Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/237bd3de-7f19-4b8f-ad74-663c04d89755.roa
File:                     237bd3de-7f19-4b8f-ad74-663c04d89755.roa (raw, json)
Hash identifier:          r7rMAGgEHEdmS4mpEtXdu4eyTmUmcGcshsmwQvZrVgs=
Subject key identifier:   C1:E5:6B:3E:ED:F7:33:67:18:ED:41:28:68:0E:0B:DB:5C:CA:4F:D2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       17F9BA00D9BF2D890B63841F709C3A597D126792
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/237bd3de-7f19-4b8f-ad74-663c04d89755.roa
Signing time:             Fri 10 Oct 2025 15:47:14 +0000
ROA not before:           Fri 10 Oct 2025 15:47:14 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.178.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:f9:ba:00:d9:bf:2d:89:0b:63:84:1f:70:9c:3a:59:7d:12:67:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 15:47:14 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=612570dc18dc7dfb472941e80025397733e3810fb6c561269eda27c9863e9cfe, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:44:32:f1:e1:cc:db:44:c2:04:6a:42:af:29:
                    2e:95:cc:e2:83:43:50:a8:0b:09:9e:ef:27:11:07:
                    02:92:ef:2e:67:b6:ed:ab:56:cc:92:0d:2e:48:8e:
                    82:66:82:03:0b:6a:19:52:9c:b8:8c:32:c4:5b:f2:
                    d6:a7:20:a4:53:0e:4c:1d:2e:94:a8:f2:cb:60:49:
                    91:fa:ba:66:05:08:80:2d:1d:69:5e:22:0e:f9:a1:
                    3b:51:a0:10:aa:80:c6:27:8d:69:08:46:57:ce:77:
                    60:6b:db:c1:af:af:7d:39:35:d0:55:d8:76:c8:bc:
                    91:5b:84:b7:00:2c:f2:3e:1f:b6:af:79:46:d8:26:
                    87:2d:bb:c5:2b:46:72:c0:97:a0:cd:43:09:43:58:
                    92:26:6a:48:be:76:e9:15:e3:ea:40:6b:04:d4:d4:
                    ae:b9:92:cb:1a:94:9f:c3:40:15:e7:b0:bd:cf:c7:
                    77:d5:ae:19:c4:66:b1:c5:15:09:f4:f9:48:b9:ec:
                    e9:3b:8e:66:1a:1a:ff:aa:e0:4b:4a:8b:ce:3c:81:
                    22:98:51:82:58:7c:39:37:68:35:9d:de:ab:18:75:
                    9c:b0:68:2e:db:34:08:eb:bd:99:b7:7b:b4:71:d8:
                    c9:12:90:6a:9b:31:77:c0:ac:17:7b:9b:e8:ba:69:
                    03:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:E5:6B:3E:ED:F7:33:67:18:ED:41:28:68:0E:0B:DB:5C:CA:4F:D2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/237bd3de-7f19-4b8f-ad74-663c04d89755.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.178.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         3a:53:90:bd:cf:8c:41:61:f7:c0:bf:32:ed:b0:9d:25:1c:1d:
         04:0e:91:bb:93:8a:cf:ad:63:75:0f:8e:09:de:0d:e0:ab:6c:
         25:4f:df:2f:24:a2:13:bc:79:5e:d6:37:4b:07:28:07:73:46:
         43:ec:f1:4f:87:9d:b8:0f:15:b0:df:0c:4a:69:8d:67:9d:e4:
         01:e6:ab:c2:a6:1b:cd:56:95:0a:96:f8:0c:b9:ff:b0:f9:ad:
         7a:b1:92:28:a7:94:64:67:bd:c5:b4:b7:df:6a:a7:f7:af:7d:
         3e:8a:54:92:fe:cc:7e:93:e3:62:50:fb:7c:f2:11:49:dd:6b:
         e5:44:20:94:67:49:1e:31:d4:4f:8f:fd:89:d0:7d:43:bb:7e:
         76:2b:96:bb:32:db:f5:f8:34:ae:c4:70:fb:8f:b2:87:cf:3c:
         e4:d0:9a:4e:89:61:1a:10:00:af:02:60:3c:b9:f5:32:13:c3:
         1e:6d:58:0f:42:de:06:19:17:5b:9c:39:96:6e:e7:f0:ad:3c:
         ea:ef:cb:a9:eb:4d:58:4f:1e:3f:a3:c9:2c:e9:f6:24:3a:a1:
         99:0c:04:48:88:67:96:ef:1b:37:1c:ed:ff:5d:c3:ae:e7:32:
         9d:52:e7:23:f6:99:b9:90:5e:f7:6d:b5:96:97:2d:31:8b:59:
         37:38:39:46
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUF/m6ANm/LYkLY4QfcJw6WX0SZ5IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTU0NzE0WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTI1NzBkYzE4ZGM3ZGZiNDcyOTQxZTgwMDI1Mzk3NzMz
ZTM4MTBmYjZjNTYxMjY5ZWRhMjdjOTg2M2U5Y2ZlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfRDLx4czbRMIEakKvKS6VzOKDQ1CoCwme7ycRBwKS7y5n
tu2rVsySDS5IjoJmggMLahlSnLiMMsRb8tanIKRTDkwdLpSo8stgSZH6umYFCIAt
HWleIg75oTtRoBCqgMYnjWkIRlfOd2Br28Gvr305NdBV2HbIvJFbhLcALPI+H7av
eUbYJoctu8UrRnLAl6DNQwlDWJImaki+dukV4+pAawTU1K65kssalJ/DQBXnsL3P
x3fVrhnEZrHFFQn0+Ui57Ok7jmYaGv+q4EtKi848gSKYUYJYfDk3aDWd3qsYdZyw
aC7bNAjrvZm3e7Rx2MkSkGqbMXfArBd7m+i6aQNhAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUweVrPu33M2cY7UEoaA4L21zKT9IwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzIzN2JkM2RlLTdmMTktNGI4Zi1hZDc0LTY2M2MwNGQ4OTc1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEjsjANBgkqhkiG9w0BAQsFAAOCAQEAOlOQvc+MQWH3wL8y7bCdJRwdBA6R
u5OKz61jdQ+OCd4N4KtsJU/fLySiE7x5XtY3SwcoB3NGQ+zxT4eduA8VsN8MSmmN
Z53kAearwqYbzVaVCpb4DLn/sPmterGSKKeUZGe9xbS332qn9699PopUkv7MfpPj
YlD7fPIRSd1r5UQglGdJHjHUT4/9idB9Q7t+diuWuzLb9fg0rsRw+4+yh8885NCa
TolhGhAArwJgPLn1MhPDHm1YD0LeBhkXW5w5lm7n8K086u/LqetNWE8eP6PJLOn2
JDqhmQwESIhnlu8bNxzt/13DrucynVLnI/aZuZBe9221lpctMYtZNzg5Rg==
-----END CERTIFICATE-----