Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10d9085b-c2d7-4785-9798-850b0c9c5949.roa
File:                     10d9085b-c2d7-4785-9798-850b0c9c5949.roa (raw, json)
Hash identifier:          /hWHKH1kXMTRAO90oZZowQ4JpEpX+9M4LNGLuMcc3OU=
Subject key identifier:   78:34:C1:6D:AC:72:BE:2E:3C:D9:AA:51:6E:06:45:B9:D1:B6:B2:E2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7142ACA7355C41914D710B3983B3D83B8BEAD487
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10d9085b-c2d7-4785-9798-850b0c9c5949.roa
Signing time:             Thu 25 Sep 2025 22:12:15 +0000
ROA not before:           Thu 25 Sep 2025 22:12:15 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.165.114.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:42:ac:a7:35:5c:41:91:4d:71:0b:39:83:b3:d8:3b:8b:ea:d4:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 22:12:15 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=4331f3dd440e28c82a947248c5b72c7e07931810768951d13443e70a71de5565, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:69:36:f2:8e:71:2f:46:97:60:d6:aa:30:64:
                    60:e6:94:78:4f:89:cc:38:df:1c:f3:72:ec:96:43:
                    46:b6:d9:06:77:7b:6c:36:26:fd:a4:18:9c:fd:3d:
                    5e:72:22:d9:30:95:3c:20:ed:24:b4:6b:b9:be:d4:
                    d4:0d:28:aa:f1:92:0a:b7:f5:17:da:f2:e1:04:d2:
                    ee:f6:39:dc:ad:7d:4b:93:1a:c7:2b:eb:4a:80:19:
                    a4:87:a3:73:2c:65:ec:23:85:7a:84:de:4b:3d:ea:
                    28:b4:c3:8e:89:8d:f0:46:5c:5f:44:86:bf:76:a9:
                    4d:53:dc:45:26:50:ca:96:8a:1b:20:f8:33:4d:6f:
                    df:6f:0f:95:93:20:a6:6f:e2:30:58:e7:3d:6e:f8:
                    db:ee:87:44:ee:ae:51:3f:ca:76:46:8d:10:71:b8:
                    86:2a:0d:8e:dc:17:69:61:5f:b0:f0:dd:b1:22:59:
                    76:09:42:1b:d5:a2:9f:ee:ff:0c:ff:c4:59:d2:c7:
                    9f:33:95:5a:a8:71:30:57:0a:d6:22:03:92:cc:82:
                    8d:5d:ba:f4:a4:f4:93:b2:b3:cc:3c:65:ad:16:59:
                    6f:b7:11:58:3a:3e:cf:01:18:e4:24:90:dc:56:d2:
                    cd:f8:3b:56:5c:75:70:86:da:e0:6a:68:36:4d:4c:
                    27:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:34:C1:6D:AC:72:BE:2E:3C:D9:AA:51:6E:06:45:B9:D1:B6:B2:E2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/10d9085b-c2d7-4785-9798-850b0c9c5949.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.165.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         45:3b:cb:1d:55:75:29:9c:d2:3a:7f:d8:bc:a4:25:ef:a4:bf:
         2a:46:ed:84:57:09:74:66:36:72:6a:00:80:4a:9b:32:5c:a2:
         00:28:bd:72:a2:7f:63:00:5e:48:b8:65:4f:05:6c:91:41:7b:
         29:72:d4:a3:fd:30:ad:2b:ab:48:7e:b2:c1:02:f2:71:b9:04:
         86:d1:9d:cb:32:2b:0a:90:c4:ec:9f:aa:a4:93:a2:4d:d6:30:
         38:78:9d:82:f8:93:7f:ef:60:e5:31:c3:6e:f8:3f:e9:56:80:
         f0:92:93:6c:0e:67:ac:b4:36:a9:54:67:9d:0f:d4:82:89:76:
         69:f8:ab:a7:f9:03:05:1f:e1:28:72:d9:2a:cd:69:b6:a7:23:
         b1:f3:30:bc:19:9e:fc:20:5a:60:8f:b5:33:eb:ce:9b:52:b0:
         9e:8f:78:de:3a:1f:2d:e7:f1:1a:6e:ca:4b:21:25:33:48:11:
         fe:a7:9b:f8:f5:88:c5:60:d8:dd:53:5b:45:78:b4:99:20:8a:
         15:6b:e3:5b:15:51:df:62:78:e8:c0:49:76:3e:7d:cf:1d:bd:
         44:83:bd:c2:04:06:25:39:d2:89:54:86:4b:b8:9a:83:07:c4:
         d5:7d:6c:e1:d6:44:cf:bf:58:da:c2:b0:5c:a1:cc:36:6a:a6:
         18:fc:a2:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcUKspzVcQZFNcQs5g7PYO4vq1IcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjIxMjE1WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MzMxZjNkZDQ0MGUyOGM4MmE5NDcyNDhjNWI3MmM3ZTA3
OTMxODEwNzY4OTUxZDEzNDQzZTcwYTcxZGU1NTY1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9aTbyjnEvRpdg1qowZGDmlHhPicw43xzzcuyWQ0a22QZ3
e2w2Jv2kGJz9PV5yItkwlTwg7SS0a7m+1NQNKKrxkgq39Rfa8uEE0u72OdytfUuT
Gscr60qAGaSHo3MsZewjhXqE3ks96ii0w46JjfBGXF9Ehr92qU1T3EUmUMqWihsg
+DNNb99vD5WTIKZv4jBY5z1u+Nvuh0TurlE/ynZGjRBxuIYqDY7cF2lhX7Dw3bEi
WXYJQhvVop/u/wz/xFnSx58zlVqocTBXCtYiA5LMgo1duvSk9JOys8w8Za0WWW+3
EVg6Ps8BGOQkkNxW0s34O1ZcdXCG2uBqaDZNTCcjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeDTBbaxyvi482apRbgZFudG2suIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzEwZDkwODViLWMyZDctNDc4NS05Nzk4LTg1MGIwYzljNTk0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDpXIwDQYJKoZIhvcNAQELBQADggEBAEU7yx1VdSmc0jp/2LykJe+kvypG
7YRXCXRmNnJqAIBKmzJcogAovXKif2MAXki4ZU8FbJFBeyly1KP9MK0rq0h+ssEC
8nG5BIbRncsyKwqQxOyfqqSTok3WMDh4nYL4k3/vYOUxw274P+lWgPCSk2wOZ6y0
NqlUZ50P1IKJdmn4q6f5AwUf4Shy2SrNabanI7HzMLwZnvwgWmCPtTPrzptSsJ6P
eN46Hy3n8RpuykshJTNIEf6nm/j1iMVg2N1TW0V4tJkgihVr41sVUd9ieOjASXY+
fc8dvUSDvcIEBiU50olUhku4moMHxNV9bOHWRM+/WNrCsFyhzDZqphj8omY=
-----END CERTIFICATE-----