Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8d6a34e1-99e6-4194-a306-a7899e802602.roa
File:                     8d6a34e1-99e6-4194-a306-a7899e802602.roa (raw, json)
Hash identifier:          EMvj1LQy6lVGY0HO/Ur2t7wBDv4Jgfop1qStxjssq/E=
Subject key identifier:   72:5B:E0:C7:24:15:35:4F:B4:85:EE:B5:63:B2:88:08:05:D0:30:C6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3F772E99E1B1D47099070F592A62D3350F9E5262
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8d6a34e1-99e6-4194-a306-a7899e802602.roa
Signing time:             Sat 26 Jul 2025 00:21:05 +0000
ROA not before:           Sat 26 Jul 2025 00:21:05 +0000
ROA not after:            Sat 30 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.248.0.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:77:2e:99:e1:b1:d4:70:99:07:0f:59:2a:62:d3:35:0f:9e:52:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 26 00:21:05 2025 GMT
            Not After : Aug 30 23:59:59 2025 GMT
        Subject: serialNumber=864ce44331d8b8a1dd8bdd1190e338eaad3eb789c3faa35bc62acb406863a060, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ae:a5:62:da:e9:51:08:b9:c2:33:db:e2:79:
                    ad:98:c3:dd:9d:7f:b5:82:52:1f:a9:d4:67:80:e7:
                    87:d1:2f:f2:e9:63:f6:d0:82:2b:c8:10:2e:33:d6:
                    ab:2e:9a:12:75:5e:3b:4a:26:9f:ab:54:58:c3:b8:
                    54:3f:8a:51:3d:10:b7:18:e8:1d:49:f4:a7:bc:b7:
                    20:35:43:74:22:98:55:a5:0d:bf:16:db:46:1f:ad:
                    53:7f:9d:6f:d0:aa:97:68:c3:82:45:73:f0:55:15:
                    0a:a2:d5:44:86:66:ea:ba:1e:71:36:21:c7:ca:15:
                    7e:12:92:d9:38:b2:79:40:d1:af:3b:6b:7d:19:2b:
                    30:ee:4d:ea:82:0b:85:70:80:bb:ed:ad:fc:25:69:
                    23:86:0b:92:18:d8:71:2d:d8:7c:1a:6c:8e:ae:c6:
                    d6:a1:c4:98:39:32:86:ca:e1:bb:cb:c0:fb:ac:f8:
                    fb:42:18:7a:fe:e4:4c:42:52:a2:35:7e:f7:f7:ec:
                    46:7e:d0:f0:d9:1a:0b:b1:d1:28:a8:70:c5:ac:57:
                    ae:15:9a:d0:30:6d:91:61:7e:0b:4c:56:39:1b:ba:
                    31:46:67:df:db:a6:69:9f:40:39:12:4e:c8:11:73:
                    9b:01:82:23:96:d1:01:a1:72:d5:8e:19:76:e3:ae:
                    5a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:5B:E0:C7:24:15:35:4F:B4:85:EE:B5:63:B2:88:08:05:D0:30:C6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8d6a34e1-99e6-4194-a306-a7899e802602.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.248.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6b:7f:8d:3a:85:14:da:49:ac:61:29:cf:4e:8d:42:0b:ac:72:
         75:fd:a6:17:9d:a5:b3:f7:bb:47:71:d7:31:07:85:cb:09:81:
         14:14:a1:67:81:52:7a:2d:94:1c:2b:46:a2:32:3a:1a:80:06:
         2c:f1:35:a1:7e:cc:13:fe:42:18:9f:92:bb:4e:10:47:24:a6:
         f1:4d:89:f6:26:b3:c5:0a:bd:2f:ac:c6:d2:5b:03:34:f1:6a:
         5a:80:0b:22:25:d4:3f:6c:93:d4:50:0e:17:62:ee:c8:aa:ce:
         72:16:c7:8c:23:86:45:1b:72:b4:89:a3:09:6c:92:b1:c6:20:
         ae:c6:ec:ba:3a:3a:29:a6:8f:cc:c6:cf:77:82:76:3e:0d:60:
         e9:f6:5b:03:37:56:2d:de:2d:b8:97:9d:8f:ce:08:bb:31:97:
         bc:12:b0:e2:5d:cb:5d:0d:53:dc:4d:8c:f6:34:81:9a:57:bd:
         4b:3a:a2:84:ae:7b:48:5c:39:32:b6:3e:7e:29:e1:dc:de:d3:
         61:d6:af:01:e5:fe:15:84:ac:7a:e0:da:9e:24:a3:32:6d:11:
         1f:51:06:4e:ac:81:c8:22:af:46:8e:8c:44:0c:62:97:ba:ae:
         fe:a0:6c:ef:27:69:91:7b:3d:5c:12:8d:93:71:9c:ee:b5:d8:
         ce:90:0c:05
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP3cumeGx1HCZBw9ZKmLTNQ+eUmIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI2MDAyMTA1WhcNMjUwODMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NjRjZTQ0MzMxZDhiOGExZGQ4YmRkMTE5MGUzMzhlYWFk
M2ViNzg5YzNmYWEzNWJjNjJhY2I0MDY4NjNhMDYwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCorqVi2ulRCLnCM9viea2Yw92df7WCUh+p1GeA54fRL/Lp
Y/bQgivIEC4z1qsumhJ1XjtKJp+rVFjDuFQ/ilE9ELcY6B1J9Ke8tyA1Q3QimFWl
Db8W20YfrVN/nW/Qqpdow4JFc/BVFQqi1USGZuq6HnE2IcfKFX4Sktk4snlA0a87
a30ZKzDuTeqCC4VwgLvtrfwlaSOGC5IY2HEt2HwabI6uxtahxJg5MobK4bvLwPus
+PtCGHr+5ExCUqI1fvf37EZ+0PDZGgux0SiocMWsV64VmtAwbZFhfgtMVjkbujFG
Z9/bpmmfQDkSTsgRc5sBgiOW0QGhctWOGXbjrlq3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUclvgxyQVNU+0he61Y7KICAXQMMYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhkNmEzNGUxLTk5ZTYtNDE5NC1hMzA2LWE3ODk5ZTgwMjYwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQN+AAwDQYJKoZIhvcNAQELBQADggEBAGt/jTqFFNpJrGEpz06NQguscnX9
phedpbP3u0dx1zEHhcsJgRQUoWeBUnotlBwrRqIyOhqABizxNaF+zBP+QhifkrtO
EEckpvFNifYms8UKvS+sxtJbAzTxalqACyIl1D9sk9RQDhdi7siqznIWx4wjhkUb
crSJowlskrHGIK7G7Lo6Oimmj8zGz3eCdj4NYOn2WwM3Vi3eLbiXnY/OCLsxl7wS
sOJdy10NU9xNjPY0gZpXvUs6ooSue0hcOTK2Pn4p4dze02HWrwHl/hWErHrg2p4k
ozJtER9RBk6sgcgir0aOjEQMYpe6rv6gbO8naZF7PVwSjZNxnO612M6QDAU=
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:40:11 2025 by rpki-client