Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/226be489-6a87-49bc-ad67-3ebd22d871c8.roa
File:                     226be489-6a87-49bc-ad67-3ebd22d871c8.roa (raw, json)
Hash identifier:          qfeuux6P71ukQIR8l/b/OkXI4JHPmF+O6RQ6PatvUfY=
Subject key identifier:   94:90:A3:80:ED:30:F6:EA:FA:3E:C4:34:93:99:BE:50:84:B2:60:3C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6129BF019C9D7352E444A823BE6EA98A0E288F3C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/226be489-6a87-49bc-ad67-3ebd22d871c8.roa
Signing time:             Fri 26 Sep 2025 00:27:19 +0000
ROA not before:           Fri 26 Sep 2025 00:27:19 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.167.160.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:29:bf:01:9c:9d:73:52:e4:44:a8:23:be:6e:a9:8a:0e:28:8f:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:27:19 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=102eba59db12f068495ecf243d94bbf3f8dfa7e295af72c53c3f4747f487e53e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4e:22:4d:9d:6d:a8:c1:49:e0:41:e1:71:74:
                    37:3f:64:79:19:3b:af:b2:d4:da:a6:31:ea:e3:f0:
                    66:76:b7:1e:b7:7d:91:98:ca:63:ec:25:0b:c7:bf:
                    d8:a2:3f:12:43:b8:2a:d4:7c:cb:88:09:14:25:2c:
                    52:6c:20:c7:f8:54:81:b9:d9:43:86:db:95:0b:c9:
                    5f:ad:de:4f:10:a3:67:de:a0:51:f0:e6:6b:05:9c:
                    92:20:bc:00:98:2b:0c:75:47:db:cc:ef:0e:9a:79:
                    d9:e2:e5:40:00:5a:6b:14:f2:82:a3:93:41:3a:3b:
                    98:3e:5f:c3:fb:0d:ce:4c:9a:0b:99:c2:8d:cc:12:
                    40:8a:15:cc:17:69:71:ab:df:08:86:42:48:94:85:
                    f3:2f:c9:f7:bb:d0:c6:8e:a4:21:a9:77:59:bf:33:
                    a9:ff:05:d4:2f:ff:0e:2e:0a:78:58:50:fd:51:e0:
                    9e:fa:32:ee:51:f5:89:25:c3:5a:40:bd:24:a2:ff:
                    17:33:27:f7:ca:09:d6:dc:b2:26:94:35:de:49:d7:
                    dc:00:24:94:2d:03:79:06:84:18:96:24:83:2d:68:
                    c8:00:a7:43:ea:85:04:6a:7c:36:ee:a6:e8:f1:8a:
                    e7:96:73:be:a8:ed:fe:cb:39:97:ce:67:63:66:a2:
                    9e:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:90:A3:80:ED:30:F6:EA:FA:3E:C4:34:93:99:BE:50:84:B2:60:3C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/226be489-6a87-49bc-ad67-3ebd22d871c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.167.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:7f:22:47:9c:d4:74:63:34:21:98:11:68:47:9a:99:a8:45:
         63:b8:35:68:f5:17:fb:f9:4a:f2:eb:cb:a0:62:4b:c9:1c:ea:
         0b:e1:99:fd:da:12:dc:9b:49:a4:3a:ea:47:61:0b:49:67:9b:
         73:b7:dc:83:63:08:fc:1c:76:ae:a1:16:51:fd:78:2a:78:9d:
         e4:ec:45:76:07:21:7b:6f:59:4c:5d:b2:86:fb:b8:d1:aa:22:
         e0:d6:3d:4f:18:4e:11:79:82:9b:a5:b9:81:ce:54:bd:8d:e1:
         5a:0e:4f:1b:07:d2:02:f8:41:a1:7c:3a:86:17:80:b3:6d:8b:
         45:01:40:90:94:40:86:e8:78:a1:d5:e9:39:20:05:09:3d:3f:
         1c:54:95:cd:fc:67:91:ea:fe:d0:e9:2a:fe:bf:cd:ad:51:42:
         1b:f0:71:c6:8a:d9:ae:a0:c9:a5:a8:31:04:3a:22:03:4b:0b:
         11:b2:72:97:b7:b7:ca:d3:2f:dc:95:b6:47:6f:26:71:8f:9d:
         ff:62:2b:a1:af:bd:b1:65:ca:38:51:cd:5a:40:5b:19:16:17:
         83:20:69:80:cc:92:b9:61:2e:fd:2d:c7:ea:b4:1d:42:02:f5:
         1f:88:01:d4:09:17:f1:7e:bb:99:2a:af:e3:9c:9e:cd:bc:e8:
         d3:9a:2c:cf
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYSm/AZydc1LkRKgjvm6pig4ojzwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAyNzE5WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMDJlYmE1OWRiMTJmMDY4NDk1ZWNmMjQzZDk0YmJmM2Y4
ZGZhN2UyOTVhZjcyYzUzYzNmNDc0N2Y0ODdlNTNlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHTiJNnW2owUngQeFxdDc/ZHkZO6+y1NqmMerj8GZ2tx63
fZGYymPsJQvHv9iiPxJDuCrUfMuICRQlLFJsIMf4VIG52UOG25ULyV+t3k8Qo2fe
oFHw5msFnJIgvACYKwx1R9vM7w6aedni5UAAWmsU8oKjk0E6O5g+X8P7Dc5MmguZ
wo3MEkCKFcwXaXGr3wiGQkiUhfMvyfe70MaOpCGpd1m/M6n/BdQv/w4uCnhYUP1R
4J76Mu5R9Yklw1pAvSSi/xczJ/fKCdbcsiaUNd5J19wAJJQtA3kGhBiWJIMtaMgA
p0PqhQRqfDbupujxiueWc76o7f7LOZfOZ2Nmop7nAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlJCjgO0w9ur6PsQ0k5m+UISyYDwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzIyNmJlNDg5LTZhODctNDliYy1hZDY3LTNlYmQyMmQ4NzFjOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDp6AwDQYJKoZIhvcNAQELBQADggEBACF/Ikec1HRjNCGYEWhHmpmoRWO4
NWj1F/v5SvLry6BiS8kc6gvhmf3aEtybSaQ66kdhC0lnm3O33INjCPwcdq6hFlH9
eCp4neTsRXYHIXtvWUxdsob7uNGqIuDWPU8YThF5gpuluYHOVL2N4VoOTxsH0gL4
QaF8OoYXgLNti0UBQJCUQIboeKHV6TkgBQk9PxxUlc38Z5Hq/tDpKv6/za1RQhvw
ccaK2a6gyaWoMQQ6IgNLCxGycpe3t8rTL9yVtkdvJnGPnf9iK6GvvbFlyjhRzVpA
WxkWF4MgaYDMkrlhLv0tx+q0HUIC9R+IAdQJF/F+u5kqr+Ocns286NOaLM8=
-----END CERTIFICATE-----