Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/158aa7f6-5257-42bd-b8f2-eb6a43c6a159.roa
File:                     158aa7f6-5257-42bd-b8f2-eb6a43c6a159.roa (raw, json)
Hash identifier:          UBJaoLAXncLrsRcof3rBFacZSFH9X9h+xVMv8jy0WwQ=
Subject key identifier:   C5:AE:DD:34:EE:9F:8A:7A:F6:37:55:7D:60:A2:C6:5F:A3:78:7D:33
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       599836C34409DA2EFD1CCE64E38B1A644B42EA80
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/158aa7f6-5257-42bd-b8f2-eb6a43c6a159.roa
Signing time:             Thu 25 Sep 2025 18:22:06 +0000
ROA not before:           Thu 25 Sep 2025 18:22:06 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.165.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:98:36:c3:44:09:da:2e:fd:1c:ce:64:e3:8b:1a:64:4b:42:ea:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 18:22:06 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=3961dcaf8a5dd4ded405ce0b4aa44abf4e383576e3257c0e0d63007c554d8770, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:1f:4a:db:05:06:f7:2e:de:66:0d:c0:d7:64:
                    4f:2d:d4:32:7c:e2:e2:c3:dd:20:1c:20:d4:ec:9c:
                    f6:53:76:93:09:46:da:b6:8f:9a:21:2e:55:82:b4:
                    20:08:b1:ee:43:14:20:1e:0b:17:ac:a7:64:a1:76:
                    34:9e:d4:e1:52:c8:82:74:a3:ec:8c:44:04:e3:02:
                    a1:24:e3:47:20:59:59:0d:86:c0:7e:6a:91:7a:2e:
                    36:2e:75:c8:f7:b6:a4:39:9b:b9:7b:93:bf:b2:f1:
                    9c:04:93:20:7a:03:e3:5d:c1:be:e2:00:ba:d6:3d:
                    38:c6:32:22:1b:38:96:5c:6d:7d:69:a6:52:cf:3a:
                    14:dd:c5:4b:19:98:e0:30:b7:57:8f:8a:5f:b7:c0:
                    cf:7c:90:cc:c9:51:8c:86:ae:5e:53:31:a2:cd:d0:
                    d4:5c:38:9d:00:d4:c1:2a:df:2a:df:57:ad:89:98:
                    95:15:e1:df:79:d6:85:d0:8b:ca:ae:31:e4:f0:20:
                    d6:55:83:58:9d:c8:35:73:39:f7:09:5b:cf:e2:c1:
                    49:df:31:6c:59:9f:1f:27:29:83:50:88:ba:40:4a:
                    38:67:da:50:b9:da:9c:69:eb:84:25:4d:86:e1:56:
                    13:0e:ba:ee:0e:cd:6b:35:0d:07:d6:95:56:a4:52:
                    ff:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:AE:DD:34:EE:9F:8A:7A:F6:37:55:7D:60:A2:C6:5F:A3:78:7D:33
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/158aa7f6-5257-42bd-b8f2-eb6a43c6a159.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.165.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:dd:43:b1:14:d7:3f:cb:7d:65:60:b4:4a:47:0a:0b:bb:7d:
         55:11:c3:29:32:b3:fa:14:fd:98:79:03:d8:3f:ea:e2:81:7f:
         99:ff:92:9e:8a:ae:6a:4e:6f:c1:3b:b5:58:ac:15:ce:c1:7c:
         ac:df:f4:9a:57:f5:8a:fc:95:6a:75:db:35:b7:65:67:24:ca:
         f1:b9:0d:67:58:16:50:de:0e:8b:75:4e:90:3b:bb:f2:fb:56:
         05:dc:97:de:ea:52:2b:3c:5a:45:1f:d1:35:f3:9a:54:5c:da:
         1e:ff:80:f4:05:9d:bb:c7:42:87:5a:3a:fc:f2:5e:e6:24:9f:
         95:a2:38:fd:e1:a2:7c:2f:ef:35:31:de:10:c3:8c:6a:a6:c9:
         53:d5:d9:70:c6:b1:d3:c6:04:3f:c7:59:48:45:cd:c6:52:71:
         4d:aa:6e:0d:bc:45:a3:ed:02:28:30:12:a7:fb:37:20:92:7e:
         03:87:46:21:8f:fb:09:14:e5:d2:a5:5d:75:8a:b7:9a:c9:cd:
         78:d4:e9:de:10:ac:50:b3:54:35:bc:9d:9b:be:75:3d:48:4a:
         1e:29:50:2b:26:94:8a:96:65:d1:bc:29:72:3c:07:a8:69:1e:
         c4:15:f3:8b:d7:14:6f:b3:16:2f:e1:d0:06:55:f3:e1:55:d1:
         ea:78:b4:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWZg2w0QJ2i79HM5k44saZEtC6oAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTgyMjA2WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOTYxZGNhZjhhNWRkNGRlZDQwNWNlMGI0YWE0NGFiZjRl
MzgzNTc2ZTMyNTdjMGUwZDYzMDA3YzU1NGQ4NzcwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwH0rbBQb3Lt5mDcDXZE8t1DJ84uLD3SAcINTsnPZTdpMJ
Rtq2j5ohLlWCtCAIse5DFCAeCxesp2ShdjSe1OFSyIJ0o+yMRATjAqEk40cgWVkN
hsB+apF6LjYudcj3tqQ5m7l7k7+y8ZwEkyB6A+Ndwb7iALrWPTjGMiIbOJZcbX1p
plLPOhTdxUsZmOAwt1ePil+3wM98kMzJUYyGrl5TMaLN0NRcOJ0A1MEq3yrfV62J
mJUV4d951oXQi8quMeTwINZVg1idyDVzOfcJW8/iwUnfMWxZnx8nKYNQiLpASjhn
2lC52pxp64QlTYbhVhMOuu4OzWs1DQfWlVakUv9pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxa7dNO6finr2N1V9YKLGX6N4fTMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE1OGFhN2Y2LTUyNTctNDJiZC1iOGYyLWViNmE0M2M2YTE1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADpd8wDQYJKoZIhvcNAQELBQADggEBACXdQ7EU1z/LfWVgtEpHCgu7fVUR
wykys/oU/Zh5A9g/6uKBf5n/kp6KrmpOb8E7tVisFc7BfKzf9JpX9Yr8lWp12zW3
ZWckyvG5DWdYFlDeDot1TpA7u/L7VgXcl97qUis8WkUf0TXzmlRc2h7/gPQFnbvH
QodaOvzyXuYkn5WiOP3honwv7zUx3hDDjGqmyVPV2XDGsdPGBD/HWUhFzcZScU2q
bg28RaPtAigwEqf7NyCSfgOHRiGP+wkU5dKlXXWKt5rJzXjU6d4QrFCzVDW8nZu+
dT1ISh4pUCsmlIqWZdG8KXI8B6hpHsQV84vXFG+zFi/h0AZV8+FV0ep4tFk=
-----END CERTIFICATE-----