Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bafbe347-7d54-4adc-9f60-0bb4eee46341.roa
File:                     bafbe347-7d54-4adc-9f60-0bb4eee46341.roa (raw, json)
Hash identifier:          +lFmnqaZe88gxSgLHE7NhDRTpB9M5BIDy1blMjkZHs8=
Subject key identifier:   7C:3C:D0:09:EE:F2:43:E1:74:BD:5B:34:59:1E:D8:46:08:67:00:30
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0277916DA2632D9738492CB7BC0202A49061D9C5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bafbe347-7d54-4adc-9f60-0bb4eee46341.roa
Signing time:             Wed 22 Oct 2025 00:10:09 +0000
ROA not before:           Wed 22 Oct 2025 00:10:09 +0000
ROA not after:            Wed 26 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        13.217.78.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:77:91:6d:a2:63:2d:97:38:49:2c:b7:bc:02:02:a4:90:61:d9:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 22 00:10:09 2025 GMT
            Not After : Nov 26 23:59:59 2025 GMT
        Subject: serialNumber=80ac36b43b3980381f6b4ef57dc74c77cf26a1f18dc7255c6d4f85f24c14524c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b3:7e:a6:d1:67:fa:5d:15:4f:89:c4:ea:a7:
                    3a:eb:4c:7b:03:09:07:20:87:46:30:fc:4e:2a:05:
                    fc:9c:2b:b0:fa:f7:b0:ab:01:35:d0:b1:1a:0a:71:
                    f4:5e:20:b5:cf:70:dd:90:21:ef:87:02:36:b4:98:
                    ce:f7:76:69:91:c4:f8:35:9b:f2:3b:76:3d:83:ce:
                    07:fd:22:ce:f8:ba:30:f1:ca:b8:ae:84:ec:f3:10:
                    28:8b:70:c5:b6:67:05:97:03:4a:7c:26:9a:3f:06:
                    6d:d4:6c:eb:c1:75:08:cf:70:69:b2:85:73:58:ee:
                    3a:8b:fc:02:fe:21:c9:99:0d:23:6e:77:9c:82:ab:
                    f8:66:68:4c:30:6c:ff:57:9b:99:23:61:7e:62:2b:
                    38:54:e3:22:26:95:c9:ff:13:5f:64:17:9e:85:c3:
                    c8:63:c5:64:af:3a:fe:11:62:ef:41:ad:f3:48:34:
                    84:e6:a4:12:e2:9f:aa:b5:95:f7:08:3b:b7:cd:f0:
                    94:2d:b0:53:14:57:2f:4a:15:1d:4d:77:00:94:1a:
                    ad:e1:d1:80:d1:90:cc:0c:80:fd:99:37:93:18:6d:
                    0e:92:37:83:61:b6:7a:ed:00:a9:78:2d:9b:81:e7:
                    be:76:6c:06:45:03:5d:81:ad:b4:8c:0d:1a:90:fc:
                    29:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:3C:D0:09:EE:F2:43:E1:74:BD:5B:34:59:1E:D8:46:08:67:00:30
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bafbe347-7d54-4adc-9f60-0bb4eee46341.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.217.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:f4:d0:70:d3:62:00:db:be:19:db:3b:cd:db:e7:22:a4:3f:
         a7:b4:79:66:3e:0b:5b:5c:0b:fa:8b:c1:24:24:77:d9:16:62:
         ef:60:5b:0e:8b:cc:c8:c5:d8:8d:1f:8e:3e:bb:3b:46:d8:07:
         4b:8b:d6:f1:a9:a1:3e:ca:56:f8:ab:9e:6e:47:b5:f8:e2:98:
         f1:65:6f:22:48:f7:e1:62:60:3e:12:82:36:29:56:63:3a:18:
         cb:32:f2:17:2f:39:99:cc:40:e6:8d:99:18:0b:50:30:02:45:
         80:ab:77:42:98:48:a6:89:51:0c:00:cd:be:fb:43:73:75:be:
         e9:d2:f0:47:be:92:1b:fa:b5:39:10:2d:75:16:40:22:12:e9:
         3c:67:02:9a:cb:79:0c:f2:cd:42:ee:08:54:75:87:b0:0e:ed:
         0b:f3:26:ed:c3:ec:1d:cd:28:9b:b3:87:cc:b4:c7:88:e2:2b:
         59:bc:f4:1a:9b:a5:43:3d:44:b2:6c:a0:56:29:83:17:4b:91:
         59:6b:64:f7:de:62:94:90:3e:1d:be:14:4a:f9:16:94:5d:67:
         7d:c7:ed:2a:99:bc:5b:07:e7:11:e9:f7:11:b0:87:f6:9a:19:
         da:6b:22:6d:b8:43:b5:c2:f5:23:82:46:5b:75:eb:fa:fc:5c:
         be:77:7e:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAneRbaJjLZc4SSy3vAICpJBh2cUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIyMDAxMDA5WhcNMjUxMTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MGFjMzZiNDNiMzk4MDM4MWY2YjRlZjU3ZGM3NGM3N2Nm
MjZhMWYxOGRjNzI1NWM2ZDRmODVmMjRjMTQ1MjRjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5s36m0Wf6XRVPicTqpzrrTHsDCQcgh0Yw/E4qBfycK7D6
97CrATXQsRoKcfReILXPcN2QIe+HAja0mM73dmmRxPg1m/I7dj2Dzgf9Is74ujDx
yriuhOzzECiLcMW2ZwWXA0p8Jpo/Bm3UbOvBdQjPcGmyhXNY7jqL/AL+IcmZDSNu
d5yCq/hmaEwwbP9Xm5kjYX5iKzhU4yImlcn/E19kF56Fw8hjxWSvOv4RYu9BrfNI
NITmpBLin6q1lfcIO7fN8JQtsFMUVy9KFR1NdwCUGq3h0YDRkMwMgP2ZN5MYbQ6S
N4NhtnrtAKl4LZuB5752bAZFA12BrbSMDRqQ/CkZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfDzQCe7yQ+F0vVs0WR7YRghnADAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JhZmJlMzQ3LTdkNTQtNGFkYy05ZjYwLTBiYjRlZWU0NjM0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEN2U4wDQYJKoZIhvcNAQELBQADggEBAEj00HDTYgDbvhnbO83b5yKkP6e0
eWY+C1tcC/qLwSQkd9kWYu9gWw6LzMjF2I0fjj67O0bYB0uL1vGpoT7KVvirnm5H
tfjimPFlbyJI9+FiYD4SgjYpVmM6GMsy8hcvOZnMQOaNmRgLUDACRYCrd0KYSKaJ
UQwAzb77Q3N1vunS8Ee+khv6tTkQLXUWQCIS6TxnAprLeQzyzULuCFR1h7AO7Qvz
Ju3D7B3NKJuzh8y0x4jiK1m89BqbpUM9RLJsoFYpgxdLkVlrZPfeYpSQPh2+FEr5
FpRdZ33H7SqZvFsH5xHp9xGwh/aaGdprIm24Q7XC9SOCRlt16/r8XL53fiU=
-----END CERTIFICATE-----
Generated at Wed Nov 5 01:54:23 2025 by rpki-client