Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/15652b40-ec58-493e-9b58-b5e8c9b03237.roa
File:                     15652b40-ec58-493e-9b58-b5e8c9b03237.roa (raw, json)
Hash identifier:          fL2zlfjO/NvyKTTDNjWkx1c4MHfoXE8JY71PR++CPGc=
Subject key identifier:   12:82:88:35:1E:96:7E:43:55:A5:9D:C2:63:05:C2:EC:7D:0A:C9:8F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4C81E8FAC8150CBD12441B3149F185E8FB0682B6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/15652b40-ec58-493e-9b58-b5e8c9b03237.roa
Signing time:             Thu 25 Sep 2025 20:12:25 +0000
ROA not before:           Thu 25 Sep 2025 20:12:25 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.171.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:81:e8:fa:c8:15:0c:bd:12:44:1b:31:49:f1:85:e8:fb:06:82:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 20:12:25 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=450504d544808387e80abbccb74be48d537e314539d6136c1ca941c3799f5012, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:fb:8a:44:56:81:b9:31:34:43:a0:e9:9b:40:
                    fc:d7:53:ce:7e:b8:76:f1:f0:1f:71:60:07:0b:86:
                    25:a9:9c:5d:79:7d:72:96:1a:76:21:f5:9c:54:86:
                    6f:35:3f:fd:33:09:1b:d0:05:e5:3e:c7:c7:ac:c4:
                    6f:c0:4a:bd:6a:96:eb:f0:c3:b3:ff:25:2e:a9:1f:
                    15:de:62:e3:2f:77:96:2d:f3:17:d5:54:a0:a8:74:
                    6f:11:12:82:0a:dc:30:18:5e:95:6f:db:69:92:3e:
                    d3:93:3d:cb:b5:71:51:d1:49:41:69:e7:07:a1:d8:
                    4f:7d:4b:cc:77:2f:6d:a6:3b:78:44:75:df:e8:67:
                    01:5e:d0:df:0b:87:16:96:56:e7:57:17:41:27:50:
                    5e:9a:10:d1:85:0d:c4:5c:71:fc:e2:be:a3:29:d9:
                    3f:64:29:3a:ec:8b:74:7a:52:51:f4:2c:a7:9f:7f:
                    7e:fb:47:17:88:c4:72:dd:4f:40:73:24:1b:8f:3b:
                    59:96:66:27:fe:62:9b:75:4f:39:eb:c5:59:44:50:
                    59:cb:88:1f:b4:30:91:6d:9b:d4:5b:a1:e8:db:ae:
                    b1:22:29:f0:dc:0b:fa:3f:c8:3c:c5:30:8f:73:26:
                    b1:fb:b9:4b:24:88:36:eb:e4:32:78:9a:4a:9f:57:
                    f3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:82:88:35:1E:96:7E:43:55:A5:9D:C2:63:05:C2:EC:7D:0A:C9:8F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/15652b40-ec58-493e-9b58-b5e8c9b03237.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.171.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:cb:d1:63:c9:6c:cc:5a:1f:5b:73:8f:91:2d:48:62:47:fe:
         7f:d0:4d:20:68:27:57:d9:0c:85:3d:bd:ad:cd:44:79:c9:f3:
         21:f0:1e:0f:66:21:e8:d1:dd:90:c7:11:5a:24:5c:85:17:86:
         16:78:0f:9a:2a:f2:d0:fc:bf:0a:90:67:f1:3b:3d:2d:b0:41:
         20:23:49:9a:0c:62:3d:31:f7:64:ec:fe:82:8a:84:a0:17:51:
         8a:d5:e0:2b:e2:23:52:ad:98:43:38:89:34:f5:72:d6:76:02:
         28:b0:34:c6:e5:e8:d4:bf:34:c9:53:1d:5e:cd:d5:cf:bd:97:
         75:26:7b:0c:93:d6:31:06:63:4e:a2:e2:e0:d3:64:68:41:18:
         40:13:5b:3e:e6:e6:d5:f4:ef:aa:ff:15:1f:06:fb:31:d8:e7:
         78:05:27:cc:fd:e8:93:ab:40:b3:50:5e:9e:0c:2f:02:ad:0f:
         e6:3f:3d:ed:c4:a4:47:be:99:68:18:e0:d6:eb:37:35:d7:6f:
         ca:99:ed:cd:de:e5:54:b4:53:43:59:95:4e:db:03:b0:01:dc:
         d0:0b:23:0a:cb:e0:56:62:71:61:cd:f7:41:e5:b5:4c:28:cb:
         2f:ea:b6:20:3c:fd:e0:3a:50:c2:50:dd:43:f2:4b:8f:61:e4:
         ee:ef:f9:5b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTIHo+sgVDL0SRBsxSfGF6PsGgrYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjAxMjI1WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTA1MDRkNTQ0ODA4Mzg3ZTgwYWJiY2NiNzRiZTQ4ZDUz
N2UzMTQ1MzlkNjEzNmMxY2E5NDFjMzc5OWY1MDEyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZ+4pEVoG5MTRDoOmbQPzXU85+uHbx8B9xYAcLhiWpnF15
fXKWGnYh9ZxUhm81P/0zCRvQBeU+x8esxG/ASr1qluvww7P/JS6pHxXeYuMvd5Yt
8xfVVKCodG8REoIK3DAYXpVv22mSPtOTPcu1cVHRSUFp5weh2E99S8x3L22mO3hE
dd/oZwFe0N8LhxaWVudXF0EnUF6aENGFDcRccfzivqMp2T9kKTrsi3R6UlH0LKef
f377RxeIxHLdT0BzJBuPO1mWZif+Ypt1TznrxVlEUFnLiB+0MJFtm9RboejbrrEi
KfDcC/o/yDzFMI9zJrH7uUskiDbr5DJ4mkqfV/ObAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEoKINR6WfkNVpZ3CYwXC7H0KyY8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE1NjUyYjQwLWVjNTgtNDkzZS05YjU4LWI1ZThjOWIwMzIzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADq9AwDQYJKoZIhvcNAQELBQADggEBADfL0WPJbMxaH1tzj5EtSGJH/n/Q
TSBoJ1fZDIU9va3NRHnJ8yHwHg9mIejR3ZDHEVokXIUXhhZ4D5oq8tD8vwqQZ/E7
PS2wQSAjSZoMYj0x92Ts/oKKhKAXUYrV4CviI1KtmEM4iTT1ctZ2AiiwNMbl6NS/
NMlTHV7N1c+9l3UmewyT1jEGY06i4uDTZGhBGEATWz7m5tX076r/FR8G+zHY53gF
J8z96JOrQLNQXp4MLwKtD+Y/Pe3EpEe+mWgY4NbrNzXXb8qZ7c3e5VS0U0NZlU7b
A7AB3NALIwrL4FZicWHN90HltUwoyy/qtiA8/eA6UMJQ3UPyS49h5O7v+Vs=
-----END CERTIFICATE-----