Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e2b3707-ede7-4772-a9fc-d5941a32639e.roa
File:                     1e2b3707-ede7-4772-a9fc-d5941a32639e.roa (raw, json)
Hash identifier:          ZtfrzMmuV4d+eex2vdapZ8UqGzK1sxB+WCoKJUzFljU=
Subject key identifier:   99:08:09:F5:F1:17:A1:41:E5:81:83:04:81:86:09:5F:E5:9A:C0:09
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       419EC1A035467A4800D6580EDB2FF3EC21BE0E86
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e2b3707-ede7-4772-a9fc-d5941a32639e.roa
Signing time:             Fri 26 Sep 2025 01:54:15 +0000
ROA not before:           Fri 26 Sep 2025 01:54:15 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.169.16.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:9e:c1:a0:35:46:7a:48:00:d6:58:0e:db:2f:f3:ec:21:be:0e:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 01:54:15 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=da5b160b972bfe8ee870d72d7aaea22f8915506e5d4c7b6b68da1d95b916759f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:49:ee:6e:7d:5a:0d:dc:4d:88:88:2a:dd:f4:
                    8c:2c:bb:47:10:aa:fb:26:ad:95:f7:f1:d8:c7:8f:
                    59:6d:f4:9f:af:05:ca:15:39:6a:39:a7:4d:3f:ea:
                    fc:9b:c4:1f:e4:79:1f:02:33:2e:ef:bf:93:0f:b1:
                    77:66:a7:6b:f4:00:d1:ff:03:5e:36:6b:1e:bb:aa:
                    1e:7a:26:b2:0a:d2:df:27:f7:12:e8:f4:8d:ca:aa:
                    b5:ca:86:4c:d3:90:88:3c:c0:2f:eb:9c:95:e3:e0:
                    62:6b:c7:0d:35:82:db:a1:ac:dd:94:7f:5e:31:c0:
                    16:d6:67:87:aa:9c:83:96:b1:78:0b:95:9d:df:ac:
                    7b:81:0c:4a:2f:3d:d2:58:8b:67:45:c0:2f:62:00:
                    41:29:cc:42:a2:25:fe:62:bd:f0:6f:d5:78:db:de:
                    1f:2e:2a:e8:12:84:37:7b:d9:97:ea:c1:2e:d6:32:
                    bb:50:0c:04:26:4d:69:00:02:bb:10:5a:1c:e6:a7:
                    11:36:fe:70:80:1b:67:b7:d2:cf:c2:20:41:d4:43:
                    bd:05:c2:54:16:bb:7f:40:56:39:6e:02:a4:fd:7f:
                    6a:3a:40:9e:85:af:ec:95:7f:aa:9d:b2:1c:39:1b:
                    72:c8:5f:c5:fb:b9:ac:f1:ec:f0:0f:27:47:c2:b3:
                    0b:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:08:09:F5:F1:17:A1:41:E5:81:83:04:81:86:09:5F:E5:9A:C0:09
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1e2b3707-ede7-4772-a9fc-d5941a32639e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.169.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7e:4d:1f:4e:da:7f:7c:a9:4a:64:80:d6:af:7f:78:04:9b:6d:
         26:91:9d:d5:4a:c4:c8:8f:83:ec:2d:2f:23:35:84:a5:02:5d:
         87:13:f8:18:5b:ac:3a:a0:b8:84:92:e8:15:6f:ca:b4:47:5d:
         35:7f:7c:27:e0:bb:f3:91:bc:95:23:c7:71:0e:78:ca:0b:ac:
         10:0d:3e:87:d8:3d:bf:3c:2e:47:1d:a6:5b:23:c5:3f:cb:dc:
         21:46:3c:9f:10:4f:e1:b6:85:de:33:28:52:5a:6c:c3:b3:22:
         22:a9:50:17:12:ea:0b:26:cf:a5:86:0b:5f:0e:18:40:bd:a7:
         8e:ea:b9:6c:cc:15:87:ba:a4:31:7e:7f:49:0c:ab:7e:1e:38:
         95:94:00:81:cc:52:3d:2d:41:3e:cf:23:e7:ff:7b:35:dd:13:
         25:fc:80:cc:a0:55:14:e8:05:13:17:f0:57:6d:bb:bc:78:59:
         7f:50:ca:23:4c:b6:d9:a3:30:0f:cd:51:fe:6f:77:ad:28:a8:
         2a:ae:9c:76:38:c8:61:b2:f8:47:43:d1:aa:d5:e8:36:4f:a2:
         67:d2:b5:80:be:90:92:3c:ae:eb:21:a0:87:aa:94:a9:16:9d:
         48:6f:81:a8:c3:d6:61:d5:d0:f5:3e:5b:97:be:aa:5e:66:05:
         4b:7c:24:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQZ7BoDVGekgA1lgO2y/z7CG+DoYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDE1NDE1WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYTViMTYwYjk3MmJmZThlZTg3MGQ3MmQ3YWFlYTIyZjg5
MTU1MDZlNWQ0YzdiNmI2OGRhMWQ5NWI5MTY3NTlmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaSe5ufVoN3E2IiCrd9Iwsu0cQqvsmrZX38djHj1lt9J+v
BcoVOWo5p00/6vybxB/keR8CMy7vv5MPsXdmp2v0ANH/A142ax67qh56JrIK0t8n
9xLo9I3KqrXKhkzTkIg8wC/rnJXj4GJrxw01gtuhrN2Uf14xwBbWZ4eqnIOWsXgL
lZ3frHuBDEovPdJYi2dFwC9iAEEpzEKiJf5ivfBv1Xjb3h8uKugShDd72ZfqwS7W
MrtQDAQmTWkAArsQWhzmpxE2/nCAG2e30s/CIEHUQ70FwlQWu39AVjluAqT9f2o6
QJ6Fr+yVf6qdshw5G3LIX8X7uazx7PAPJ0fCswtRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmQgJ9fEXoUHlgYMEgYYJX+WawAkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFlMmIzNzA3LWVkZTctNDc3Mi1hOWZjLWQ1OTQxYTMyNjM5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQDqRAwDQYJKoZIhvcNAQELBQADggEBAH5NH07af3ypSmSA1q9/eASbbSaR
ndVKxMiPg+wtLyM1hKUCXYcT+BhbrDqguISS6BVvyrRHXTV/fCfgu/ORvJUjx3EO
eMoLrBANPofYPb88LkcdplsjxT/L3CFGPJ8QT+G2hd4zKFJabMOzIiKpUBcS6gsm
z6WGC18OGEC9p47quWzMFYe6pDF+f0kMq34eOJWUAIHMUj0tQT7PI+f/ezXdEyX8
gMygVRToBRMX8Fdtu7x4WX9QyiNMttmjMA/NUf5vd60oqCqunHY4yGGy+EdD0arV
6DZPomfStYC+kJI8rushoIeqlKkWnUhvgajD1mHV0PU+W5e+ql5mBUt8JK4=
-----END CERTIFICATE-----