFJSkufrb70SKOBm8bm8N8DTwWL2lGuhycj016ab7WQYPoniyABsxXdJf9k=
-----END CERTIFICATE-----