Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ea582ad-c67b-422c-94af-156ab42ec008.roa
File:                     0ea582ad-c67b-422c-94af-156ab42ec008.roa (raw, json)
Hash identifier:          bbFKI5XrXRyNNymNoLsvUXic+LwD+lQV7qVpKos1omU=
Subject key identifier:   B2:43:4E:7C:DA:CD:E1:06:E3:06:F7:7A:44:5A:BF:DD:99:C3:F8:CA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       20CB4D6E5529F1EA04BA9FB119115BCB9391D100
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ea582ad-c67b-422c-94af-156ab42ec008.roa
Signing time:             Thu 25 Sep 2025 19:24:52 +0000
ROA not before:           Thu 25 Sep 2025 19:24:52 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.168.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:cb:4d:6e:55:29:f1:ea:04:ba:9f:b1:19:11:5b:cb:93:91:d1:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 19:24:52 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=85619adc80557e9818fbb466c9cc3580d33111abd7db4798367bb26e62717bf0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ee:30:da:ce:bb:90:e4:97:a5:a9:a2:3b:24:
                    b5:5c:e9:36:17:28:2e:cc:7b:03:bb:e6:05:6a:53:
                    5c:62:a7:b4:ee:22:a3:d0:16:67:6c:d9:0c:89:bc:
                    46:37:68:86:75:df:41:58:92:ad:ee:27:eb:4f:49:
                    64:93:e7:25:93:c1:f3:22:f2:93:ee:d7:55:a8:c0:
                    b6:a9:bb:5f:1e:52:9d:05:5f:dd:fc:a3:99:76:1e:
                    3c:4a:70:ae:d2:22:62:3b:2e:a6:b4:c4:2f:7b:cb:
                    9f:a7:61:0a:cf:21:32:f8:84:e4:d5:a6:c1:1b:d4:
                    ce:3d:c9:a6:10:7b:23:b1:c9:39:f5:a9:74:ef:38:
                    0c:c5:4c:9a:5a:b9:e4:6d:79:1b:38:76:3c:4b:a4:
                    de:73:0b:50:ab:c8:a5:b4:69:af:72:d5:61:25:ab:
                    d7:ef:8a:d7:2f:d3:07:b6:92:46:bf:a5:6c:df:06:
                    07:53:6d:bc:02:2e:7d:c2:94:50:ed:17:73:55:3a:
                    eb:bd:53:f5:14:59:3e:2d:ec:62:1e:f1:25:a0:80:
                    ac:59:6c:fb:a4:b6:ab:10:12:79:0c:f7:3c:be:f4:
                    7c:70:72:51:64:6a:da:7e:5d:12:43:79:99:33:4d:
                    2b:8d:15:da:b2:e0:bc:46:0d:47:db:1b:f7:01:69:
                    04:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:43:4E:7C:DA:CD:E1:06:E3:06:F7:7A:44:5A:BF:DD:99:C3:F8:CA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ea582ad-c67b-422c-94af-156ab42ec008.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.168.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:0d:5e:b9:0c:28:ef:4c:d2:a3:93:17:d4:d4:37:01:01:b3:
         4f:3f:08:ce:ae:72:1c:67:60:6c:53:3b:89:d4:f4:ef:83:c1:
         7f:a7:2b:ec:20:ba:14:2b:87:f2:b3:57:62:36:d9:88:03:63:
         d3:a4:c4:7b:19:aa:21:23:45:5a:1b:91:86:63:4e:63:f5:fc:
         99:db:dd:a4:7c:3c:be:d5:51:6e:c0:ec:ba:3f:6e:b4:c1:e5:
         0b:9a:5c:8a:3c:84:b3:8a:93:ed:ef:93:ae:0c:c6:5e:29:d2:
         0c:ce:ff:f2:ed:c0:f3:ec:cc:47:0d:2b:f5:de:67:01:ee:e5:
         e8:7c:c8:42:9b:31:67:fe:fd:a5:60:7f:bf:fe:90:54:d2:61:
         89:41:d5:09:5b:2b:01:45:b7:5c:5e:59:53:14:3a:a4:77:6d:
         35:71:52:02:4e:ff:6f:0a:89:a6:2a:8e:37:81:dc:1e:66:41:
         c8:ae:95:2a:25:1c:d5:14:f9:c0:ea:e9:3e:39:b0:27:18:5e:
         15:cd:41:62:ec:96:cb:72:81:a0:3e:2f:07:00:5d:59:3d:84:
         a7:42:e6:65:85:55:19:4a:ea:93:2d:47:01:46:96:bc:3c:24:
         43:58:8c:7f:ab:d0:19:eb:f1:9c:fb:d9:fd:f7:02:0e:3b:e2:
         4e:ab:60:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIMtNblUp8eoEup+xGRFby5OR0QAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTkyNDUyWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTYxOWFkYzgwNTU3ZTk4MThmYmI0NjZjOWNjMzU4MGQz
MzExMWFiZDdkYjQ3OTgzNjdiYjI2ZTYyNzE3YmYwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDE7jDazruQ5JelqaI7JLVc6TYXKC7MewO75gVqU1xip7Tu
IqPQFmds2QyJvEY3aIZ130FYkq3uJ+tPSWST5yWTwfMi8pPu11WowLapu18eUp0F
X938o5l2HjxKcK7SImI7Lqa0xC97y5+nYQrPITL4hOTVpsEb1M49yaYQeyOxyTn1
qXTvOAzFTJpaueRteRs4djxLpN5zC1CryKW0aa9y1WElq9fvitcv0we2kka/pWzf
BgdTbbwCLn3ClFDtF3NVOuu9U/UUWT4t7GIe8SWggKxZbPuktqsQEnkM9zy+9Hxw
clFkatp+XRJDeZkzTSuNFdqy4LxGDUfbG/cBaQSLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUskNOfNrN4QbjBvd6RFq/3ZnD+MowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBlYTU4MmFkLWM2N2ItNDIyYy05NGFmLTE1NmFiNDJlYzAwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADqFMwDQYJKoZIhvcNAQELBQADggEBABcNXrkMKO9M0qOTF9TUNwEBs08/
CM6uchxnYGxTO4nU9O+DwX+nK+wguhQrh/KzV2I22YgDY9OkxHsZqiEjRVobkYZj
TmP1/Jnb3aR8PL7VUW7A7Lo/brTB5QuaXIo8hLOKk+3vk64Mxl4p0gzO//LtwPPs
zEcNK/XeZwHu5eh8yEKbMWf+/aVgf7/+kFTSYYlB1QlbKwFFt1xeWVMUOqR3bTVx
UgJO/28KiaYqjjeB3B5mQciulSolHNUU+cDq6T45sCcYXhXNQWLslstygaA+LwcA
XVk9hKdC5mWFVRlK6pMtRwFGlrw8JENYjH+r0Bnr8Zz72f33Ag474k6rYFo=
-----END CERTIFICATE-----