Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f8cef692-e55a-4409-9d81-586d88b2e397.roa
File:                     f8cef692-e55a-4409-9d81-586d88b2e397.roa (raw, json)
Hash identifier:          3/SS2irLvVB1+TfxwCiL0sW/CHSBAqeK3bbk+yaNNk8=
Subject key identifier:   46:84:7F:68:20:64:D0:0E:28:5C:86:9B:52:F6:38:04:33:23:D8:1C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       647C5F1EC9BC7FB35764C33D26A165ADD548C34A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f8cef692-e55a-4409-9d81-586d88b2e397.roa
Signing time:             Sat 18 Oct 2025 06:12:17 +0000
ROA not before:           Sat 18 Oct 2025 06:12:17 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.249.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:7c:5f:1e:c9:bc:7f:b3:57:64:c3:3d:26:a1:65:ad:d5:48:c3:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 06:12:17 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=1a2c91f0a8dddf05d4986a500b92e6db0667d4971def5c913854b4311d2e0eb7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d5:3e:b6:09:6c:9a:01:6e:d6:35:56:a6:27:
                    a9:a4:c7:e8:b8:90:ef:4e:24:c7:97:83:2a:6f:6c:
                    4b:28:7b:46:b0:d4:6f:51:05:c7:ec:8e:f9:7e:21:
                    26:d1:4c:1c:0c:85:c9:45:93:a5:09:a8:ad:82:32:
                    35:f3:88:74:6b:ea:f5:ba:b4:29:23:89:fa:47:aa:
                    ce:28:c1:73:9c:60:77:0e:2c:33:04:f6:ea:79:98:
                    c4:22:e7:0f:2a:4d:33:37:19:fc:ef:59:03:f8:4a:
                    2e:10:64:eb:c3:e0:be:f6:c6:b0:43:22:27:b4:29:
                    32:7f:46:8e:f3:95:8f:b4:0e:cc:79:ad:48:c2:c4:
                    f3:94:f5:38:98:ce:fe:03:7f:20:5e:61:9c:1e:a8:
                    2e:d1:39:a6:fc:be:8c:22:6e:0e:fc:42:82:e9:92:
                    19:be:bf:1e:7e:46:26:3c:e2:b5:46:70:29:b6:2d:
                    62:20:6c:82:ca:20:9f:9c:e5:6a:6f:7f:b8:42:b0:
                    e2:23:4d:a8:1c:0f:a8:85:2b:5a:dd:bb:5e:40:2e:
                    4c:54:7c:e7:31:b0:79:fb:ef:f9:b8:19:c0:c1:5e:
                    76:57:14:4f:0c:3b:25:ee:b8:03:38:52:2d:1e:1a:
                    00:98:a5:36:eb:7f:35:fb:6c:00:30:c4:28:4d:8c:
                    e5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:84:7F:68:20:64:D0:0E:28:5C:86:9B:52:F6:38:04:33:23:D8:1C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f8cef692-e55a-4409-9d81-586d88b2e397.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.249.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:85:42:f4:e5:55:ec:3b:e7:52:e3:6a:a7:47:86:d0:5e:0b:
         0e:a6:01:73:5a:96:ca:86:f8:28:72:b5:96:7b:d4:bd:7f:93:
         c3:25:aa:c7:ee:cc:b9:90:38:12:5c:ee:28:14:8c:0d:74:10:
         8e:3f:ea:51:77:f2:0d:a2:eb:7d:51:34:ce:b5:e1:6a:71:31:
         d3:93:2d:9d:13:bb:31:09:09:8a:07:a0:11:9e:64:cc:f0:da:
         2d:32:09:ca:c9:22:13:93:2b:ee:ba:c5:c6:6b:43:8f:04:a2:
         00:e4:42:00:2a:64:db:4f:f2:ee:5d:e1:ed:c9:29:f5:8c:89:
         9c:28:03:ad:c7:7c:6b:ba:83:9d:73:8b:be:0d:1a:05:fc:94:
         56:62:7e:dc:3d:a3:e4:96:8a:3c:78:21:9d:b5:65:ba:db:68:
         a0:41:43:be:6a:2d:35:dd:82:4c:d3:8d:8f:45:83:23:3e:b7:
         c1:37:d3:38:7f:ac:c2:96:d5:3e:27:81:14:50:93:b8:93:02:
         f1:3b:65:56:9c:f4:78:46:d5:81:56:0b:92:a6:9e:e5:84:0f:
         32:c9:98:1c:cf:7c:43:68:48:f2:d2:38:91:43:40:be:57:86:
         c2:10:12:fb:56:05:bb:a7:30:ad:d1:76:23:d9:0c:8d:e1:e6:
         61:de:7f:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZHxfHsm8f7NXZMM9JqFlrdVIw0owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDYxMjE3WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYTJjOTFmMGE4ZGRkZjA1ZDQ5ODZhNTAwYjkyZTZkYjA2
NjdkNDk3MWRlZjVjOTEzODU0YjQzMTFkMmUwZWI3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZ1T62CWyaAW7WNVamJ6mkx+i4kO9OJMeXgypvbEsoe0aw
1G9RBcfsjvl+ISbRTBwMhclFk6UJqK2CMjXziHRr6vW6tCkjifpHqs4owXOcYHcO
LDME9up5mMQi5w8qTTM3GfzvWQP4Si4QZOvD4L72xrBDIie0KTJ/Ro7zlY+0Dsx5
rUjCxPOU9TiYzv4DfyBeYZweqC7ROab8vowibg78QoLpkhm+vx5+RiY84rVGcCm2
LWIgbILKIJ+c5Wpvf7hCsOIjTagcD6iFK1rdu15ALkxUfOcxsHn77/m4GcDBXnZX
FE8MOyXuuAM4Ui0eGgCYpTbrfzX7bAAwxChNjOVvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURoR/aCBk0A4oXIabUvY4BDMj2BwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y4Y2VmNjkyLWU1NWEtNDQwOS05ZDgxLTU4NmQ4OGIyZTM5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN+fMwDQYJKoZIhvcNAQELBQADggEBAESFQvTlVew751LjaqdHhtBeCw6m
AXNalsqG+ChytZZ71L1/k8MlqsfuzLmQOBJc7igUjA10EI4/6lF38g2i631RNM61
4WpxMdOTLZ0TuzEJCYoHoBGeZMzw2i0yCcrJIhOTK+66xcZrQ48EogDkQgAqZNtP
8u5d4e3JKfWMiZwoA63HfGu6g51zi74NGgX8lFZiftw9o+SWijx4IZ21ZbrbaKBB
Q75qLTXdgkzTjY9FgyM+t8E30zh/rMKW1T4ngRRQk7iTAvE7ZVac9HhG1YFWC5Km
nuWEDzLJmBzPfENoSPLSOJFDQL5XhsIQEvtWBbunMK3RdiPZDI3h5mHef9E=
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:12:01 2025 by rpki-client