Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/17223476-802b-4a17-bc69-b66134a0b2df.roa
File:                     17223476-802b-4a17-bc69-b66134a0b2df.roa (raw, json)
Hash identifier:          XYqq4MTp+QuBB+/DhYLCHT6NfwfEgXHAXl27xY/DbfM=
Subject key identifier:   F6:75:01:AC:C9:42:03:F5:BE:E4:BC:DC:C0:8D:65:F8:1D:EC:9C:C8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       18FF7F4D6DDC419335479F5B60D5E383E09F325B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/17223476-802b-4a17-bc69-b66134a0b2df.roa
Signing time:             Fri 26 Sep 2025 01:21:35 +0000
ROA not before:           Fri 26 Sep 2025 01:21:35 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.165.48.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ff:7f:4d:6d:dc:41:93:35:47:9f:5b:60:d5:e3:83:e0:9f:32:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 01:21:35 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=7c58b0ac508d43d3b560e762e852607b7fd7ffce432b098107334c1e112ec3d4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:08:3b:a8:41:b4:d9:0f:91:54:48:19:3a:cf:
                    b3:09:eb:c1:b4:67:70:04:00:51:32:be:6d:e9:f0:
                    8d:63:fb:d9:25:56:f1:a0:dc:79:bd:1e:7e:1d:74:
                    08:0e:91:85:a7:41:9d:7e:37:3e:9f:f7:09:bf:f4:
                    83:7f:2c:0f:93:24:0b:55:97:f0:89:18:99:50:cf:
                    f6:3a:3f:b8:81:17:a9:69:3b:af:ed:0e:96:08:52:
                    9d:65:74:1a:c6:7c:0b:6e:32:a0:fb:55:a2:f6:de:
                    3a:56:29:fa:c1:3b:7d:f0:b6:af:8c:93:39:7b:d3:
                    e2:1e:77:13:4d:67:6e:fa:3f:1f:46:aa:95:33:cd:
                    a4:ea:e0:af:cd:5a:02:c8:bd:3c:10:ab:f4:f4:d4:
                    51:96:eb:24:b2:8c:e6:1c:38:54:77:fd:51:17:8d:
                    5a:d3:13:18:a5:9c:7d:76:09:75:66:a8:6a:09:b6:
                    3a:ac:2a:d1:e6:43:a4:b1:6d:a2:01:c4:90:12:31:
                    73:1d:93:18:b2:c8:91:bd:e7:2f:56:85:08:aa:7f:
                    01:1b:8d:c3:b7:17:e4:fd:e5:67:ff:4f:77:a9:99:
                    ce:fe:bd:a8:ac:33:b0:96:1a:2d:0d:94:8f:d9:25:
                    fd:66:2e:1f:85:48:05:ff:04:c0:bf:95:a1:e9:0b:
                    7d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:75:01:AC:C9:42:03:F5:BE:E4:BC:DC:C0:8D:65:F8:1D:EC:9C:C8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/17223476-802b-4a17-bc69-b66134a0b2df.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.165.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         af:8d:f2:fd:90:37:07:3a:43:72:82:2b:08:20:47:26:36:9c:
         4b:68:dc:36:fe:cc:fc:1e:e4:d2:20:1b:e1:01:bb:8b:e4:4c:
         ca:7a:ad:67:7c:61:76:72:94:57:0f:47:c5:c0:85:82:66:53:
         01:1b:65:5f:9f:ae:1f:de:2b:8b:6e:99:04:0a:1d:09:ef:1b:
         d4:19:4e:b5:eb:57:ef:63:bb:c0:75:48:9f:b8:04:d6:92:93:
         ae:6c:04:1b:ce:57:58:80:05:74:5f:c0:e7:97:1a:28:18:82:
         4d:8a:59:c8:cf:5b:98:3b:e9:8e:f8:a1:37:02:e6:08:9f:ac:
         a8:66:f1:90:4f:d7:1a:cb:58:f0:4d:bd:f3:d9:c5:30:a1:d1:
         26:82:f1:3f:f2:f8:9e:75:95:6d:09:87:72:71:78:24:33:9c:
         0a:d0:ea:63:da:cb:61:ac:85:9c:32:2a:d6:16:9a:eb:4b:8a:
         c8:8b:ed:d3:c8:b3:ee:12:bd:0e:dc:89:b0:09:29:0e:84:86:
         e1:64:2e:f5:55:ab:63:9a:33:9b:3a:7a:8d:63:ba:ee:65:a1:
         e8:df:dc:09:f3:e6:1f:84:9f:b0:98:fc:6b:f2:25:d6:34:06:
         6c:b4:b1:4f:1b:85:e4:71:52:0e:dc:93:b0:02:0e:09:f4:58:
         e9:6e:2a:44
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGP9/TW3cQZM1R59bYNXjg+CfMlswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDEyMTM1WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YzU4YjBhYzUwOGQ0M2QzYjU2MGU3NjJlODUyNjA3Yjdm
ZDdmZmNlNDMyYjA5ODEwNzMzNGMxZTExMmVjM2Q0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZCDuoQbTZD5FUSBk6z7MJ68G0Z3AEAFEyvm3p8I1j+9kl
VvGg3Hm9Hn4ddAgOkYWnQZ1+Nz6f9wm/9IN/LA+TJAtVl/CJGJlQz/Y6P7iBF6lp
O6/tDpYIUp1ldBrGfAtuMqD7VaL23jpWKfrBO33wtq+Mkzl70+IedxNNZ276Px9G
qpUzzaTq4K/NWgLIvTwQq/T01FGW6ySyjOYcOFR3/VEXjVrTExilnH12CXVmqGoJ
tjqsKtHmQ6SxbaIBxJASMXMdkxiyyJG95y9WhQiqfwEbjcO3F+T95Wf/T3epmc7+
vaisM7CWGi0NlI/ZJf1mLh+FSAX/BMC/laHpC32dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9nUBrMlCA/W+5LzcwI1l+B3snMgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE3MjIzNDc2LTgwMmItNGExNy1iYzY5LWI2NjEzNGEwYjJkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMDpTAwDQYJKoZIhvcNAQELBQADggEBAK+N8v2QNwc6Q3KCKwggRyY2nEto
3Db+zPwe5NIgG+EBu4vkTMp6rWd8YXZylFcPR8XAhYJmUwEbZV+frh/eK4tumQQK
HQnvG9QZTrXrV+9ju8B1SJ+4BNaSk65sBBvOV1iABXRfwOeXGigYgk2KWcjPW5g7
6Y74oTcC5gifrKhm8ZBP1xrLWPBNvfPZxTCh0SaC8T/y+J51lW0Jh3JxeCQznArQ
6mPay2GshZwyKtYWmutLisiL7dPIs+4SvQ7cibAJKQ6EhuFkLvVVq2OaM5s6eo1j
uu5loejf3Anz5h+En7CY/GvyJdY0Bmy0sU8bheRxUg7ck7ACDgn0WOluKkQ=
-----END CERTIFICATE-----