Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/044c34c4-d658-467b-9074-f0c12e683df1.roa
File:                     044c34c4-d658-467b-9074-f0c12e683df1.roa (raw, json)
Hash identifier:          Je0GptZYyHn4b94g1FlE1bJ+0X4ECnzpGZe/2mz31Ug=
Subject key identifier:   76:F3:66:C2:2E:A9:4B:70:40:C8:39:0D:03:F7:6F:C6:CA:27:F5:F2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5950A99C2AE067BD2C406C56445D05B3F6B7ACAA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/044c34c4-d658-467b-9074-f0c12e683df1.roa
Signing time:             Thu 25 Sep 2025 19:30:01 +0000
ROA not before:           Thu 25 Sep 2025 19:30:01 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.169.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:50:a9:9c:2a:e0:67:bd:2c:40:6c:56:44:5d:05:b3:f6:b7:ac:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 19:30:01 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=707a2bcf3cd8bb82b4ff0599de18cc63b668cc7a200f3ccc95b2bc0c4fffbc82, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4e:de:4b:2e:bc:26:83:c9:9d:84:46:1e:01:
                    5a:43:b0:b5:37:81:a1:28:e7:c4:13:fe:e1:95:ad:
                    fd:86:1f:f6:5c:a7:b5:f5:c1:d6:9d:6f:2d:5e:fe:
                    52:17:9b:c6:0b:a9:f5:41:57:ff:43:21:cc:96:7f:
                    f4:d6:f9:db:f0:61:a5:2f:da:7b:67:47:7f:01:0e:
                    29:ab:2c:c3:4f:ec:03:a2:32:c4:cc:42:43:4e:b2:
                    09:ea:ca:f4:a7:ed:a4:0d:dc:0b:99:05:ae:e2:d3:
                    a7:b5:69:86:4b:37:34:a6:b1:47:d7:19:d7:9a:7e:
                    25:6a:f3:54:bf:4a:4f:55:13:28:6e:2a:11:38:d0:
                    67:57:42:4a:85:2e:f8:f7:d7:b0:39:6c:e3:d0:c1:
                    d9:0f:83:dd:4a:64:b9:b1:d8:d7:da:6e:04:20:e1:
                    23:33:0b:7c:84:44:dd:e3:ca:1d:55:04:06:d7:9a:
                    ce:2e:d2:e7:a0:6d:34:f7:d8:29:f3:52:71:d2:e9:
                    c8:6f:f1:69:50:fc:29:62:36:b9:32:0c:92:70:61:
                    63:3c:5b:9e:c1:b0:44:9b:3c:13:79:b3:e1:19:b6:
                    90:41:bf:af:b7:9c:13:bd:57:40:aa:bc:f5:5b:05:
                    d0:b9:07:5b:fb:48:9c:90:0a:c1:4a:6d:d3:ad:98:
                    94:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:F3:66:C2:2E:A9:4B:70:40:C8:39:0D:03:F7:6F:C6:CA:27:F5:F2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/044c34c4-d658-467b-9074-f0c12e683df1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.169.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:97:02:45:be:51:d4:c8:25:9e:b7:91:72:aa:ba:27:67:9b:
         d6:74:a1:04:a2:c8:c2:55:4e:3d:35:30:48:2b:d8:7a:87:3f:
         b4:b4:c4:2c:d0:e1:9c:6e:f3:77:ed:7b:6c:04:98:ff:d1:6a:
         03:2b:22:da:e3:6d:ec:10:70:ad:e5:bd:5c:76:e3:24:16:8c:
         cb:1f:5e:36:43:41:14:2b:d0:bf:62:c0:1f:d7:78:fb:15:29:
         7c:87:94:10:47:ac:f2:6a:9f:e3:39:11:a0:29:29:e4:ab:f6:
         a9:14:30:19:36:a7:e2:29:4c:be:c9:15:31:22:2f:07:c8:13:
         d3:07:62:d0:4b:34:22:94:f4:43:48:e5:90:11:73:86:56:0a:
         60:40:2a:8a:bb:a7:0c:9e:8a:70:5b:3e:7e:5d:1a:10:56:3e:
         64:e7:eb:28:78:12:b6:8e:4f:20:69:0e:db:b8:27:9d:3d:96:
         f6:9c:60:59:c9:55:2a:63:54:94:97:e4:94:19:a2:6d:64:0b:
         93:70:93:99:1f:e8:aa:a6:b4:aa:10:b8:8a:29:3b:4e:f8:17:
         ca:32:f6:96:15:db:53:e2:64:17:ff:b6:4a:0a:1e:99:93:ba:
         ad:27:d7:fe:97:b5:ab:89:9f:e7:04:fb:d6:f3:38:d8:cd:57:
         7f:f4:c7:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWVCpnCrgZ70sQGxWRF0Fs/a3rKowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTkzMDAxWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MDdhMmJjZjNjZDhiYjgyYjRmZjA1OTlkZTE4Y2M2M2I2
NjhjYzdhMjAwZjNjY2M5NWIyYmMwYzRmZmZiYzgyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUTt5LLrwmg8mdhEYeAVpDsLU3gaEo58QT/uGVrf2GH/Zc
p7X1wdadby1e/lIXm8YLqfVBV/9DIcyWf/TW+dvwYaUv2ntnR38BDimrLMNP7AOi
MsTMQkNOsgnqyvSn7aQN3AuZBa7i06e1aYZLNzSmsUfXGdeafiVq81S/Sk9VEyhu
KhE40GdXQkqFLvj317A5bOPQwdkPg91KZLmx2NfabgQg4SMzC3yERN3jyh1VBAbX
ms4u0uegbTT32CnzUnHS6chv8WlQ/CliNrkyDJJwYWM8W57BsESbPBN5s+EZtpBB
v6+3nBO9V0CqvPVbBdC5B1v7SJyQCsFKbdOtmJRZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdvNmwi6pS3BAyDkNA/dvxson9fIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA0NGMzNGM0LWQ2NTgtNDY3Yi05MDc0LWYwYzEyZTY4M2RmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADqYkwDQYJKoZIhvcNAQELBQADggEBAA+XAkW+UdTIJZ63kXKquidnm9Z0
oQSiyMJVTj01MEgr2HqHP7S0xCzQ4Zxu83fte2wEmP/RagMrItrjbewQcK3lvVx2
4yQWjMsfXjZDQRQr0L9iwB/XePsVKXyHlBBHrPJqn+M5EaApKeSr9qkUMBk2p+Ip
TL7JFTEiLwfIE9MHYtBLNCKU9ENI5ZARc4ZWCmBAKoq7pwyeinBbPn5dGhBWPmTn
6yh4EraOTyBpDtu4J509lvacYFnJVSpjVJSX5JQZom1kC5Nwk5kf6KqmtKoQuIop
O074F8oy9pYV21PiZBf/tkoKHpmTuq0n1/6XtauJn+cE+9bzONjNV3/0xyk=
-----END CERTIFICATE-----