Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/08f61627-3b7f-4f25-95e9-268ff3501479.roa
File:                     08f61627-3b7f-4f25-95e9-268ff3501479.roa (raw, json)
Hash identifier:          H+E9l6wdf9ywk7cRydiOtr/bZMFuOGeTd81sqW+PSJw=
Subject key identifier:   B3:B7:B5:F1:C1:A2:73:90:DC:8F:B2:51:8C:E1:03:78:11:BC:51:BC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       257F43C9DC329C0399D367110BF7595BE14FDABA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/08f61627-3b7f-4f25-95e9-268ff3501479.roa
Signing time:             Thu 25 Sep 2025 19:12:43 +0000
ROA not before:           Thu 25 Sep 2025 19:12:43 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.168.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:7f:43:c9:dc:32:9c:03:99:d3:67:11:0b:f7:59:5b:e1:4f:da:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 19:12:43 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=fbd99f406ea6fd09fad20b254cb860f3d426f7f8b7f06fb2041a946fa5f7c064, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ed:45:94:75:f0:9b:35:97:4a:71:2f:eb:f4:
                    66:0e:1f:b4:94:7c:a0:8f:a0:60:0f:b0:3d:dd:a6:
                    fe:07:9a:65:48:64:4e:02:b7:fb:90:7e:de:a1:96:
                    02:f9:e0:66:9d:10:e4:15:96:6d:52:16:64:80:d3:
                    54:7d:90:c6:87:e7:90:96:16:cb:90:9f:99:8d:02:
                    fa:9c:6a:e4:45:55:1a:9e:0f:d5:00:ec:eb:52:8d:
                    d7:a0:d7:d5:77:24:75:a7:19:14:be:01:ea:05:36:
                    aa:13:66:dd:68:2c:20:3f:64:8e:e1:2b:f6:6c:be:
                    22:ea:49:77:e5:5a:50:4a:8a:cb:dc:c4:15:15:5f:
                    18:ae:94:ac:b5:c5:1a:0c:5f:73:78:97:08:4c:c2:
                    c1:8e:04:5d:57:c4:91:29:62:69:e2:8d:0e:37:6f:
                    9f:79:8e:6c:d8:bc:f5:26:0c:87:7d:cc:ef:fa:4c:
                    f5:f5:0b:97:8f:b4:97:a7:cc:83:2d:da:af:4d:ff:
                    f1:97:f5:48:30:ba:f0:6f:86:62:b3:7d:50:5c:49:
                    79:10:9e:dc:d5:55:03:b1:fb:7d:62:a3:da:5e:02:
                    42:73:f7:b2:9c:22:67:78:29:67:6c:79:27:f9:55:
                    c1:87:f7:bb:3c:00:ab:8c:fa:cc:64:54:a0:f3:ea:
                    12:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:B7:B5:F1:C1:A2:73:90:DC:8F:B2:51:8C:E1:03:78:11:BC:51:BC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/08f61627-3b7f-4f25-95e9-268ff3501479.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.168.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:37:5c:6e:b6:f6:eb:4a:61:da:ea:6f:cf:1a:26:2d:2f:4c:
         5d:06:a7:72:01:2d:86:cb:88:79:4f:88:d1:60:66:52:43:1a:
         48:03:88:d6:cb:0e:06:e5:d4:33:f1:71:6b:05:cb:23:23:2c:
         db:ea:eb:24:ca:7a:4e:7b:30:c9:d4:de:3c:71:12:64:5f:7e:
         b4:9e:84:24:2b:35:8c:20:3a:9c:3d:13:90:a2:3b:d7:34:6d:
         9c:27:85:5b:ff:12:2e:b7:36:80:b1:fe:84:c5:3c:12:a0:48:
         d0:45:33:8a:02:af:fb:6e:ad:c1:f1:d7:19:79:ab:ff:71:5c:
         28:a4:df:ba:9b:4c:be:39:df:9a:5d:8e:f0:66:54:10:ce:ac:
         0b:10:71:c9:b4:ae:5c:ff:80:a9:63:3d:d8:d6:fe:2d:41:32:
         4a:48:7d:fb:85:dd:27:b0:2c:8e:6c:6d:e6:b9:d2:dc:25:98:
         6c:cc:6d:3b:4d:2a:55:ff:b3:6d:e7:4b:74:8f:e0:fe:0d:64:
         4c:67:1d:6b:78:97:78:13:19:a4:c8:9c:dd:d5:f2:82:9d:67:
         dd:19:f1:cf:2e:3a:c1:d5:d2:67:bf:a6:5b:0e:ef:72:bf:10:
         27:3c:3a:ed:61:37:fd:2d:c3:fe:7b:6d:93:24:b6:a6:8e:b8:
         6d:d7:75:e8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJX9DydwynAOZ02cRC/dZW+FP2rowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTkxMjQzWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYmQ5OWY0MDZlYTZmZDA5ZmFkMjBiMjU0Y2I4NjBmM2Q0
MjZmN2Y4YjdmMDZmYjIwNDFhOTQ2ZmE1ZjdjMDY0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ7UWUdfCbNZdKcS/r9GYOH7SUfKCPoGAPsD3dpv4HmmVI
ZE4Ct/uQft6hlgL54GadEOQVlm1SFmSA01R9kMaH55CWFsuQn5mNAvqcauRFVRqe
D9UA7OtSjdeg19V3JHWnGRS+AeoFNqoTZt1oLCA/ZI7hK/ZsviLqSXflWlBKisvc
xBUVXxiulKy1xRoMX3N4lwhMwsGOBF1XxJEpYmnijQ43b595jmzYvPUmDId9zO/6
TPX1C5ePtJenzIMt2q9N//GX9UgwuvBvhmKzfVBcSXkQntzVVQOx+31io9peAkJz
97KcImd4KWdseSf5VcGH97s8AKuM+sxkVKDz6hI3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUs7e18cGic5Dcj7JRjOEDeBG8UbwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA4ZjYxNjI3LTNiN2YtNGYyNS05NWU5LTI2OGZmMzUwMTQ3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADqKQwDQYJKoZIhvcNAQELBQADggEBAI83XG629utKYdrqb88aJi0vTF0G
p3IBLYbLiHlPiNFgZlJDGkgDiNbLDgbl1DPxcWsFyyMjLNvq6yTKek57MMnU3jxx
EmRffrSehCQrNYwgOpw9E5CiO9c0bZwnhVv/Ei63NoCx/oTFPBKgSNBFM4oCr/tu
rcHx1xl5q/9xXCik37qbTL4535pdjvBmVBDOrAsQccm0rlz/gKljPdjW/i1BMkpI
ffuF3SewLI5sbea50twlmGzMbTtNKlX/s23nS3SP4P4NZExnHWt4l3gTGaTInN3V
8oKdZ90Z8c8uOsHV0me/plsO73K/ECc8Ou1hN/0tw/57bZMktqaOuG3Xdeg=
-----END CERTIFICATE-----