Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1ad66238-aa24-41d3-9ba0-2b0a7ebc13ee.roa
File:                     1ad66238-aa24-41d3-9ba0-2b0a7ebc13ee.roa (raw, json)
Hash identifier:          ThAb7s+y6fEz38WesPwVmDkQt4X6sKSIlgCgJSINolI=
Subject key identifier:   28:04:B8:CD:B4:E6:1E:9F:6C:05:67:2A:CC:F3:F2:05:78:22:26:FC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2CC083D1D72A96A2D1725BB7FB092BB49B93E729
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1ad66238-aa24-41d3-9ba0-2b0a7ebc13ee.roa
Signing time:             Fri 26 Sep 2025 00:30:01 +0000
ROA not before:           Fri 26 Sep 2025 00:30:01 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.167.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:c0:83:d1:d7:2a:96:a2:d1:72:5b:b7:fb:09:2b:b4:9b:93:e7:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:30:01 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=f9a4c20d561babe6d9790d49900fcca8e128320583789d18a6646da97cd11b36, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7d:6a:78:a8:49:3d:bf:13:cc:09:f1:d6:23:
                    a1:08:5c:ce:a7:ec:0e:4d:dc:8e:02:c7:59:1d:0f:
                    c2:90:37:16:7d:d8:6d:83:c1:da:00:83:03:be:8e:
                    6e:6e:93:5e:18:45:d8:6d:26:80:76:15:17:3c:a6:
                    f9:a3:90:94:5d:69:81:91:49:3d:ac:0b:64:ec:b8:
                    58:83:19:8f:a8:c0:48:a7:3a:12:74:2c:d6:72:bd:
                    ed:0c:b3:77:15:2f:ff:ca:bf:b8:1d:b2:fc:3c:c7:
                    20:79:67:21:b9:2d:82:ac:c1:c3:2b:b0:9d:9a:9f:
                    22:4d:90:24:33:50:a0:2f:dc:01:0c:e0:36:5d:7d:
                    3a:34:a2:6e:fd:66:84:a9:14:26:39:40:6b:e8:8e:
                    1e:0e:30:fb:eb:36:d9:f1:74:12:6e:9c:92:0b:e1:
                    f9:c6:aa:50:a1:7d:2f:ce:fb:25:66:d4:8f:47:4b:
                    a6:82:de:b6:e0:ba:8c:69:22:1c:c2:b3:3e:69:db:
                    c1:9c:98:37:c8:6f:ba:94:dc:82:e5:ae:a4:91:aa:
                    4c:07:48:12:37:68:12:53:da:4b:76:ee:49:95:e9:
                    f8:7f:91:01:df:a7:c5:19:67:39:d9:00:5e:8b:e4:
                    a1:df:ee:d2:d5:b2:c3:0b:6d:d1:ec:48:fe:b6:e0:
                    b7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:04:B8:CD:B4:E6:1E:9F:6C:05:67:2A:CC:F3:F2:05:78:22:26:FC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1ad66238-aa24-41d3-9ba0-2b0a7ebc13ee.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.167.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:24:8f:7d:c2:e2:a8:0c:8a:c7:6e:1d:f0:c1:a5:5f:6e:55:
         b9:d3:bf:ea:20:83:21:25:cc:f1:36:cf:53:59:9b:b3:3c:ff:
         79:17:63:fd:99:03:6c:24:70:9c:9e:ee:27:de:b8:bc:e7:2a:
         f1:d3:44:6e:23:a5:35:2c:e0:9b:c2:77:fe:27:e4:96:86:7d:
         2c:6b:58:b0:68:49:e9:c0:09:2b:b4:ae:1d:81:2d:78:38:7a:
         18:fd:03:13:a9:a4:7b:15:d3:da:7b:9c:6f:53:7f:78:ef:28:
         c5:d0:bb:33:14:95:93:84:4f:f5:a2:4f:32:49:66:ad:18:fa:
         52:71:fc:6a:b4:5d:42:ee:17:85:32:1f:04:f2:c5:a1:c7:23:
         1b:1d:34:4e:cb:b1:58:61:c5:1a:20:6e:67:02:50:53:dd:8c:
         30:6c:34:0b:f0:09:4e:37:ee:13:3a:f6:a3:0d:ce:26:48:ad:
         9f:39:72:a2:1e:e5:d7:73:50:7a:76:c5:71:22:6f:0d:6b:dd:
         96:8a:16:30:16:ba:e3:1e:3f:d6:0f:73:10:1e:66:a5:31:e9:
         3d:74:52:66:56:76:5a:e6:15:4a:b8:46:46:d3:d2:f2:56:43:
         5f:fd:14:db:e2:1a:e5:ce:42:57:cc:14:fd:5f:12:04:ee:01:
         ba:c0:58:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULMCD0dcqlqLRclu3+wkrtJuT5ykwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAzMDAxWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmOWE0YzIwZDU2MWJhYmU2ZDk3OTBkNDk5MDBmY2NhOGUx
MjgzMjA1ODM3ODlkMThhNjY0NmRhOTdjZDExYjM2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTfWp4qEk9vxPMCfHWI6EIXM6n7A5N3I4Cx1kdD8KQNxZ9
2G2DwdoAgwO+jm5uk14YRdhtJoB2FRc8pvmjkJRdaYGRST2sC2TsuFiDGY+owEin
OhJ0LNZyve0Ms3cVL//Kv7gdsvw8xyB5ZyG5LYKswcMrsJ2anyJNkCQzUKAv3AEM
4DZdfTo0om79ZoSpFCY5QGvojh4OMPvrNtnxdBJunJIL4fnGqlChfS/O+yVm1I9H
S6aC3rbguoxpIhzCsz5p28GcmDfIb7qU3ILlrqSRqkwHSBI3aBJT2kt27kmV6fh/
kQHfp8UZZznZAF6L5KHf7tLVssMLbdHsSP624LebAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKAS4zbTmHp9sBWcqzPPyBXgiJvwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFhZDY2MjM4LWFhMjQtNDFkMy05YmEwLTJiMGE3ZWJjMTNlZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDp1wwDQYJKoZIhvcNAQELBQADggEBAB4kj33C4qgMisduHfDBpV9uVbnT
v+oggyElzPE2z1NZm7M8/3kXY/2ZA2wkcJye7ifeuLznKvHTRG4jpTUs4JvCd/4n
5JaGfSxrWLBoSenACSu0rh2BLXg4ehj9AxOppHsV09p7nG9Tf3jvKMXQuzMUlZOE
T/WiTzJJZq0Y+lJx/Gq0XULuF4UyHwTyxaHHIxsdNE7LsVhhxRogbmcCUFPdjDBs
NAvwCU437hM69qMNziZIrZ85cqIe5ddzUHp2xXEibw1r3ZaKFjAWuuMeP9YPcxAe
ZqUx6T10UmZWdlrmFUq4RkbT0vJWQ1/9FNviGuXOQlfMFP1fEgTuAbrAWK4=
-----END CERTIFICATE-----