Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/069360b3-8bdd-4b81-8722-2161b1f9841e.roa
File:                     069360b3-8bdd-4b81-8722-2161b1f9841e.roa (raw, json)
Hash identifier:          JG0eeyAYERalbc5S7yGmZkQXbXnlQH1Kk676wtoDRHM=
Subject key identifier:   F1:79:9B:9A:4B:55:EA:1B:FF:A0:91:6F:3F:29:C5:E6:CE:86:5C:67
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       55E63185FEE0109F9880F8981F8EC3E709ED8B43
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/069360b3-8bdd-4b81-8722-2161b1f9841e.roa
Signing time:             Thu 25 Sep 2025 19:15:33 +0000
ROA not before:           Thu 25 Sep 2025 19:15:33 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.168.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:e6:31:85:fe:e0:10:9f:98:80:f8:98:1f:8e:c3:e7:09:ed:8b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 19:15:33 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=25ca24df6a3e166349882b2ef2a3c324a5bf059e79707a7dd5d798f076f734af, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b0:90:9e:cb:f8:9c:89:9d:8a:3d:ac:b0:11:
                    3e:40:ed:c1:17:9c:32:f9:c5:32:50:4d:e1:38:92:
                    0b:ad:d7:80:54:be:c0:7e:a4:d1:a9:c8:e3:a5:84:
                    dc:9a:9d:45:96:d9:c6:ec:b9:e2:54:ea:49:51:fd:
                    69:e0:6f:70:35:22:a5:50:92:ba:3b:9a:7e:ff:25:
                    b7:1e:88:0d:5f:15:99:ac:83:12:d1:23:34:24:ea:
                    72:39:8d:b9:9f:27:7f:d0:0f:d2:69:87:aa:f3:07:
                    1e:b1:14:99:58:91:ac:d7:f5:7c:42:bd:b3:55:9e:
                    bd:c7:f0:11:ec:68:28:2d:da:dd:d4:f4:a8:5c:62:
                    f4:56:e8:42:7f:f4:21:90:fe:c7:df:5e:43:b6:a9:
                    8a:5f:53:e9:50:06:88:d2:18:b8:50:07:47:f5:66:
                    cd:88:a9:eb:23:19:29:f6:08:03:fe:c8:db:9d:b4:
                    d4:13:de:e3:cb:0a:ce:06:d4:e2:72:ad:52:c4:aa:
                    98:6e:54:00:4b:2d:35:9b:22:f3:1c:15:fe:cf:d8:
                    f7:cf:b5:ba:9b:ee:ef:74:9c:4a:d1:11:30:a8:0b:
                    73:11:b7:4e:7d:09:86:c6:d9:5a:52:61:49:8f:6c:
                    05:c4:f2:48:1e:a6:89:03:5c:a4:ed:36:e7:ff:6f:
                    db:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:79:9B:9A:4B:55:EA:1B:FF:A0:91:6F:3F:29:C5:E6:CE:86:5C:67
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/069360b3-8bdd-4b81-8722-2161b1f9841e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.168.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:a7:cd:7e:3d:28:50:c7:31:64:0d:94:8f:d6:24:d0:c6:9b:
         da:66:22:d1:a6:9a:c4:d1:1d:66:47:3f:29:0d:f2:62:6b:c0:
         76:1d:05:80:a5:93:9a:71:36:2c:15:27:0c:ed:fa:ef:3d:ac:
         27:28:cb:32:9b:2f:0b:41:07:70:3b:fc:b4:85:69:c1:f6:63:
         c8:b1:97:50:e7:bb:a0:f1:b2:4f:28:f7:7b:e6:e4:57:32:ac:
         3c:25:19:be:f3:2b:92:ef:87:9b:f0:c3:8f:3c:cf:e3:13:25:
         f3:d1:f0:26:82:32:90:64:0d:14:e8:04:42:e0:89:03:96:b2:
         14:d7:9d:8d:72:35:4e:99:25:44:b2:f8:1f:dc:7b:89:8f:d2:
         e9:46:50:1a:3f:a3:15:e9:ce:fc:0c:c7:c9:2c:92:62:72:70:
         8a:98:a3:80:fc:60:c0:86:8c:ad:ac:43:d2:48:d5:a0:a5:1d:
         10:d7:63:c2:75:3d:3d:a2:96:04:b7:9e:1a:42:c1:5c:e2:17:
         33:82:b5:ee:64:12:6c:69:74:7c:81:95:02:84:16:fe:7d:06:
         52:4f:51:4a:b7:60:2a:09:c0:58:5c:60:80:e9:0a:ba:98:66:
         76:11:d1:a1:9c:8d:10:93:1a:c1:9d:a0:2a:06:5e:4e:d1:e2:
         17:11:a8:b3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVeYxhf7gEJ+YgPiYH47D5wnti0MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTkxNTMzWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNWNhMjRkZjZhM2UxNjYzNDk4ODJiMmVmMmEzYzMyNGE1
YmYwNTllNzk3MDdhN2RkNWQ3OThmMDc2ZjczNGFmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrsJCey/iciZ2KPaywET5A7cEXnDL5xTJQTeE4kgut14BU
vsB+pNGpyOOlhNyanUWW2cbsueJU6klR/Wngb3A1IqVQkro7mn7/JbceiA1fFZms
gxLRIzQk6nI5jbmfJ3/QD9Jph6rzBx6xFJlYkazX9XxCvbNVnr3H8BHsaCgt2t3U
9KhcYvRW6EJ/9CGQ/sffXkO2qYpfU+lQBojSGLhQB0f1Zs2IqesjGSn2CAP+yNud
tNQT3uPLCs4G1OJyrVLEqphuVABLLTWbIvMcFf7P2PfPtbqb7u90nErRETCoC3MR
t059CYbG2VpSYUmPbAXE8kgepokDXKTtNuf/b9u3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8XmbmktV6hv/oJFvPynF5s6GXGcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA2OTM2MGIzLThiZGQtNGI4MS04NzIyLTIxNjFiMWY5ODQxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADqNEwDQYJKoZIhvcNAQELBQADggEBAK6nzX49KFDHMWQNlI/WJNDGm9pm
ItGmmsTRHWZHPykN8mJrwHYdBYClk5pxNiwVJwzt+u89rCcoyzKbLwtBB3A7/LSF
acH2Y8ixl1Dnu6Dxsk8o93vm5FcyrDwlGb7zK5Lvh5vww488z+MTJfPR8CaCMpBk
DRToBELgiQOWshTXnY1yNU6ZJUSy+B/ce4mP0ulGUBo/oxXpzvwMx8kskmJycIqY
o4D8YMCGjK2sQ9JI1aClHRDXY8J1PT2ilgS3nhpCwVziFzOCte5kEmxpdHyBlQKE
Fv59BlJPUUq3YCoJwFhcYIDpCrqYZnYR0aGcjRCTGsGdoCoGXk7R4hcRqLM=
-----END CERTIFICATE-----