Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0fcf3283-dcaa-4dd2-8b31-4e11c68259f9.roa
File:                     0fcf3283-dcaa-4dd2-8b31-4e11c68259f9.roa (raw, json)
Hash identifier:          olxf72WFbLj+Z1IsLe87b01GUctnLNl99FaNCPr4vbQ=
Subject key identifier:   CF:9A:B2:39:85:1B:1C:CB:6E:14:43:DB:13:39:A3:B7:A4:45:B5:E8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       477CD334D491415BAB2677D66FDED0FB46B0F9DD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0fcf3283-dcaa-4dd2-8b31-4e11c68259f9.roa
Signing time:             Thu 25 Sep 2025 20:14:45 +0000
ROA not before:           Thu 25 Sep 2025 20:14:45 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.171.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:7c:d3:34:d4:91:41:5b:ab:26:77:d6:6f:de:d0:fb:46:b0:f9:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 20:14:45 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=7c172699e91bfb94cdfdfc95545e8499659ec16cc80f10907dee6c883bb1e385, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1e:ab:4f:30:72:fb:39:8c:e4:66:7d:81:17:
                    d3:56:39:03:14:91:9d:4c:a0:2c:dd:1a:fc:93:d3:
                    01:d7:1f:7b:50:e4:02:45:65:5b:08:41:88:79:31:
                    36:92:36:b8:d0:52:f4:8d:c1:db:31:17:4b:a3:cf:
                    40:e7:eb:a0:b2:7b:4f:77:98:27:bf:a9:4b:24:c2:
                    d7:6c:79:cb:ce:cc:36:7a:77:a8:f1:7f:53:d3:47:
                    f2:31:6e:c7:e2:54:b8:74:6f:c1:48:13:ba:43:09:
                    21:7a:de:57:1d:6f:1a:a2:fe:ac:cf:16:f4:6f:83:
                    99:67:fb:a2:b5:e1:6e:f2:a5:c6:67:33:46:9e:52:
                    79:c4:07:e4:8f:4e:46:30:63:41:79:8c:99:44:2f:
                    f6:43:2c:55:90:b1:e7:e4:a8:4e:59:77:2b:51:15:
                    25:23:0b:0a:b1:25:f1:b4:c9:a2:ae:4c:48:b6:1d:
                    98:9c:dd:d9:ad:91:86:84:c7:cb:8b:f7:f7:db:c6:
                    50:d0:1b:78:f7:c9:e2:b3:16:de:ea:30:5b:9a:65:
                    ea:f9:cc:7c:24:c3:cb:af:5f:f0:6f:16:63:23:27:
                    ec:17:27:f5:dd:78:45:55:60:a0:4c:44:e0:13:5e:
                    ca:f4:9b:cc:bb:5c:3d:c2:33:9f:94:cd:62:55:6f:
                    6c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:9A:B2:39:85:1B:1C:CB:6E:14:43:DB:13:39:A3:B7:A4:45:B5:E8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0fcf3283-dcaa-4dd2-8b31-4e11c68259f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.171.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:67:1f:fb:ed:ca:63:f8:41:aa:c5:c1:86:b3:9d:3c:28:5a:
         1b:7f:1b:aa:8d:e4:00:42:68:28:e7:c4:71:fc:d9:d1:db:ab:
         5f:fb:c5:78:91:08:0d:c3:37:01:f4:3c:24:f8:ac:ed:00:41:
         06:e5:f9:e0:2b:76:c5:38:3b:6c:65:06:4f:65:bc:f7:00:fb:
         a8:ac:85:e3:d4:de:ec:e5:da:40:13:ef:db:fe:c8:e1:8c:70:
         69:a6:eb:b7:f7:b4:37:ca:a0:78:88:a2:c5:56:2b:89:c2:0d:
         b6:5f:73:5c:8b:83:51:b0:93:f8:a2:e7:b4:03:56:fe:88:d1:
         f2:15:1f:eb:4d:33:23:58:79:97:db:da:1b:6d:d0:c8:c9:bd:
         06:a5:4a:4b:79:0c:2b:7a:d7:8c:0c:e2:4e:f1:d7:ce:fe:63:
         5b:23:5e:1b:b0:53:ba:21:4e:3e:98:04:27:ff:04:7f:04:55:
         81:ee:5d:00:73:13:fe:b1:b6:5a:09:e0:64:dd:c1:26:7e:68:
         7b:6e:90:3c:cf:e2:f8:b2:7c:a9:86:c7:73:45:89:11:10:ae:
         bd:94:1f:fd:b3:a0:51:f1:7b:06:6e:83:03:8c:7f:bb:38:6a:
         42:14:a2:f5:f2:43:46:35:43:5e:01:21:cb:3b:37:5b:c2:e9:
         fb:35:d1:97
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR3zTNNSRQVurJnfWb97Q+0aw+d0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjAxNDQ1WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YzE3MjY5OWU5MWJmYjk0Y2RmZGZjOTU1NDVlODQ5OTY1
OWVjMTZjYzgwZjEwOTA3ZGVlNmM4ODNiYjFlMzg1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1HqtPMHL7OYzkZn2BF9NWOQMUkZ1MoCzdGvyT0wHXH3tQ
5AJFZVsIQYh5MTaSNrjQUvSNwdsxF0ujz0Dn66Cye093mCe/qUskwtdsecvOzDZ6
d6jxf1PTR/IxbsfiVLh0b8FIE7pDCSF63lcdbxqi/qzPFvRvg5ln+6K14W7ypcZn
M0aeUnnEB+SPTkYwY0F5jJlEL/ZDLFWQsefkqE5ZdytRFSUjCwqxJfG0yaKuTEi2
HZic3dmtkYaEx8uL9/fbxlDQG3j3yeKzFt7qMFuaZer5zHwkw8uvX/BvFmMjJ+wX
J/XdeEVVYKBMROATXsr0m8y7XD3CM5+UzWJVb2wZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUz5qyOYUbHMtuFEPbEzmjt6RFtegwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBmY2YzMjgzLWRjYWEtNGRkMi04YjMxLTRlMTFjNjgyNTlmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADq/UwDQYJKoZIhvcNAQELBQADggEBALJnH/vtymP4QarFwYaznTwoWht/
G6qN5ABCaCjnxHH82dHbq1/7xXiRCA3DNwH0PCT4rO0AQQbl+eArdsU4O2xlBk9l
vPcA+6ishePU3uzl2kAT79v+yOGMcGmm67f3tDfKoHiIosVWK4nCDbZfc1yLg1Gw
k/ii57QDVv6I0fIVH+tNMyNYeZfb2htt0MjJvQalSkt5DCt614wM4k7x187+Y1sj
XhuwU7ohTj6YBCf/BH8EVYHuXQBzE/6xtloJ4GTdwSZ+aHtukDzP4viyfKmGx3NF
iREQrr2UH/2zoFHxewZugwOMf7s4akIUovXyQ0Y1Q14BIcs7N1vC6fs10Zc=
-----END CERTIFICATE-----