Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/03aa2c6a-599f-43df-8adc-c850a797c213.roa
File:                     03aa2c6a-599f-43df-8adc-c850a797c213.roa (raw, json)
Hash identifier:          dli/GjvU6JFTaeC/6vgIUodivIC3FjiJFlnC7RzhUgA=
Subject key identifier:   B3:C1:29:26:14:8A:18:5E:E6:AA:9F:11:FD:1F:AC:7B:63:4C:BF:C7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1B269FE886293DDB93467F7CCA8A7CFFE78B4079
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/03aa2c6a-599f-43df-8adc-c850a797c213.roa
Signing time:             Thu 25 Sep 2025 20:39:32 +0000
ROA not before:           Thu 25 Sep 2025 20:39:32 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.173.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:26:9f:e8:86:29:3d:db:93:46:7f:7c:ca:8a:7c:ff:e7:8b:40:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 20:39:32 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=768b276c1c87311693384917b34d65848e357981beb4c6bac9a347dcec596c79, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:0f:1d:66:ef:71:37:c6:e2:67:ad:b0:31:8e:
                    cf:17:60:9d:b4:e6:43:90:66:93:c7:85:d3:66:df:
                    6c:06:b8:6c:e9:6e:b2:5a:a6:6a:1e:9f:28:1d:f1:
                    7a:c9:c9:3b:b4:8c:e9:09:be:66:1f:68:7f:97:53:
                    c2:c2:d6:4a:dd:76:8a:8d:3d:64:69:93:61:32:7c:
                    de:43:1f:20:59:ff:03:4f:82:75:f9:38:b0:cb:4e:
                    fa:91:24:f8:2b:49:0b:31:85:b9:c8:d4:23:f1:f6:
                    ae:2e:39:cd:9c:77:90:51:2f:7e:9c:21:de:58:3a:
                    85:fc:83:c3:c1:67:81:be:9b:bc:a7:b5:f5:29:0a:
                    e2:7a:0f:e9:47:37:72:b3:67:d0:f5:7f:d2:79:95:
                    9b:24:94:b1:47:4f:27:51:05:96:d3:8a:e5:3b:5d:
                    6a:be:4c:84:68:31:72:c9:8c:f8:34:2d:17:85:be:
                    50:ed:05:cf:32:64:41:49:c5:87:50:eb:15:17:d9:
                    fe:7d:d6:f1:6d:ee:b1:44:5d:59:98:e7:ca:ec:71:
                    88:d9:9f:ee:c3:94:16:d3:5f:9e:e6:3b:32:fe:17:
                    72:7b:67:94:29:02:3e:17:9a:bb:ed:59:0f:8f:b2:
                    04:f7:31:27:02:1e:00:c3:7e:86:11:53:b3:71:cc:
                    9d:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:C1:29:26:14:8A:18:5E:E6:AA:9F:11:FD:1F:AC:7B:63:4C:BF:C7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/03aa2c6a-599f-43df-8adc-c850a797c213.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.173.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:c6:79:ad:42:36:be:b8:f0:0b:c4:b0:84:80:bb:f1:5a:bb:
         eb:08:00:83:1c:4d:3f:ca:c0:3b:ae:32:6b:df:c9:b1:94:63:
         bf:39:81:94:ad:cb:c2:70:19:2a:62:3e:fe:f8:13:a4:b4:dd:
         63:f2:51:c6:66:24:58:30:0f:0e:9e:80:b9:8c:c1:ca:f8:48:
         c7:24:f0:82:f7:32:02:b6:3b:a5:35:b1:84:a4:38:2e:ca:fb:
         d7:ca:2b:37:25:7e:65:db:ab:65:ea:bd:3d:28:a4:3d:9d:ce:
         bc:8d:68:bd:09:6b:8d:0e:46:8c:c1:40:b2:6b:39:0a:68:27:
         69:15:7c:ae:61:79:10:80:8e:42:e2:47:84:e5:06:b3:4a:73:
         c0:b5:0f:57:47:86:7e:5b:8e:b2:ac:63:a1:62:b7:b4:74:c0:
         a2:63:4a:80:ff:63:80:21:6a:51:67:f9:87:55:c4:b4:36:af:
         34:c8:4b:b5:f9:c2:e7:f2:6a:e0:63:47:3a:71:a2:19:fe:8e:
         90:8f:dc:e5:9a:59:cc:c4:3b:d2:81:5e:b7:c1:e5:52:b8:5c:
         18:0d:8b:d2:d1:97:10:17:e8:a5:9d:30:3e:c8:4c:39:ab:f8:
         d9:f4:a9:93:7a:8a:ce:58:a9:26:39:cb:52:4d:9a:0c:36:41:
         83:31:50:20
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGyaf6IYpPduTRn98yop8/+eLQHkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjAzOTMyWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NjhiMjc2YzFjODczMTE2OTMzODQ5MTdiMzRkNjU4NDhl
MzU3OTgxYmViNGM2YmFjOWEzNDdkY2VjNTk2Yzc5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZDx1m73E3xuJnrbAxjs8XYJ205kOQZpPHhdNm32wGuGzp
brJapmoenygd8XrJyTu0jOkJvmYfaH+XU8LC1krddoqNPWRpk2EyfN5DHyBZ/wNP
gnX5OLDLTvqRJPgrSQsxhbnI1CPx9q4uOc2cd5BRL36cId5YOoX8g8PBZ4G+m7yn
tfUpCuJ6D+lHN3KzZ9D1f9J5lZsklLFHTydRBZbTiuU7XWq+TIRoMXLJjPg0LReF
vlDtBc8yZEFJxYdQ6xUX2f591vFt7rFEXVmY58rscYjZn+7DlBbTX57mOzL+F3J7
Z5QpAj4XmrvtWQ+PsgT3MScCHgDDfoYRU7NxzJ2LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUs8EpJhSKGF7mqp8R/R+se2NMv8cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAzYWEyYzZhLTU5OWYtNDNkZi04YWRjLWM4NTBhNzk3YzIxMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADrdQwDQYJKoZIhvcNAQELBQADggEBABDGea1CNr648AvEsISAu/Fau+sI
AIMcTT/KwDuuMmvfybGUY785gZSty8JwGSpiPv74E6S03WPyUcZmJFgwDw6egLmM
wcr4SMck8IL3MgK2O6U1sYSkOC7K+9fKKzclfmXbq2XqvT0opD2dzryNaL0Ja40O
RozBQLJrOQpoJ2kVfK5heRCAjkLiR4TlBrNKc8C1D1dHhn5bjrKsY6Fit7R0wKJj
SoD/Y4AhalFn+YdVxLQ2rzTIS7X5wufyauBjRzpxohn+jpCP3OWaWczEO9KBXrfB
5VK4XBgNi9LRlxAX6KWdMD7ITDmr+Nn0qZN6is5YqSY5y1JNmgw2QYMxUCA=
-----END CERTIFICATE-----