Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/591d659e-61c5-42c8-876e-4dd35852d25a.roa
File:                     591d659e-61c5-42c8-876e-4dd35852d25a.roa (raw, json)
Hash identifier:          V8GvQDwFRmlkUUf8MxxERjr6MVb0pN7fIRLujW5UOHg=
Subject key identifier:   D6:0D:39:50:B0:D7:22:D2:2E:FE:7B:E8:0B:DE:BD:62:18:FE:7F:1F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3998E363640CDDB7B4E21091ED284380D8D23912
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/591d659e-61c5-42c8-876e-4dd35852d25a.roa
Signing time:             Tue 22 Jul 2025 15:00:33 +0000
ROA not before:           Tue 22 Jul 2025 15:00:33 +0000
ROA not after:            Tue 26 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.208.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:98:e3:63:64:0c:dd:b7:b4:e2:10:91:ed:28:43:80:d8:d2:39:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 22 15:00:33 2025 GMT
            Not After : Aug 26 23:59:59 2025 GMT
        Subject: serialNumber=55fcd0ca2b0a3ae734137dac828b249c6b01afc71f06400cfa5e8ec5adc8acf4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8c:16:07:f0:60:e1:31:53:df:9f:dd:2e:58:
                    2d:ea:05:a8:50:8f:b9:e2:75:bf:ad:ed:82:e1:2b:
                    dc:bf:8d:44:a8:a3:e5:bc:e8:61:87:18:9d:eb:71:
                    7e:43:f2:98:da:45:7f:0d:6e:5e:b5:89:c2:8a:a4:
                    93:4d:81:9d:06:15:6a:45:62:81:a2:b4:08:96:74:
                    5a:b1:17:1c:c7:27:65:8d:d8:f2:be:29:b3:db:b4:
                    13:88:a8:89:2e:bd:58:c1:f5:b2:17:d4:76:e8:23:
                    41:d0:58:42:5f:e8:9f:88:f2:e9:7a:8f:d0:cd:ae:
                    80:5e:8e:e3:df:88:05:06:eb:46:19:13:84:55:8b:
                    67:ff:d3:1f:d7:bb:e4:50:19:2e:d4:b2:f2:3a:48:
                    7e:39:36:8c:3f:98:82:0a:5d:7a:d2:2e:0e:b4:25:
                    3e:25:f8:3e:3d:67:30:c1:47:73:a4:df:0b:cc:54:
                    f9:9a:d2:bf:3b:1f:c0:b4:31:02:0e:1c:8b:9c:37:
                    f8:85:b2:1f:32:94:4a:7d:17:06:db:12:9a:2a:29:
                    8f:34:2e:cb:41:4e:94:17:f1:39:cd:d6:03:f3:03:
                    b0:c5:7b:49:5c:f0:ad:90:ac:23:1d:d2:d5:54:b5:
                    26:eb:48:85:84:ae:cb:23:f1:fc:d0:72:43:24:e3:
                    f8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:0D:39:50:B0:D7:22:D2:2E:FE:7B:E8:0B:DE:BD:62:18:FE:7F:1F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/591d659e-61c5-42c8-876e-4dd35852d25a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.208.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         3c:41:a1:f4:3d:43:1c:ce:cd:ba:7e:8a:a7:9e:a5:0e:d9:2a:
         f7:c4:7c:6a:bd:a9:33:ab:22:c1:29:d2:2f:9b:25:6c:74:b1:
         2f:f4:a6:8b:f6:55:48:cb:88:30:db:4e:14:79:59:9c:d9:1d:
         d4:ad:21:0e:3c:31:11:38:77:d3:5c:f0:57:67:2f:ea:da:d3:
         2e:40:59:46:cb:23:9f:d8:b9:0a:db:e7:5f:6d:49:89:80:49:
         25:db:3c:ec:cc:44:8f:92:9b:37:04:f0:34:dd:2d:67:b6:88:
         cf:04:b4:9c:1d:31:4e:50:ec:ef:c7:22:33:f9:f2:75:cf:c2:
         4a:23:b5:c1:fd:95:7b:e5:2e:d4:8c:50:e7:56:12:fa:c9:8e:
         4c:05:de:d1:4c:d2:bb:df:00:d0:5f:a6:6a:27:73:fb:a2:b5:
         be:6f:e1:b5:f3:69:41:f4:88:2c:98:dc:13:b0:d5:94:f9:86:
         f8:bc:9d:2d:77:d0:a3:1c:db:21:6d:fb:a7:ba:64:b2:81:49:
         94:cf:0c:3f:06:f1:ea:c5:46:3f:11:f2:b6:7b:cf:61:b2:b2:
         26:83:ce:7b:ff:b2:45:18:87:a5:4a:f8:21:1f:b0:ad:da:10:
         57:98:24:be:3f:85:63:5b:76:35:d4:8a:70:7a:ed:18:54:b6:
         7f:4c:46:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOZjjY2QM3be04hCR7ShDgNjSORIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzIyMTUwMDMzWhcNMjUwODI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NWZjZDBjYTJiMGEzYWU3MzQxMzdkYWM4MjhiMjQ5YzZi
MDFhZmM3MWYwNjQwMGNmYTVlOGVjNWFkYzhhY2Y0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfjBYH8GDhMVPfn90uWC3qBahQj7nidb+t7YLhK9y/jUSo
o+W86GGHGJ3rcX5D8pjaRX8Nbl61icKKpJNNgZ0GFWpFYoGitAiWdFqxFxzHJ2WN
2PK+KbPbtBOIqIkuvVjB9bIX1HboI0HQWEJf6J+I8ul6j9DNroBejuPfiAUG60YZ
E4RVi2f/0x/Xu+RQGS7UsvI6SH45Now/mIIKXXrSLg60JT4l+D49ZzDBR3Ok3wvM
VPma0r87H8C0MQIOHIucN/iFsh8ylEp9FwbbEpoqKY80LstBTpQX8TnN1gPzA7DF
e0lc8K2QrCMd0tVUtSbrSIWErssj8fzQckMk4/jvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1g05ULDXItIu/nvoC969Yhj+fx8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU5MWQ2NTllLTYxYzUtNDJjOC04NzZlLTRkZDM1ODUyZDI1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcN0IAwDQYJKoZIhvcNAQELBQADggEBADxBofQ9QxzOzbp+iqeepQ7ZKvfE
fGq9qTOrIsEp0i+bJWx0sS/0pov2VUjLiDDbThR5WZzZHdStIQ48MRE4d9Nc8Fdn
L+ra0y5AWUbLI5/YuQrb519tSYmASSXbPOzMRI+SmzcE8DTdLWe2iM8EtJwdMU5Q
7O/HIjP58nXPwkojtcH9lXvlLtSMUOdWEvrJjkwF3tFM0rvfANBfpmonc/uitb5v
4bXzaUH0iCyY3BOw1ZT5hvi8nS130KMc2yFt+6e6ZLKBSZTPDD8G8erFRj8R8rZ7
z2GysiaDznv/skUYh6VK+CEfsK3aEFeYJL4/hWNbdjXUinB67RhUtn9MRoM=
-----END CERTIFICATE-----