Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c983e574-bfee-43d5-a8ee-79bdfdd8e179.roa
File:                     c983e574-bfee-43d5-a8ee-79bdfdd8e179.roa (raw, json)
Hash identifier:          sLwlBuRN9g+1bIQJPi0O21gZQL/MlFM6H6tCdDirFNs=
Subject key identifier:   88:0D:49:77:07:AF:62:D1:52:F1:DF:9D:A3:73:D0:00:11:7B:72:82
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7260B0C14C4DF8B551D57C9A9FD04C11A07FC776
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c983e574-bfee-43d5-a8ee-79bdfdd8e179.roa
Signing time:             Sat 26 Jul 2025 00:20:57 +0000
ROA not before:           Sat 26 Jul 2025 00:20:57 +0000
ROA not after:            Sat 30 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.248.96.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:60:b0:c1:4c:4d:f8:b5:51:d5:7c:9a:9f:d0:4c:11:a0:7f:c7:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 26 00:20:57 2025 GMT
            Not After : Aug 30 23:59:59 2025 GMT
        Subject: serialNumber=46dfbf8059ec9394ceec3c8717abf87ac58ebd846614ced3b245711184afcd2d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:74:3c:64:a9:ee:25:67:13:76:97:00:fe:58:
                    70:e8:63:a8:2a:ec:55:63:6c:8c:81:85:37:89:64:
                    9b:fd:c7:ee:2b:84:c8:91:be:9e:ec:5a:36:3a:b0:
                    d5:c8:a3:76:2f:4d:e4:1c:22:9f:e8:dd:bf:f6:31:
                    89:4e:85:95:75:2d:52:89:2b:1e:00:d4:f0:6e:c9:
                    01:b1:36:55:7d:3b:c8:e2:9d:22:b2:ee:bb:94:82:
                    d9:d1:42:86:82:31:0c:af:f0:89:b9:81:25:91:91:
                    dd:3e:d9:8e:f1:c4:f6:31:44:79:f7:61:12:9e:1d:
                    97:93:dc:9b:20:fd:07:68:ad:ff:db:1c:bd:3c:ee:
                    bd:e8:1b:fe:00:43:5b:4d:db:cb:ec:1d:54:2b:41:
                    69:aa:34:99:e1:8a:aa:f5:19:dd:45:46:cc:b2:7e:
                    73:f6:6c:4a:f3:4a:e5:f3:6b:18:65:b2:28:36:5f:
                    0d:a3:ae:5a:65:00:e6:96:ea:c7:75:6f:d9:10:e8:
                    d5:15:ec:ce:e8:1a:4a:39:13:7a:ee:42:a0:30:37:
                    a9:57:d3:7b:96:f9:ed:73:c3:da:72:dc:7a:f8:c7:
                    b4:26:35:eb:2b:a8:08:02:88:e2:51:4e:db:66:b7:
                    3c:a6:07:4c:75:a9:4c:4a:06:5c:58:01:72:b0:38:
                    7a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:0D:49:77:07:AF:62:D1:52:F1:DF:9D:A3:73:D0:00:11:7B:72:82
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c983e574-bfee-43d5-a8ee-79bdfdd8e179.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.248.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0a:7f:18:c9:39:cf:4b:fc:db:55:45:7a:7b:a3:31:fb:6c:16:
         dc:d9:1a:02:6c:c5:c3:80:5f:12:10:25:03:f8:6d:b2:8b:27:
         a1:4e:5b:17:48:af:dd:be:a5:7d:4a:86:20:2f:08:be:56:a8:
         78:be:0b:07:6a:04:4d:d8:96:66:64:1f:0f:ed:5a:0e:56:9d:
         6d:aa:66:48:c6:d6:36:4a:86:20:b9:45:a1:db:bc:62:fc:9d:
         21:16:9b:0b:77:eb:c7:9d:dc:6d:a8:0a:6c:d0:dc:50:39:40:
         78:76:b0:14:28:98:90:55:f3:0c:72:72:6d:43:29:7b:ec:63:
         3a:45:a1:e2:81:23:7a:9c:e6:97:71:51:72:73:fb:2c:a7:a3:
         99:03:13:05:b6:42:d1:bc:07:ad:df:2c:ee:3c:9c:7c:97:27:
         5a:68:74:b8:62:6a:08:96:6f:d8:a7:f3:17:6d:0e:d4:df:6e:
         b4:c3:9e:2a:cf:c5:82:39:76:63:cb:b4:88:4c:d3:f1:f1:fa:
         53:50:0f:d6:b2:30:7c:3f:57:95:31:48:32:95:5c:4d:e0:b5:
         7b:68:d8:c1:e2:55:37:8f:2f:75:17:f6:68:5a:17:4c:73:05:
         da:9c:25:2a:5e:bf:ec:56:9c:6a:1c:67:85:0a:49:d1:cd:ed:
         f9:5f:8b:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcmCwwUxN+LVR1Xyan9BMEaB/x3YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI2MDAyMDU3WhcNMjUwODMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NmRmYmY4MDU5ZWM5Mzk0Y2VlYzNjODcxN2FiZjg3YWM1
OGViZDg0NjYxNGNlZDNiMjQ1NzExMTg0YWZjZDJkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIdDxkqe4lZxN2lwD+WHDoY6gq7FVjbIyBhTeJZJv9x+4r
hMiRvp7sWjY6sNXIo3YvTeQcIp/o3b/2MYlOhZV1LVKJKx4A1PBuyQGxNlV9O8ji
nSKy7ruUgtnRQoaCMQyv8Im5gSWRkd0+2Y7xxPYxRHn3YRKeHZeT3Jsg/Qdorf/b
HL087r3oG/4AQ1tN28vsHVQrQWmqNJnhiqr1Gd1FRsyyfnP2bErzSuXzaxhlsig2
Xw2jrlplAOaW6sd1b9kQ6NUV7M7oGko5E3ruQqAwN6lX03uW+e1zw9py3Hr4x7Qm
NesrqAgCiOJRTttmtzymB0x1qUxKBlxYAXKwOHphAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiA1JdwevYtFS8d+do3PQABF7coIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2M5ODNlNTc0LWJmZWUtNDNkNS1hOGVlLTc5YmRmZGQ4ZTE3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQN+GAwDQYJKoZIhvcNAQELBQADggEBAAp/GMk5z0v821VFenujMftsFtzZ
GgJsxcOAXxIQJQP4bbKLJ6FOWxdIr92+pX1KhiAvCL5WqHi+CwdqBE3YlmZkHw/t
Wg5WnW2qZkjG1jZKhiC5RaHbvGL8nSEWmwt368ed3G2oCmzQ3FA5QHh2sBQomJBV
8wxycm1DKXvsYzpFoeKBI3qc5pdxUXJz+yyno5kDEwW2QtG8B63fLO48nHyXJ1po
dLhiagiWb9in8xdtDtTfbrTDnirPxYI5dmPLtIhM0/Hx+lNQD9ayMHw/V5UxSDKV
XE3gtXto2MHiVTePL3UX9mhaF0xzBdqcJSpev+xWnGocZ4UKSdHN7flfi54=
-----END CERTIFICATE-----