Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/07b28242-e9d5-4913-83ce-cf285fce690f.roa
File:                     07b28242-e9d5-4913-83ce-cf285fce690f.roa (raw, json)
Hash identifier:          FUcjZoyCeTAgYKAKgBj6JOM2DzB6/2hTXO77mEh477Y=
Subject key identifier:   BB:53:A3:AB:FD:04:30:71:74:29:AA:B6:06:61:3E:31:38:37:4E:02
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       14A4CC573A07FA41A9FC3DD6E85D516FA691CCEE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/07b28242-e9d5-4913-83ce-cf285fce690f.roa
Signing time:             Fri 26 Sep 2025 01:06:59 +0000
ROA not before:           Fri 26 Sep 2025 01:06:59 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.160.128.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:a4:cc:57:3a:07:fa:41:a9:fc:3d:d6:e8:5d:51:6f:a6:91:cc:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 01:06:59 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=90f33718d1625200e99a575a8885db4261fd67e9313e1d88dc1675ccb03a7913, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4f:ec:a5:48:19:3b:ab:42:69:71:9c:d8:b7:
                    8f:3a:42:de:50:10:20:29:7c:10:62:23:eb:81:9c:
                    14:ca:ff:8d:7c:40:25:8e:6d:30:bf:18:a2:7a:3f:
                    2e:a2:cb:79:f5:a3:d7:02:d0:b3:01:5c:da:e6:33:
                    02:5e:a4:15:bf:79:0d:25:fc:80:44:96:01:fd:ef:
                    e6:df:b3:29:eb:5f:04:08:af:23:c0:47:de:e5:5a:
                    64:98:73:56:8a:20:4c:7f:65:50:fc:84:f4:55:2a:
                    5d:4b:0c:8a:a7:bf:99:a2:43:43:d9:d1:0e:b3:ef:
                    8f:e5:29:6a:dd:56:42:26:9c:13:cd:56:b7:ce:05:
                    bb:3e:98:12:5d:7a:33:6d:95:d3:2e:6e:e7:a3:39:
                    bd:f6:6b:8b:df:c5:7b:d5:bf:43:05:c4:c0:c7:a2:
                    27:08:eb:48:79:e7:ed:d7:e0:fe:fb:6d:18:7c:dd:
                    b5:f6:5d:ad:fa:d6:a0:d3:b4:28:b8:4d:ee:06:8c:
                    b5:28:c2:1d:bc:9c:b1:7e:e7:9b:7a:54:be:0b:d8:
                    49:3f:02:f3:c5:9c:5c:ab:8e:ce:41:03:62:95:7d:
                    3d:d3:9c:58:1a:f1:99:02:e5:ed:5d:d9:25:45:3d:
                    59:1a:d0:98:b9:f1:f4:fd:4a:18:eb:2e:58:31:56:
                    95:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:53:A3:AB:FD:04:30:71:74:29:AA:B6:06:61:3E:31:38:37:4E:02
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/07b28242-e9d5-4913-83ce-cf285fce690f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.160.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         67:b5:d1:1f:af:a9:c4:27:76:b1:3d:12:4e:04:c1:92:95:f9:
         db:dd:3f:9c:b7:09:7b:56:e7:2a:70:b3:53:67:20:4e:96:42:
         6d:f3:ec:09:d3:ab:ae:30:b6:61:d1:10:ed:e4:4f:72:77:24:
         0d:94:ff:53:1c:1b:e6:46:56:ea:08:5c:d3:a8:57:05:f9:31:
         cc:bd:61:3d:a9:33:a0:41:93:a6:c5:d0:1f:d1:81:72:53:ca:
         10:b6:39:c9:57:2c:62:a2:60:33:b3:df:bb:aa:e7:db:84:af:
         3f:1a:92:b6:40:cf:fe:5c:92:20:c1:51:33:1c:47:45:e2:9c:
         86:d1:ac:fb:90:c2:97:9c:ee:cb:24:c1:5d:c0:e7:6c:ba:8f:
         92:e2:7f:4c:dd:c6:57:f5:88:88:01:34:af:d0:a5:52:36:aa:
         8a:f7:01:e0:9d:4f:27:e0:b4:97:46:a9:d7:16:dc:09:74:05:
         e1:5a:77:b3:45:fb:45:f1:ed:d0:e5:04:f2:f2:9e:8d:18:1e:
         8b:b7:f2:a8:94:ca:9a:d9:a9:0c:51:10:84:05:4f:42:0a:48:
         92:42:dd:1f:04:5d:ec:f9:b7:89:a9:87:4f:fe:84:6b:22:10:
         65:9e:3f:4f:ee:95:ed:70:42:c8:c8:3a:f0:cb:31:1b:3d:0e:
         8c:c1:05:00
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFKTMVzoH+kGp/D3W6F1Rb6aRzO4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDEwNjU5WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MGYzMzcxOGQxNjI1MjAwZTk5YTU3NWE4ODg1ZGI0MjYx
ZmQ2N2U5MzEzZTFkODhkYzE2NzVjY2IwM2E3OTEzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCT+ylSBk7q0JpcZzYt486Qt5QECApfBBiI+uBnBTK/418
QCWObTC/GKJ6Py6iy3n1o9cC0LMBXNrmMwJepBW/eQ0l/IBElgH97+bfsynrXwQI
ryPAR97lWmSYc1aKIEx/ZVD8hPRVKl1LDIqnv5miQ0PZ0Q6z74/lKWrdVkImnBPN
VrfOBbs+mBJdejNtldMubuejOb32a4vfxXvVv0MFxMDHoicI60h55+3X4P77bRh8
3bX2Xa361qDTtCi4Te4GjLUowh28nLF+55t6VL4L2Ek/AvPFnFyrjs5BA2KVfT3T
nFga8ZkC5e1d2SVFPVka0Ji58fT9ShjrLlgxVpUFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUu1Ojq/0EMHF0Kaq2BmE+MTg3TgIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA3YjI4MjQyLWU5ZDUtNDkxMy04M2NlLWNmMjg1ZmNlNjkwZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMDoIAwDQYJKoZIhvcNAQELBQADggEBAGe10R+vqcQndrE9Ek4EwZKV+dvd
P5y3CXtW5ypws1NnIE6WQm3z7AnTq64wtmHREO3kT3J3JA2U/1McG+ZGVuoIXNOo
VwX5Mcy9YT2pM6BBk6bF0B/RgXJTyhC2OclXLGKiYDOz37uq59uErz8akrZAz/5c
kiDBUTMcR0XinIbRrPuQwpec7sskwV3A52y6j5Lif0zdxlf1iIgBNK/QpVI2qor3
AeCdTyfgtJdGqdcW3Al0BeFad7NF+0Xx7dDlBPLyno0YHou38qiUyprZqQxREIQF
T0IKSJJC3R8EXez5t4mph0/+hGsiEGWeP0/ule1wQsjIOvDLMRs9DozBBQA=
-----END CERTIFICATE-----