Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0eaab1ab-119b-499e-b268-2190573c10d0.roa
File:                     0eaab1ab-119b-499e-b268-2190573c10d0.roa (raw, json)
Hash identifier:          Q0Fj8AMpV8svMSRAiT6cAUHKHsCCGfXubSGwo1FdDmo=
Subject key identifier:   A5:53:AB:40:4B:EE:15:0F:FD:DF:0C:66:02:AE:2C:EA:21:9F:7F:BE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4EDBD608417262FBB448370AA4012FDCB0AE1D1D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0eaab1ab-119b-499e-b268-2190573c10d0.roa
Signing time:             Thu 25 Sep 2025 18:57:40 +0000
ROA not before:           Thu 25 Sep 2025 18:57:40 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.167.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:db:d6:08:41:72:62:fb:b4:48:37:0a:a4:01:2f:dc:b0:ae:1d:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 18:57:40 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=34d7862c4400d2b332f51145224b01de3493c84ef0c8d3b81f0aa1319ab58c19, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c7:9a:a8:81:aa:28:df:6f:2f:c2:24:ef:23:
                    61:37:00:94:55:f2:08:04:55:dd:28:cb:cb:f3:b1:
                    6c:df:8e:8a:dc:2a:ed:ae:30:cc:1a:24:c6:2a:07:
                    ee:4e:18:36:8a:cf:a8:c2:23:fb:35:ea:60:92:bb:
                    e8:8c:2e:11:e9:6a:17:91:73:60:75:2d:42:3d:a0:
                    c0:6f:77:75:f9:0a:35:f2:e9:e4:4d:7a:b2:8f:0f:
                    df:80:a1:70:91:b0:b2:35:fa:96:0e:a0:cd:b3:fe:
                    fc:19:04:22:75:d9:37:dd:c1:56:5a:a7:e3:8e:25:
                    c8:07:b3:ab:6e:01:bb:2f:d9:8c:f6:9b:5d:08:ed:
                    64:5e:3b:f4:e7:a7:5a:b6:a1:4c:1b:72:48:e0:c5:
                    cf:6a:ff:5d:38:b2:8b:4f:15:af:d9:96:38:75:d5:
                    bf:97:aa:7e:21:72:82:99:82:72:d2:c0:67:c0:7f:
                    73:c7:21:21:96:90:e2:86:8a:f9:d0:0e:a0:35:a3:
                    73:cd:d4:0a:19:75:57:b4:b6:7f:ae:4b:db:d2:d5:
                    49:e3:b4:4a:e6:00:73:f2:11:a1:32:a3:91:b6:87:
                    32:06:be:13:30:93:57:ec:c9:50:6e:25:a7:d1:26:
                    70:17:90:f1:bd:12:f0:cb:b5:42:8d:28:8c:a8:09:
                    bf:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:53:AB:40:4B:EE:15:0F:FD:DF:0C:66:02:AE:2C:EA:21:9F:7F:BE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0eaab1ab-119b-499e-b268-2190573c10d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.167.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:28:a0:04:e4:3d:3b:97:81:6c:35:f8:c6:56:95:0b:54:2b:
         e4:12:45:7f:0d:a8:18:3b:13:b2:09:57:0c:f6:ea:0d:e5:1b:
         86:23:07:07:bb:d1:24:56:79:83:25:f7:bc:82:da:8d:f8:5b:
         35:01:8a:2a:4c:66:47:40:ce:e9:8f:ab:42:8d:ea:06:ed:00:
         4e:50:88:f3:cd:20:7b:9c:2a:1c:34:56:1d:59:3a:74:38:12:
         29:55:4a:af:dd:b5:3d:50:cf:92:22:67:ee:91:26:af:49:1b:
         c8:4b:58:82:ed:dd:57:1f:d5:f4:6c:65:b3:ea:ce:e7:b3:58:
         06:8c:08:df:f5:cb:5d:b0:9e:3f:07:7a:08:89:a7:17:9c:00:
         30:33:67:d8:68:75:d6:a3:5c:99:e4:47:99:dd:74:45:c9:9a:
         8c:54:46:23:46:40:a4:14:e9:0d:39:6a:25:8f:71:8c:67:69:
         4a:2f:d9:2e:d4:58:43:42:3f:26:e0:fc:e2:57:ed:bc:9f:32:
         24:67:01:18:9e:e9:74:14:4a:13:ea:59:6f:db:cc:ae:2f:0f:
         c4:f4:5f:c0:c3:c9:c3:c1:80:0e:34:bc:d4:7e:67:9d:94:e6:
         41:98:99:a6:ce:fd:3f:af:ff:0e:38:d2:3a:f6:37:cf:8c:18:
         ca:08:e9:77
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTtvWCEFyYvu0SDcKpAEv3LCuHR0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTg1NzQwWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNGQ3ODYyYzQ0MDBkMmIzMzJmNTExNDUyMjRiMDFkZTM0
OTNjODRlZjBjOGQzYjgxZjBhYTEzMTlhYjU4YzE5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCux5qogaoo328vwiTvI2E3AJRV8ggEVd0oy8vzsWzfjorc
Ku2uMMwaJMYqB+5OGDaKz6jCI/s16mCSu+iMLhHpaheRc2B1LUI9oMBvd3X5CjXy
6eRNerKPD9+AoXCRsLI1+pYOoM2z/vwZBCJ12TfdwVZap+OOJcgHs6tuAbsv2Yz2
m10I7WReO/Tnp1q2oUwbckjgxc9q/104sotPFa/Zljh11b+Xqn4hcoKZgnLSwGfA
f3PHISGWkOKGivnQDqA1o3PN1AoZdVe0tn+uS9vS1UnjtErmAHPyEaEyo5G2hzIG
vhMwk1fsyVBuJafRJnAXkPG9EvDLtUKNKIyoCb/rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpVOrQEvuFQ/93wxmAq4s6iGff74wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBlYWFiMWFiLTExOWItNDk5ZS1iMjY4LTIxOTA1NzNjMTBkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADp9gwDQYJKoZIhvcNAQELBQADggEBAIYooATkPTuXgWw1+MZWlQtUK+QS
RX8NqBg7E7IJVwz26g3lG4YjBwe70SRWeYMl97yC2o34WzUBiipMZkdAzumPq0KN
6gbtAE5QiPPNIHucKhw0Vh1ZOnQ4EilVSq/dtT1Qz5IiZ+6RJq9JG8hLWILt3Vcf
1fRsZbPqzuezWAaMCN/1y12wnj8HegiJpxecADAzZ9hoddajXJnkR5nddEXJmoxU
RiNGQKQU6Q05aiWPcYxnaUov2S7UWENCPybg/OJX7byfMiRnARie6XQUShPqWW/b
zK4vD8T0X8DDycPBgA40vNR+Z52U5kGYmabO/T+v/w440jr2N8+MGMoI6Xc=
-----END CERTIFICATE-----