Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2f04501a-e42e-4e8d-92db-f2de0979982c.roa
File:                     2f04501a-e42e-4e8d-92db-f2de0979982c.roa (raw, json)
Hash identifier:          bBVM5ytZXt8IU5tSVEcHuXzzhx5R2E2YMBumAHJIL9g=
Subject key identifier:   AC:FA:6E:B7:C1:AC:4A:DC:4A:F2:61:4F:03:A9:B4:34:64:D0:6C:1A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       47778FB03CD1505D19766735FEC32CB57370C073
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2f04501a-e42e-4e8d-92db-f2de0979982c.roa
Signing time:             Mon 15 Sep 2025 15:31:19 +0000
ROA not before:           Mon 15 Sep 2025 15:31:19 +0000
ROA not after:            Mon 20 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        3.208.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 11 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:77:8f:b0:3c:d1:50:5d:19:76:67:35:fe:c3:2c:b5:73:70:c0:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 15 15:31:19 2025 GMT
            Not After : Oct 20 23:59:59 2025 GMT
        Subject: serialNumber=59a056d31a7734bdf93e6a190883d8ec3766d9e8299918784e4cac54a68ae07a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:58:f4:e8:bd:db:79:b7:b8:96:e7:ce:c5:71:
                    b0:36:ff:66:86:04:22:3c:21:ef:a9:91:e5:d1:6d:
                    9c:5e:3c:fc:38:d4:ac:8a:3d:7d:4e:ac:a1:aa:9d:
                    22:e6:7a:56:e8:1b:9a:0a:63:c5:2d:4a:d1:24:71:
                    72:0a:c7:fb:f5:6d:27:45:c0:f3:f5:bf:f8:86:e0:
                    1a:25:8a:a4:b9:09:d4:6e:3b:39:82:5f:f4:ad:27:
                    27:e0:db:10:01:12:e0:c9:2d:09:3f:35:be:a4:39:
                    99:de:db:e4:8a:a9:39:19:b8:9d:14:33:6f:f3:bc:
                    9a:b1:ab:20:3f:a7:85:25:36:be:b1:ea:49:7e:ce:
                    45:22:83:36:e2:8c:34:ee:e5:59:43:9a:11:c8:1a:
                    83:f6:84:d8:5b:9a:5b:10:4a:29:18:99:b4:43:2a:
                    ba:4f:f3:df:2b:a0:47:56:8d:ad:2d:f9:b4:46:54:
                    a6:3f:78:9a:19:04:8f:84:97:eb:79:16:6b:a8:3f:
                    d8:ad:09:25:83:3e:55:b5:b7:19:b7:24:d7:a5:6d:
                    8f:75:62:db:8b:87:1d:cd:ca:74:23:40:c9:9a:b0:
                    c8:97:31:51:f2:e6:8c:2e:68:73:af:41:64:4a:8a:
                    4e:aa:ff:9a:9e:c7:8a:c2:ab:a8:36:37:90:f4:9b:
                    5b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:FA:6E:B7:C1:AC:4A:DC:4A:F2:61:4F:03:A9:B4:34:64:D0:6C:1A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2f04501a-e42e-4e8d-92db-f2de0979982c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.208.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         a2:39:3b:67:62:a5:00:aa:16:56:d8:8f:a1:93:5f:9e:2f:b1:
         33:a3:5c:7a:26:05:26:41:78:c4:be:ef:b0:c9:74:7b:70:e4:
         16:88:04:61:37:6d:47:c5:7a:01:56:d7:0e:f7:dc:04:c3:30:
         94:49:7d:1f:9e:3f:a2:d5:6e:01:63:c5:46:b3:08:71:1f:97:
         6d:7f:88:82:7e:c4:29:04:d3:e2:06:29:42:50:cb:c0:8d:92:
         74:31:a6:4d:05:ef:95:cb:af:eb:0c:46:91:32:24:43:4b:06:
         ad:9e:8a:31:95:d9:67:ce:9a:c5:67:0f:8f:48:8d:65:14:5a:
         86:b0:d8:4d:97:4b:3c:23:f4:87:ea:61:44:75:b0:c2:53:8d:
         89:45:7f:4a:16:bf:c7:d3:5c:31:77:fd:71:58:b0:8d:02:fc:
         48:36:60:96:16:1d:44:9e:6b:48:1a:5b:61:47:82:dd:f8:7a:
         2f:50:93:68:64:bc:37:4a:01:ad:a1:15:39:10:f9:ac:58:cd:
         87:1a:ff:69:5a:f4:c9:82:e9:0a:2f:da:36:f9:e8:b0:97:90:
         f2:b8:6f:b7:60:b2:6a:d7:55:08:ac:71:c5:c0:2d:b8:83:77:
         16:07:06:37:e6:54:0b:8f:eb:77:63:fa:8d:bf:84:d5:14:6c:
         36:c6:9a:f2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR3ePsDzRUF0Zdmc1/sMstXNwwHMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTE1MTUzMTE5WhcNMjUxMDIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1OWEwNTZkMzFhNzczNGJkZjkzZTZhMTkwODgzZDhlYzM3
NjZkOWU4Mjk5OTE4Nzg0ZTRjYWM1NGE2OGFlMDdhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2WPTovdt5t7iW587FcbA2/2aGBCI8Ie+pkeXRbZxePPw4
1KyKPX1OrKGqnSLmelboG5oKY8UtStEkcXIKx/v1bSdFwPP1v/iG4BoliqS5CdRu
OzmCX/StJyfg2xABEuDJLQk/Nb6kOZne2+SKqTkZuJ0UM2/zvJqxqyA/p4UlNr6x
6kl+zkUigzbijDTu5VlDmhHIGoP2hNhbmlsQSikYmbRDKrpP898roEdWja0t+bRG
VKY/eJoZBI+El+t5FmuoP9itCSWDPlW1txm3JNelbY91YtuLhx3NynQjQMmasMiX
MVHy5owuaHOvQWRKik6q/5qex4rCq6g2N5D0m1u5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUrPput8GsStxK8mFPA6m0NGTQbBowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJmMDQ1MDFhLWU0MmUtNGU4ZC05MmRiLWYyZGUwOTc5OTgyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQD0DANBgkqhkiG9w0BAQsFAAOCAQEAojk7Z2KlAKoWVtiPoZNfni+xM6Nc
eiYFJkF4xL7vsMl0e3DkFogEYTdtR8V6AVbXDvfcBMMwlEl9H54/otVuAWPFRrMI
cR+XbX+Ign7EKQTT4gYpQlDLwI2SdDGmTQXvlcuv6wxGkTIkQ0sGrZ6KMZXZZ86a
xWcPj0iNZRRahrDYTZdLPCP0h+phRHWwwlONiUV/Sha/x9NcMXf9cViwjQL8SDZg
lhYdRJ5rSBpbYUeC3fh6L1CTaGS8N0oBraEVORD5rFjNhxr/aVr0yYLpCi/aNvno
sJeQ8rhvt2CyatdVCKxxxcAtuIN3FgcGN+ZUC4/rd2P6jb+E1RRsNsaa8g==
-----END CERTIFICATE-----