Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/243b9c9a-32a6-49ac-aba3-fa04aa5e421b.roa
File:                     243b9c9a-32a6-49ac-aba3-fa04aa5e421b.roa (raw, json)
Hash identifier:          U0ZPa99otCEJNjTGcWDzBCnabXJfg9pFM/26c0NQlLg=
Subject key identifier:   8B:2A:E1:75:24:5B:AB:9A:ED:FB:B9:B8:9F:A9:E9:A2:2B:B8:44:E1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       562A41F54ACC2FF8CBE939CD3E831AF9D331A715
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/243b9c9a-32a6-49ac-aba3-fa04aa5e421b.roa
Signing time:             Thu 25 Sep 2025 18:29:10 +0000
ROA not before:           Thu 25 Sep 2025 18:29:10 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.165.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:2a:41:f5:4a:cc:2f:f8:cb:e9:39:cd:3e:83:1a:f9:d3:31:a7:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 18:29:10 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=4373997aaa33d1b4aeac5b60b2cb7da1c24e4f4c122e3a28c7a12e6f452f0e64, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:a1:6d:92:3f:b6:08:67:e0:1e:96:fb:58:70:
                    6f:fd:c9:0a:65:6b:12:ba:26:b3:d0:07:f3:51:0c:
                    27:5e:26:88:0b:88:39:37:2d:76:10:5d:01:0f:0f:
                    f8:c6:f8:7c:7c:46:9a:07:e0:94:24:66:3c:17:47:
                    15:5f:c5:c2:2c:87:0a:7f:1e:45:23:75:13:8e:51:
                    2a:d9:9b:a4:3b:ba:d9:4c:0d:ee:2a:a6:d4:1a:ae:
                    76:98:0b:1a:93:7b:4c:d7:a1:15:8e:23:a2:41:81:
                    21:52:61:9b:89:36:ef:84:c2:e7:e9:8b:81:9b:aa:
                    f0:f3:91:22:8d:0a:da:ca:2d:ed:f5:04:63:23:a2:
                    d3:d1:fe:bc:46:bb:77:e4:76:f6:a4:8b:aa:5f:65:
                    37:cd:fd:63:14:12:bb:cd:06:7a:e6:d6:5c:11:20:
                    fa:c4:07:78:0c:a4:25:6e:ce:81:f2:28:a0:ea:42:
                    5e:5c:20:a2:fc:cc:84:6c:b8:3b:7b:82:3a:78:c0:
                    a8:46:89:bb:cb:87:bc:c4:1a:b7:b4:c0:10:46:dc:
                    f9:e4:f2:c7:58:93:ee:9c:2e:52:61:39:d0:c5:b1:
                    4b:51:9e:dd:f0:21:41:21:64:10:39:1c:ef:32:c1:
                    34:bd:62:0c:35:5a:30:22:e5:af:f7:c7:bc:f9:10:
                    1c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:2A:E1:75:24:5B:AB:9A:ED:FB:B9:B8:9F:A9:E9:A2:2B:B8:44:E1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/243b9c9a-32a6-49ac-aba3-fa04aa5e421b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.165.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:3b:8f:60:23:88:ef:55:95:a9:6e:2b:c6:f2:44:9a:ea:b3:
         4c:bb:62:73:87:b5:d0:2a:f9:0f:3c:3d:d3:f2:1d:c4:0b:1e:
         c1:60:42:c7:ff:04:57:56:1f:3f:4c:11:8c:c2:16:0d:2a:97:
         ea:82:d9:0f:b3:65:38:ec:d5:07:d4:1b:54:73:92:4a:75:7e:
         fe:71:c9:e0:2f:fb:3a:a9:8f:31:49:f3:d0:b3:e7:f8:92:33:
         7a:44:87:d9:a9:74:3a:8e:06:4a:f5:09:63:3c:f3:dc:c8:c3:
         a3:9d:ee:42:b2:80:63:1f:54:ad:f2:fd:ca:58:04:38:c6:64:
         7f:32:14:f6:ec:2c:32:2a:cf:06:f5:59:b0:c6:6d:32:b4:62:
         29:51:d1:81:d4:78:df:4f:ee:0a:4c:3b:9a:27:de:26:b7:6d:
         d7:de:99:0c:a3:16:d3:5e:88:17:6d:41:5c:b8:c3:51:83:90:
         cb:be:29:a2:e1:a4:b7:0c:45:b8:f3:3b:88:0c:4d:20:a2:dc:
         dd:06:42:00:b0:6a:ff:3c:16:ec:4f:0a:a6:00:74:2a:db:18:
         30:c7:99:95:02:b4:1d:dc:0a:43:c8:1c:66:9f:c8:85:ca:4f:
         3e:c7:64:87:c3:a1:37:00:83:b1:3d:c5:a0:e5:bf:42:87:47:
         aa:94:b7:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVipB9UrML/jL6TnNPoMa+dMxpxUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTgyOTEwWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MzczOTk3YWFhMzNkMWI0YWVhYzViNjBiMmNiN2RhMWMy
NGU0ZjRjMTIyZTNhMjhjN2ExMmU2ZjQ1MmYwZTY0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZoW2SP7YIZ+AelvtYcG/9yQplaxK6JrPQB/NRDCdeJogL
iDk3LXYQXQEPD/jG+Hx8RpoH4JQkZjwXRxVfxcIshwp/HkUjdROOUSrZm6Q7utlM
De4qptQarnaYCxqTe0zXoRWOI6JBgSFSYZuJNu+Ewufpi4GbqvDzkSKNCtrKLe31
BGMjotPR/rxGu3fkdvaki6pfZTfN/WMUErvNBnrm1lwRIPrEB3gMpCVuzoHyKKDq
Ql5cIKL8zIRsuDt7gjp4wKhGibvLh7zEGre0wBBG3Pnk8sdYk+6cLlJhOdDFsUtR
nt3wIUEhZBA5HO8ywTS9Ygw1WjAi5a/3x7z5EByzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiyrhdSRbq5rt+7m4n6npoiu4ROEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI0M2I5YzlhLTMyYTYtNDlhYy1hYmEzLWZhMDRhYTVlNDIxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADpVQwDQYJKoZIhvcNAQELBQADggEBAAE7j2AjiO9VlaluK8byRJrqs0y7
YnOHtdAq+Q88PdPyHcQLHsFgQsf/BFdWHz9MEYzCFg0ql+qC2Q+zZTjs1QfUG1Rz
kkp1fv5xyeAv+zqpjzFJ89Cz5/iSM3pEh9mpdDqOBkr1CWM889zIw6Od7kKygGMf
VK3y/cpYBDjGZH8yFPbsLDIqzwb1WbDGbTK0YilR0YHUeN9P7gpMO5on3ia3bdfe
mQyjFtNeiBdtQVy4w1GDkMu+KaLhpLcMRbjzO4gMTSCi3N0GQgCwav88FuxPCqYA
dCrbGDDHmZUCtB3cCkPIHGafyIXKTz7HZIfDoTcAg7E9xaDlv0KHR6qUt1o=
-----END CERTIFICATE-----