Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/61767b62-5737-4db3-a965-04a50099f99d.roa
File:                     61767b62-5737-4db3-a965-04a50099f99d.roa (raw, json)
Hash identifier:          xP1nAPp3sLFD4baxDVwjEgQpFWUw8QNDSgcOQoK7faM=
Subject key identifier:   12:24:D6:F7:C9:8C:2E:5C:F5:42:C2:39:E2:C9:03:7A:7B:E0:08:21
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1B240536051BBB61FD9CB1CB0EB245FEE0EF2070
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/61767b62-5737-4db3-a965-04a50099f99d.roa
Signing time:             Fri 25 Jul 2025 15:01:37 +0000
ROA not before:           Fri 25 Jul 2025 15:01:37 +0000
ROA not after:            Fri 29 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.124.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:24:05:36:05:1b:bb:61:fd:9c:b1:cb:0e:b2:45:fe:e0:ef:20:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 25 15:01:37 2025 GMT
            Not After : Aug 29 23:59:59 2025 GMT
        Subject: serialNumber=3bb217f895a129d8cde25f7eda08e0e2789d2ce01189fbd0ac9cbc649601483e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:fd:61:a9:8c:03:92:34:c0:2c:d2:11:f5:4f:
                    5b:27:5c:a0:3b:06:e0:cd:21:89:2a:15:20:20:36:
                    73:92:33:e9:ca:49:be:ba:ea:25:c1:2c:cf:c1:a1:
                    bb:ab:2c:d4:02:33:86:17:e6:d0:b4:1b:37:b9:b7:
                    25:7e:ab:05:40:59:d3:63:67:b2:9a:24:20:95:d8:
                    73:bc:41:bb:42:27:f1:43:94:05:91:cb:49:e6:f3:
                    12:d3:a7:f7:b9:e9:6c:88:38:ad:c2:5f:00:be:cd:
                    54:52:90:75:7f:fb:f3:4e:78:88:4f:25:99:d2:ae:
                    8b:8d:06:d1:ea:93:66:cc:3f:07:bd:ee:e0:38:f5:
                    98:f0:aa:9f:a2:52:77:a5:b3:4b:3a:cd:1c:db:bc:
                    a1:3b:30:52:3f:4c:1c:da:60:60:c1:bc:26:1b:fb:
                    65:cd:8c:3a:b7:63:83:c3:31:61:83:a4:2b:49:1f:
                    ee:e2:68:52:f9:9f:87:ae:2a:d8:c4:d8:15:4d:ee:
                    ec:60:29:24:39:63:2d:19:94:76:79:be:38:a4:b9:
                    82:19:70:b9:db:9f:5f:5f:c7:93:77:cd:10:f5:e0:
                    91:0a:7e:e7:65:38:9b:61:f9:23:f6:7d:83:1f:d8:
                    df:97:65:1b:a3:48:9a:33:c0:b1:4b:59:05:e0:20:
                    0c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:24:D6:F7:C9:8C:2E:5C:F5:42:C2:39:E2:C9:03:7A:7B:E0:08:21
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/61767b62-5737-4db3-a965-04a50099f99d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.124.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         a9:32:14:1b:37:64:db:5e:92:20:8a:0c:45:d6:f5:53:0d:96:
         51:14:dc:c0:ce:a9:45:92:96:04:73:c2:14:25:9e:de:76:0a:
         d2:f7:d2:a1:46:ac:48:f7:ae:b4:d2:9b:3e:fd:c2:15:a8:af:
         ec:1b:bc:77:73:92:df:ad:92:95:2a:93:bb:0a:a8:35:f6:b9:
         79:17:8e:9a:7a:be:1d:8c:89:a1:ec:e2:cb:47:eb:38:50:59:
         ed:b5:04:a5:e9:c8:7c:c3:a4:e3:f5:32:54:a3:c7:0a:9f:dc:
         66:3e:4e:c5:88:4d:6d:4f:d9:ce:a1:89:8e:45:81:7c:3a:55:
         13:5e:9d:75:5a:5f:a4:45:82:6c:4e:9d:60:61:a8:aa:8e:ca:
         76:19:af:95:a1:ef:44:56:05:55:70:db:ee:43:c6:35:c1:c8:
         6d:a7:08:0f:b9:54:8f:9e:96:c0:0d:b2:8b:f4:b7:08:02:b5:
         fa:9c:e4:0c:6d:22:39:e2:c5:30:aa:01:55:e4:de:90:a3:fe:
         88:c7:dd:f0:1f:55:51:15:93:3f:00:1f:ba:f0:04:69:e6:3f:
         fc:e7:0c:9e:07:a8:48:4e:a3:ed:7c:44:3d:c5:0a:62:a3:5a:
         df:4e:4e:a4:85:91:08:8c:0c:b5:d9:eb:85:30:51:12:ff:fd:
         76:04:e7:ad
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGyQFNgUbu2H9nLHLDrJF/uDvIHAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI1MTUwMTM3WhcNMjUwODI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmIyMTdmODk1YTEyOWQ4Y2RlMjVmN2VkYTA4ZTBlMjc4
OWQyY2UwMTE4OWZiZDBhYzljYmM2NDk2MDE0ODNlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDY/WGpjAOSNMAs0hH1T1snXKA7BuDNIYkqFSAgNnOSM+nK
Sb666iXBLM/BoburLNQCM4YX5tC0Gze5tyV+qwVAWdNjZ7KaJCCV2HO8QbtCJ/FD
lAWRy0nm8xLTp/e56WyIOK3CXwC+zVRSkHV/+/NOeIhPJZnSrouNBtHqk2bMPwe9
7uA49Zjwqp+iUnels0s6zRzbvKE7MFI/TBzaYGDBvCYb+2XNjDq3Y4PDMWGDpCtJ
H+7iaFL5n4euKtjE2BVN7uxgKSQ5Yy0ZlHZ5vjikuYIZcLnbn19fx5N3zRD14JEK
fudlOJth+SP2fYMf2N+XZRujSJozwLFLWQXgIAynAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEiTW98mMLlz1QsI54skDenvgCCEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzYxNzY3YjYyLTU3MzctNGRiMy1hOTY1LTA0YTUwMDk5Zjk5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYNfMAwDQYJKoZIhvcNAQELBQADggEBAKkyFBs3ZNtekiCKDEXW9VMNllEU
3MDOqUWSlgRzwhQlnt52CtL30qFGrEj3rrTSmz79whWor+wbvHdzkt+tkpUqk7sK
qDX2uXkXjpp6vh2MiaHs4stH6zhQWe21BKXpyHzDpOP1MlSjxwqf3GY+TsWITW1P
2c6hiY5FgXw6VRNenXVaX6RFgmxOnWBhqKqOynYZr5Wh70RWBVVw2+5DxjXByG2n
CA+5VI+elsANsov0twgCtfqc5AxtIjnixTCqAVXk3pCj/ojH3fAfVVEVkz8AH7rw
BGnmP/znDJ4HqEhOo+18RD3FCmKjWt9OTqSFkQiMDLXZ64UwURL//XYE560=
-----END CERTIFICATE-----
Generated at Mon Aug 4 22:11:00 2025 by rpki-client