Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f4dff309-f120-4c74-acfb-c8113e478a9e.roa
File:                     f4dff309-f120-4c74-acfb-c8113e478a9e.roa (raw, json)
Hash identifier:          UBMVgTek0ss0VaVcOHvLgNp8+RRDCYpNqcKF4roRl4Q=
Subject key identifier:   3D:10:F3:20:4B:59:A7:1E:8F:F6:47:D8:25:8D:5D:C2:D8:39:19:04
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       36940896B4E93FAC142E5236E5C94E5AE1E5360F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f4dff309-f120-4c74-acfb-c8113e478a9e.roa
Signing time:             Sun 19 Oct 2025 17:51:17 +0000
ROA not before:           Sun 19 Oct 2025 17:51:17 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.33.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:94:08:96:b4:e9:3f:ac:14:2e:52:36:e5:c9:4e:5a:e1:e5:36:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 17:51:17 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=3361f16de0583bfd91bfdeeab5fefb9e8362c4ece1203ebbfc388d38c7910b49, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ef:c5:29:e6:4a:10:49:6c:2b:f3:b5:f6:34:
                    fc:8d:f9:a6:90:99:f2:f8:9a:eb:5f:5d:01:96:51:
                    65:16:5a:ce:f6:a6:e2:59:2c:ab:c7:6a:ed:3e:c4:
                    2a:50:02:dc:ab:38:2e:0f:80:fa:24:34:13:9e:b7:
                    be:f6:f3:18:6f:b0:22:a9:2f:75:df:1c:88:36:25:
                    47:c9:13:77:f8:6a:d5:9d:03:b8:7b:36:45:25:d6:
                    ff:69:92:0c:11:09:47:86:94:ea:24:85:74:32:f9:
                    e0:ee:b7:c1:1b:34:18:7c:68:ef:c5:1d:c2:8a:92:
                    ac:66:49:ae:19:09:82:21:f3:52:94:aa:73:db:bc:
                    9b:92:ee:7d:a8:2f:95:b9:4f:3b:01:cc:4c:0b:4e:
                    6c:bc:30:90:ed:cc:5c:2c:23:2c:b6:eb:c9:6f:0d:
                    64:6b:2f:10:a8:e7:9c:90:ed:09:0a:b3:e8:bb:17:
                    ec:e8:37:60:66:fb:41:ef:d2:58:c8:32:cc:96:d2:
                    fb:0f:14:a0:07:eb:9c:8a:96:86:21:c3:d0:67:82:
                    89:91:6d:6f:3f:00:e3:31:54:a1:3b:ff:05:f5:b1:
                    4e:1a:57:03:42:c3:f0:27:7e:8c:fa:c1:84:ee:f6:
                    37:98:98:52:a6:cd:ec:44:fc:32:a6:42:78:b6:07:
                    87:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:10:F3:20:4B:59:A7:1E:8F:F6:47:D8:25:8D:5D:C2:D8:39:19:04
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f4dff309-f120-4c74-acfb-c8113e478a9e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.33.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:02:06:bc:e9:5b:5b:b3:08:7a:6d:7b:87:56:d9:8c:23:29:
         76:fa:32:db:d8:28:40:f1:a7:25:73:6e:d5:e8:3a:a1:52:56:
         9c:37:a7:ec:a6:26:f6:e5:db:bc:46:4b:4b:27:f8:5a:ad:cc:
         be:6d:d4:06:e8:ce:ea:b8:b5:06:4d:41:c1:d7:d9:73:36:c3:
         66:9f:27:02:47:6d:1e:ed:fc:ae:45:41:45:d0:7d:aa:72:a2:
         67:7f:6c:45:83:b8:db:d6:77:8d:29:d2:65:dd:06:a3:f7:19:
         b7:3f:76:9f:cd:36:e1:37:ce:f6:64:9e:d5:ad:fa:00:bf:7f:
         68:f0:67:6d:82:34:e1:66:21:f3:c0:95:04:69:66:25:55:d2:
         97:c1:6d:55:c9:9a:3c:42:ff:b0:c7:92:fc:84:9d:24:bf:31:
         8c:52:b1:d3:ca:23:b4:1d:4f:ba:fe:34:2e:6c:7e:15:bd:a0:
         a7:08:27:10:ce:48:8e:e3:32:20:cd:f2:93:05:26:9c:d3:f3:
         af:08:78:8d:d0:f5:c4:9d:79:40:63:0b:66:08:f1:4f:5c:c5:
         9e:a7:64:5d:98:3a:15:fb:c5:72:20:73:e3:76:cd:9d:13:ce:
         19:46:43:d7:66:99:72:02:b7:01:02:ed:59:73:68:7f:b1:15:
         4e:e2:3b:68
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNpQIlrTpP6wULlI25clOWuHlNg8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTc1MTE3WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMzYxZjE2ZGUwNTgzYmZkOTFiZmRlZWFiNWZlZmI5ZTgz
NjJjNGVjZTEyMDNlYmJmYzM4OGQzOGM3OTEwYjQ5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC278Up5koQSWwr87X2NPyN+aaQmfL4mutfXQGWUWUWWs72
puJZLKvHau0+xCpQAtyrOC4PgPokNBOet7728xhvsCKpL3XfHIg2JUfJE3f4atWd
A7h7NkUl1v9pkgwRCUeGlOokhXQy+eDut8EbNBh8aO/FHcKKkqxmSa4ZCYIh81KU
qnPbvJuS7n2oL5W5TzsBzEwLTmy8MJDtzFwsIyy268lvDWRrLxCo55yQ7QkKs+i7
F+zoN2Bm+0Hv0ljIMsyW0vsPFKAH65yKloYhw9BngomRbW8/AOMxVKE7/wX1sU4a
VwNCw/Anfoz6wYTu9jeYmFKmzexE/DKmQni2B4dzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPRDzIEtZpx6P9kfYJY1dwtg5GQQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y0ZGZmMzA5LWYxMjAtNGM3NC1hY2ZiLWM4MTEzZTQ3OGE5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANITowDQYJKoZIhvcNAQELBQADggEBAKkCBrzpW1uzCHpte4dW2YwjKXb6
MtvYKEDxpyVzbtXoOqFSVpw3p+ymJvbl27xGS0sn+FqtzL5t1Abozuq4tQZNQcHX
2XM2w2afJwJHbR7t/K5FQUXQfapyomd/bEWDuNvWd40p0mXdBqP3Gbc/dp/NNuE3
zvZkntWt+gC/f2jwZ22CNOFmIfPAlQRpZiVV0pfBbVXJmjxC/7DHkvyEnSS/MYxS
sdPKI7QdT7r+NC5sfhW9oKcIJxDOSI7jMiDN8pMFJpzT868IeI3Q9cSdeUBjC2YI
8U9cxZ6nZF2YOhX7xXIgc+N2zZ0TzhlGQ9dmmXICtwEC7VlzaH+xFU7iO2g=
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:56:43 2025 by rpki-client