Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/add830d3-7671-41f5-b602-3406f5d9de88.roa
File:                     add830d3-7671-41f5-b602-3406f5d9de88.roa (raw, json)
Hash identifier:          BU9HpLUWIvf2olTXADomi6sULVh2NkScey2a7O3t2n4=
Subject key identifier:   C8:06:7E:D7:AF:59:27:5D:4E:4E:A6:82:5B:9E:87:43:B2:B4:96:EF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       597954116726E5301169E835408DC94964E7FC63
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/add830d3-7671-41f5-b602-3406f5d9de88.roa
Signing time:             Tue 21 Oct 2025 00:30:10 +0000
ROA not before:           Tue 21 Oct 2025 00:30:10 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.115.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:79:54:11:67:26:e5:30:11:69:e8:35:40:8d:c9:49:64:e7:fc:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 00:30:10 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=eab0d523f7645028b6a228f2de8ac97020f1e4576acfd48e2b478f84bdf44607, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:30:3c:8c:9e:13:a8:ab:0a:60:4e:91:a3:45:
                    87:a1:03:c0:4b:3e:86:87:28:4f:82:c8:bd:05:a5:
                    76:34:4f:f0:ad:7a:2c:d9:5d:59:81:f5:81:6c:f7:
                    34:bc:f2:fe:50:52:a8:e0:a3:4a:0d:64:4b:8c:a7:
                    39:ac:e4:48:a1:09:85:7f:0d:33:bd:8a:19:77:88:
                    f2:71:bf:08:47:1e:cd:94:af:7b:b8:ff:6f:71:c2:
                    1d:75:7d:6a:18:53:42:54:87:fe:59:ba:b0:2b:4c:
                    a0:fa:d2:83:e4:73:18:f9:3b:04:c0:42:81:c5:47:
                    76:8f:a7:05:fe:be:c1:a0:61:87:59:b6:ce:45:58:
                    19:1d:38:2c:e2:64:61:64:0f:9b:2d:55:7c:24:49:
                    5a:26:81:b7:a6:db:1f:ab:f7:0e:3f:76:63:13:c7:
                    86:8b:a9:5a:b9:d4:ce:97:c1:e1:42:eb:a4:25:ac:
                    05:a0:29:72:f5:c6:9a:2c:85:a8:53:c6:6a:24:95:
                    c4:4e:30:22:71:f0:a4:90:1a:24:2f:cc:c6:24:db:
                    11:4b:86:0c:2c:34:91:0f:7c:17:1f:a8:d1:02:a5:
                    63:3c:6c:d8:39:b2:c0:5c:d3:29:88:29:53:9a:e8:
                    63:bc:57:4d:1e:c6:d8:43:90:82:33:01:6d:c8:9c:
                    7e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:06:7E:D7:AF:59:27:5D:4E:4E:A6:82:5B:9E:87:43:B2:B4:96:EF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/add830d3-7671-41f5-b602-3406f5d9de88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.115.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         3f:4c:83:67:0e:85:31:5a:be:3f:22:e3:91:89:cf:02:ca:cd:
         ed:b2:b8:68:56:ab:95:54:63:b2:93:92:bf:20:62:03:7a:a1:
         b2:d7:02:a3:fe:ed:33:36:ed:a0:81:86:2d:2a:51:9c:c3:c0:
         84:3c:b0:4a:46:4f:ac:ee:e9:dd:f8:e3:0b:c5:a9:c3:b4:70:
         a7:c5:1f:b3:80:66:4d:5d:19:c4:01:23:23:98:50:26:71:ee:
         de:8a:c9:5b:d0:f1:53:6e:d8:3c:ba:0a:53:55:0b:7d:6d:95:
         be:21:71:3a:9b:c1:e1:20:70:24:e9:f5:ed:04:bd:c1:2e:b7:
         a9:59:5d:bf:ef:39:a0:4d:d7:21:1e:d2:69:6b:79:d8:4e:a3:
         ae:12:95:11:af:29:6c:6e:7e:4b:8d:19:dc:0d:3d:03:7b:75:
         5c:c1:dd:f7:24:c6:ff:17:9e:da:c2:ac:b1:6d:a2:dc:c8:be:
         35:e3:2b:67:a8:5f:78:2a:4e:03:87:67:cd:6f:be:8a:57:d2:
         cb:07:62:97:7d:7b:04:ff:10:95:c7:7f:ff:69:b6:eb:b1:95:
         74:0b:38:ea:d9:10:cc:36:d5:0e:51:63:13:66:7f:74:36:55:
         63:27:25:23:da:4a:9c:e1:f3:3c:e5:5a:b1:0e:90:71:3f:81:
         aa:2b:31:04
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWXlUEWcm5TARaeg1QI3JSWTn/GMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDAzMDEwWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYWIwZDUyM2Y3NjQ1MDI4YjZhMjI4ZjJkZThhYzk3MDIw
ZjFlNDU3NmFjZmQ0OGUyYjQ3OGY4NGJkZjQ0NjA3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzMDyMnhOoqwpgTpGjRYehA8BLPoaHKE+CyL0FpXY0T/Ct
eizZXVmB9YFs9zS88v5QUqjgo0oNZEuMpzms5EihCYV/DTO9ihl3iPJxvwhHHs2U
r3u4/29xwh11fWoYU0JUh/5ZurArTKD60oPkcxj5OwTAQoHFR3aPpwX+vsGgYYdZ
ts5FWBkdOCziZGFkD5stVXwkSVomgbem2x+r9w4/dmMTx4aLqVq51M6XweFC66Ql
rAWgKXL1xposhahTxmoklcROMCJx8KSQGiQvzMYk2xFLhgwsNJEPfBcfqNECpWM8
bNg5ssBc0ymIKVOa6GO8V00exthDkIIzAW3InH7vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyAZ+169ZJ11OTqaCW56HQ7K0lu8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FkZDgzMGQzLTc2NzEtNDFmNS1iNjAyLTM0MDZmNWQ5ZGU4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYNc8AwDQYJKoZIhvcNAQELBQADggEBAD9Mg2cOhTFavj8i45GJzwLKze2y
uGhWq5VUY7KTkr8gYgN6obLXAqP+7TM27aCBhi0qUZzDwIQ8sEpGT6zu6d344wvF
qcO0cKfFH7OAZk1dGcQBIyOYUCZx7t6KyVvQ8VNu2Dy6ClNVC31tlb4hcTqbweEg
cCTp9e0EvcEut6lZXb/vOaBN1yEe0mlredhOo64SlRGvKWxufkuNGdwNPQN7dVzB
3fckxv8XntrCrLFtotzIvjXjK2eoX3gqTgOHZ81vvopX0ssHYpd9ewT/EJXHf/9p
tuuxlXQLOOrZEMw21Q5RYxNmf3Q2VWMnJSPaSpzh8zzlWrEOkHE/gaorMQQ=
-----END CERTIFICATE-----
Generated at Wed Nov 5 01:49:46 2025 by rpki-client