Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1b047350-7328-4936-a3be-c5c8352932d8.roa
File:                     1b047350-7328-4936-a3be-c5c8352932d8.roa (raw, json)
Hash identifier:          i2dj75oSkaiqhDd0nXpcW+jUGx6GPvfcUrStK8K7HfU=
Subject key identifier:   3F:26:F7:C8:35:83:CB:B4:5A:21:B6:64:C3:04:A6:5F:F7:72:1B:45
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3CA5F8380999B969882C28E3372AAA414F4CDCBB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1b047350-7328-4936-a3be-c5c8352932d8.roa
Signing time:             Thu 25 Sep 2025 18:26:51 +0000
ROA not before:           Thu 25 Sep 2025 18:26:51 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.165.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:a5:f8:38:09:99:b9:69:88:2c:28:e3:37:2a:aa:41:4f:4c:dc:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 18:26:51 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=e35b6024dd93a04a3ddebc6ae6f1493bb8d3316679688dff5808adb8b4d45672, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:c9:71:0b:2b:07:7a:94:9c:88:f5:78:86:21:
                    3a:ea:fd:38:aa:22:82:67:e3:92:59:ee:90:15:d4:
                    94:4a:69:a5:e5:28:84:50:bc:4b:00:7e:c4:39:96:
                    87:ab:4c:79:c3:d4:7f:9d:71:4c:6d:fb:78:d5:68:
                    9e:1e:86:03:32:a0:48:a5:cc:3f:f9:03:f8:cf:44:
                    92:91:30:db:36:5a:b4:26:62:e6:b2:d0:9b:a4:09:
                    19:da:a4:ee:a0:25:29:f1:03:5e:1a:27:47:f6:4a:
                    18:85:70:41:a8:df:04:79:70:c8:b0:fd:78:e5:96:
                    be:d8:11:3e:72:8f:e4:99:22:48:c7:4b:b1:d3:85:
                    ed:7a:9d:48:ef:29:eb:97:2c:28:93:79:6c:7d:0c:
                    84:04:7b:8a:47:30:a4:02:44:4e:79:32:dc:fd:70:
                    bf:7e:19:7e:6f:cc:42:52:6d:f5:76:52:bc:c0:56:
                    90:4c:d2:6e:44:ad:eb:83:98:cb:3c:bb:ca:7f:21:
                    2e:c2:48:39:b1:1a:66:53:72:7a:83:ee:91:6a:e3:
                    ff:c8:1b:9c:fc:19:21:8f:90:10:39:ce:50:7f:7a:
                    72:3c:ac:d1:2b:f8:48:fd:2c:9b:15:2e:77:51:a1:
                    a9:87:a7:ff:e3:1f:23:be:e1:8c:88:ec:d5:7f:c3:
                    7d:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:26:F7:C8:35:83:CB:B4:5A:21:B6:64:C3:04:A6:5F:F7:72:1B:45
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1b047350-7328-4936-a3be-c5c8352932d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.165.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:7a:9a:82:15:65:5b:ca:d7:2e:b5:1e:8b:5a:15:5d:e1:c9:
         7b:6e:39:16:60:bc:54:aa:47:66:e7:a0:fb:b7:04:cc:4d:53:
         dc:a1:fc:ed:34:5c:b6:82:37:d6:17:ea:ca:a7:6f:f3:7a:89:
         03:cd:63:9d:87:1c:a8:42:5e:ab:d3:db:c9:4f:e0:b4:ab:92:
         19:90:cd:68:aa:da:99:8e:f0:71:1b:55:4d:b9:70:75:38:51:
         63:d4:a5:18:5f:56:1c:cb:8c:e0:37:0b:7b:d7:f2:5e:46:2c:
         4c:03:f8:09:8a:ae:75:97:07:76:05:63:0b:e5:fe:30:02:fd:
         b6:75:66:36:47:15:4d:2b:8f:17:28:9d:50:2e:77:b3:13:bb:
         5d:19:eb:dd:a2:e7:bd:c6:ee:95:41:97:a5:69:ab:3a:e7:db:
         1e:a9:34:be:4c:5a:0b:4d:72:91:8c:46:25:9e:2d:11:2a:9c:
         e3:80:56:06:66:6c:b6:cd:3a:3a:ee:fd:c7:a6:b0:e6:0a:46:
         90:6a:47:51:03:ae:37:dd:96:66:7e:a3:57:89:7d:26:c6:4b:
         e6:8f:16:cf:fe:2f:e6:1a:c5:35:91:ab:e6:d3:28:84:9a:c6:
         6e:31:42:34:ae:f5:c9:bf:16:cc:00:df:d9:f0:c7:a4:ac:6b:
         09:33:66:e4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPKX4OAmZuWmILCjjNyqqQU9M3LswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTgyNjUxWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMzViNjAyNGRkOTNhMDRhM2RkZWJjNmFlNmYxNDkzYmI4
ZDMzMTY2Nzk2ODhkZmY1ODA4YWRiOGI0ZDQ1NjcyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpyXELKwd6lJyI9XiGITrq/TiqIoJn45JZ7pAV1JRKaaXl
KIRQvEsAfsQ5loerTHnD1H+dcUxt+3jVaJ4ehgMyoEilzD/5A/jPRJKRMNs2WrQm
Yuay0JukCRnapO6gJSnxA14aJ0f2ShiFcEGo3wR5cMiw/Xjllr7YET5yj+SZIkjH
S7HThe16nUjvKeuXLCiTeWx9DIQEe4pHMKQCRE55Mtz9cL9+GX5vzEJSbfV2UrzA
VpBM0m5EreuDmMs8u8p/IS7CSDmxGmZTcnqD7pFq4//IG5z8GSGPkBA5zlB/enI8
rNEr+Ej9LJsVLndRoamHp//jHyO+4YyI7NV/w31ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPyb3yDWDy7RaIbZkwwSmX/dyG0UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFiMDQ3MzUwLTczMjgtNDkzNi1hM2JlLWM1YzgzNTI5MzJkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADpT0wDQYJKoZIhvcNAQELBQADggEBAKl6moIVZVvK1y61HotaFV3hyXtu
ORZgvFSqR2bnoPu3BMxNU9yh/O00XLaCN9YX6sqnb/N6iQPNY52HHKhCXqvT28lP
4LSrkhmQzWiq2pmO8HEbVU25cHU4UWPUpRhfVhzLjOA3C3vX8l5GLEwD+AmKrnWX
B3YFYwvl/jAC/bZ1ZjZHFU0rjxconVAud7MTu10Z692i573G7pVBl6Vpqzrn2x6p
NL5MWgtNcpGMRiWeLREqnOOAVgZmbLbNOjru/cemsOYKRpBqR1EDrjfdlmZ+o1eJ
fSbGS+aPFs/+L+YaxTWRq+bTKISaxm4xQjSu9cm/FswA39nwx6SsawkzZuQ=
-----END CERTIFICATE-----