Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0001cb33-47b8-4eb2-8e68-746effca9784.roa
File:                     0001cb33-47b8-4eb2-8e68-746effca9784.roa (raw, json)
Hash identifier:          rvoSjZ61fVkXs880uxt3cMkoxiB+1JjXdBZIQg1fbhI=
Subject key identifier:   B6:5F:5A:28:DF:17:28:93:EE:44:6E:FA:15:22:F5:40:A1:DF:6D:2A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       282C167F08960C3FBC5494B89323923A9639F524
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0001cb33-47b8-4eb2-8e68-746effca9784.roa
Signing time:             Mon 01 Sep 2025 16:50:59 +0000
ROA not before:           Mon 01 Sep 2025 16:50:59 +0000
ROA not after:            Mon 06 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        167.166.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 21 Sep 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:2c:16:7f:08:96:0c:3f:bc:54:94:b8:93:23:92:3a:96:39:f5:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep  1 16:50:59 2025 GMT
            Not After : Oct  6 23:59:59 2025 GMT
        Subject: serialNumber=6ffc4a97bd27c4fe39aac54e2f5d9a711df81e6142f56956df0bb04c150dcbc3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f0:9d:d6:16:18:1e:3f:53:4f:40:0c:e4:9a:
                    b8:ea:7e:3a:27:d3:24:bd:24:f7:7c:f3:d3:06:01:
                    96:86:65:53:0d:ce:3d:ee:34:8c:7e:7f:2e:33:7a:
                    61:1d:bf:e4:b3:50:e1:24:09:c8:45:6d:f4:93:1d:
                    6c:bf:8c:70:a9:6f:e9:49:15:75:fe:ff:b5:8b:b6:
                    a6:70:67:41:31:71:c5:f2:5e:d9:48:9f:a8:e2:d4:
                    49:1f:ac:35:4d:98:13:5e:33:de:8e:dd:43:8c:97:
                    70:f9:81:b4:18:0d:df:61:bd:79:cd:ed:b7:7a:ab:
                    ec:ab:fd:e7:6a:3b:fa:c0:d5:f2:43:3d:11:a4:23:
                    28:d9:f7:95:22:32:c1:bc:8a:68:96:10:55:67:e0:
                    6e:b9:e1:1e:51:5a:3e:dc:af:35:62:56:69:d7:16:
                    06:1a:fe:21:0c:10:86:58:5b:c4:3d:bb:35:46:20:
                    db:9e:e4:d4:aa:c4:70:35:6a:e1:1f:37:0b:fa:3c:
                    6e:52:86:a9:78:c5:64:55:f2:73:42:9c:5a:1b:b4:
                    d5:c2:c3:1c:a8:da:5e:15:ba:c2:11:68:a0:68:a7:
                    98:9d:c3:3d:b6:89:a7:f8:33:84:6a:f3:26:cf:16:
                    11:61:4b:ec:b1:18:98:cd:83:ed:39:d0:db:b5:bc:
                    98:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:5F:5A:28:DF:17:28:93:EE:44:6E:FA:15:22:F5:40:A1:DF:6D:2A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0001cb33-47b8-4eb2-8e68-746effca9784.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.166.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9b:dc:6a:2d:ea:7a:4a:6e:d3:85:53:12:a2:fa:9a:bc:25:67:
         12:55:9a:57:f6:fa:d9:6a:84:c7:18:63:d3:6a:e2:33:31:57:
         27:42:cf:56:1f:1b:f2:46:c3:aa:e0:2f:b3:a0:d1:f5:f0:c8:
         6e:7c:1f:58:e9:4b:a8:96:a0:3b:96:78:71:1e:e4:92:03:f9:
         b4:70:41:aa:72:04:d7:14:d1:d1:bc:19:75:ec:9d:02:2e:a8:
         57:d6:ec:56:ef:b2:17:b1:90:97:68:f7:90:f4:73:51:9e:7f:
         55:b1:a3:1a:b4:1c:03:7c:90:bb:fa:48:a6:03:ca:17:9e:07:
         d6:a6:55:a4:51:a3:94:69:f8:96:07:3c:cf:55:27:78:b1:b2:
         6c:91:87:16:7c:b7:e8:bb:04:47:9c:9c:77:01:ac:b0:cf:83:
         62:a5:3c:e4:19:8c:af:b7:89:99:a5:c6:1d:ce:0f:32:80:09:
         23:15:9d:c5:aa:ca:79:1a:70:fc:25:86:a4:0b:6a:1c:f7:26:
         a4:41:ad:7a:d2:6e:0e:d2:1b:fe:39:14:8b:85:0b:9e:6b:36:
         97:3f:46:5c:6e:fe:70:f3:9e:9f:7f:eb:9f:fb:a5:62:8e:8e:
         6f:2d:23:f1:d7:ee:e2:95:4c:83:99:bb:16:7e:82:ab:2e:48:
         f9:dc:f7:86
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKCwWfwiWDD+8VJS4kyOSOpY59SQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTAxMTY1MDU5WhcNMjUxMDA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZmZjNGE5N2JkMjdjNGZlMzlhYWM1NGUyZjVkOWE3MTFk
ZjgxZTYxNDJmNTY5NTZkZjBiYjA0YzE1MGRjYmMzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDM8J3WFhgeP1NPQAzkmrjqfjon0yS9JPd889MGAZaGZVMN
zj3uNIx+fy4zemEdv+SzUOEkCchFbfSTHWy/jHCpb+lJFXX+/7WLtqZwZ0ExccXy
XtlIn6ji1EkfrDVNmBNeM96O3UOMl3D5gbQYDd9hvXnN7bd6q+yr/edqO/rA1fJD
PRGkIyjZ95UiMsG8imiWEFVn4G654R5RWj7crzViVmnXFgYa/iEMEIZYW8Q9uzVG
INue5NSqxHA1auEfNwv6PG5Shql4xWRV8nNCnFobtNXCwxyo2l4VusIRaKBop5id
wz22iaf4M4Rq8ybPFhFhS+yxGJjNg+050Nu1vJgJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUtl9aKN8XKJPuRG76FSL1QKHfbSowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAwMDFjYjMzLTQ3YjgtNGViMi04ZTY4LTc0NmVmZmNhOTc4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCnpjANBgkqhkiG9w0BAQsFAAOCAQEAm9xqLep6Sm7ThVMSovqavCVnElWa
V/b62WqExxhj02riMzFXJ0LPVh8b8kbDquAvs6DR9fDIbnwfWOlLqJagO5Z4cR7k
kgP5tHBBqnIE1xTR0bwZdeydAi6oV9bsVu+yF7GQl2j3kPRzUZ5/VbGjGrQcA3yQ
u/pIpgPKF54H1qZVpFGjlGn4lgc8z1UneLGybJGHFny36LsER5ycdwGssM+DYqU8
5BmMr7eJmaXGHc4PMoAJIxWdxarKeRpw/CWGpAtqHPcmpEGtetJuDtIb/jkUi4UL
nms2lz9GXG7+cPOen3/rn/ulYo6Oby0j8dfu4pVMg5m7Fn6Cqy5I+dz3hg==
-----END CERTIFICATE-----