Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1c32f813-8bc5-49a0-a1d7-fd583c90680e.roa
File:                     1c32f813-8bc5-49a0-a1d7-fd583c90680e.roa (raw, json)
Hash identifier:          thDCKdah/BLxvVlfE2gXX+dd5dD7FeYa/q/6tsdugLw=
Subject key identifier:   08:D2:7E:87:81:3F:C6:F3:3D:27:05:47:44:07:DC:25:C6:29:8F:C8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       528D742BB9A1301A251B19A90817A0B7320C59E1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1c32f813-8bc5-49a0-a1d7-fd583c90680e.roa
Signing time:             Fri 26 Sep 2025 01:47:04 +0000
ROA not before:           Fri 26 Sep 2025 01:47:04 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.163.176.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:8d:74:2b:b9:a1:30:1a:25:1b:19:a9:08:17:a0:b7:32:0c:59:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 01:47:04 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=86606a891a666af5fa09c022c151e45d82bc912926b977e74b92a00d332d66a8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:27:ba:d2:3f:03:9b:bf:9a:a0:71:46:5f:92:
                    50:71:14:27:aa:56:87:3c:a9:2e:e8:f9:7f:aa:dc:
                    a9:9b:ea:fa:0b:2d:88:22:91:99:e4:d8:4f:2f:6f:
                    16:88:fb:c7:2a:d3:29:e0:2e:1c:e2:7f:fb:9b:39:
                    10:76:00:ae:4b:da:88:cf:5b:8b:5f:bb:41:dc:74:
                    9f:1e:bb:0f:43:61:2e:b1:94:b0:2a:b2:6f:c6:66:
                    c5:97:e2:6c:41:0c:be:44:fe:45:3b:fe:ee:6f:f6:
                    9e:0c:30:8c:53:4c:f3:3a:a3:d5:d2:55:95:c4:b3:
                    e9:ab:d0:a9:f7:1d:9f:66:d3:6a:1e:31:a8:5a:0b:
                    84:f8:93:74:7d:4d:cf:76:b5:0f:1e:93:d0:d5:c7:
                    79:44:45:81:46:df:eb:f1:cb:81:bb:8e:a4:00:c0:
                    ee:ff:d7:c5:94:10:37:9a:64:06:ba:21:da:46:1c:
                    5b:42:8a:fd:f8:c4:c7:c6:88:29:d6:be:86:e1:0f:
                    5f:cc:df:a4:49:18:c0:74:82:f9:bc:cf:c6:1b:2a:
                    97:97:88:c1:ec:d5:2d:a1:55:87:ad:96:59:8c:3f:
                    d4:2d:69:8b:33:a9:04:77:06:9a:c8:af:e3:ae:b4:
                    f9:f2:90:7d:45:e2:68:e1:ea:b7:e9:4a:d0:a6:00:
                    45:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D2:7E:87:81:3F:C6:F3:3D:27:05:47:44:07:DC:25:C6:29:8F:C8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1c32f813-8bc5-49a0-a1d7-fd583c90680e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.163.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         79:da:0e:8c:30:7e:2a:74:36:7a:38:54:21:81:29:c5:8a:b7:
         92:34:c3:a1:31:b2:cc:00:74:ed:ca:45:b2:ac:b5:5c:b9:68:
         f3:6d:2c:bb:72:f9:e0:90:22:33:6c:6b:6e:39:27:13:8e:9a:
         37:e6:59:45:fe:d2:c1:6f:29:10:61:99:16:73:52:c5:75:a9:
         1c:63:9b:86:92:0a:8d:85:ae:86:1b:30:a3:37:14:18:b3:38:
         5b:1a:22:7e:8e:26:12:03:7b:28:27:61:02:43:10:02:df:c0:
         6c:cc:19:8b:11:30:e6:3b:09:a9:96:d2:39:57:04:38:c8:50:
         36:18:ae:80:45:3e:e7:ff:61:e5:16:e7:8e:05:9b:6e:74:cd:
         69:5f:80:7b:64:03:0d:f7:30:95:d7:11:a7:02:d4:d9:11:27:
         da:3a:51:e0:50:12:d3:3d:d1:b0:ca:0f:52:8e:58:79:df:4c:
         f8:0f:c3:f3:0e:4e:f3:88:d4:40:ec:c0:dc:77:6d:7a:66:3a:
         d8:7b:96:eb:b0:bf:87:55:b1:3e:5c:89:c1:a7:04:48:4a:0d:
         f8:95:25:1c:49:59:8e:ae:f9:ac:8a:08:70:90:b3:8d:c8:c6:
         5c:10:5d:ec:6a:2b:ad:49:c5:e5:cb:5c:e9:fe:48:89:c5:c2:
         5d:3e:73:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUo10K7mhMBolGxmpCBegtzIMWeEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDE0NzA0WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NjYwNmE4OTFhNjY2YWY1ZmEwOWMwMjJjMTUxZTQ1ZDgy
YmM5MTI5MjZiOTc3ZTc0YjkyYTAwZDMzMmQ2NmE4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVJ7rSPwObv5qgcUZfklBxFCeqVoc8qS7o+X+q3Kmb6voL
LYgikZnk2E8vbxaI+8cq0yngLhzif/ubORB2AK5L2ojPW4tfu0HcdJ8euw9DYS6x
lLAqsm/GZsWX4mxBDL5E/kU7/u5v9p4MMIxTTPM6o9XSVZXEs+mr0Kn3HZ9m02oe
MahaC4T4k3R9Tc92tQ8ek9DVx3lERYFG3+vxy4G7jqQAwO7/18WUEDeaZAa6IdpG
HFtCiv34xMfGiCnWvobhD1/M36RJGMB0gvm8z8YbKpeXiMHs1S2hVYetllmMP9Qt
aYszqQR3BprIr+OutPnykH1F4mjh6rfpStCmAEUXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCNJ+h4E/xvM9JwVHRAfcJcYpj8gwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFjMzJmODEzLThiYzUtNDlhMC1hMWQ3LWZkNTgzYzkwNjgwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQDo7AwDQYJKoZIhvcNAQELBQADggEBAHnaDowwfip0Nno4VCGBKcWKt5I0
w6ExsswAdO3KRbKstVy5aPNtLLty+eCQIjNsa245JxOOmjfmWUX+0sFvKRBhmRZz
UsV1qRxjm4aSCo2FroYbMKM3FBizOFsaIn6OJhIDeygnYQJDEALfwGzMGYsRMOY7
CamW0jlXBDjIUDYYroBFPuf/YeUW544Fm250zWlfgHtkAw33MJXXEacC1NkRJ9o6
UeBQEtM90bDKD1KOWHnfTPgPw/MOTvOI1EDswNx3bXpmOth7luuwv4dVsT5cicGn
BEhKDfiVJRxJWY6u+ayKCHCQs43IxlwQXexqK61JxeXLXOn+SInFwl0+czI=
-----END CERTIFICATE-----