Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/246a03bd-2ff0-42e6-8fa8-a15cbb116d09.roa
File:                     246a03bd-2ff0-42e6-8fa8-a15cbb116d09.roa (raw, json)
Hash identifier:          m9ZPNvgUKOgiHTAYoSAlQMAelBBPP/+lDb9mtjTwank=
Subject key identifier:   22:E3:75:1F:9D:0B:2A:05:56:9C:F6:39:4D:31:F4:CD:F4:BD:AA:EE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3EAD5A2F72618B2E4B664D051D4399B981DA2A5A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/246a03bd-2ff0-42e6-8fa8-a15cbb116d09.roa
Signing time:             Fri 26 Sep 2025 00:42:12 +0000
ROA not before:           Fri 26 Sep 2025 00:42:12 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.170.16.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:ad:5a:2f:72:61:8b:2e:4b:66:4d:05:1d:43:99:b9:81:da:2a:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:42:12 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=6eba15646ee436fb652e4313e81f491b2fec3ce795d378d52ae469c5979e8b20, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:9c:2e:ea:cd:21:52:35:87:cb:77:1f:28:20:
                    d3:bb:56:ef:2d:03:04:8a:87:b9:39:37:46:95:1d:
                    48:28:e0:24:4d:95:8f:97:64:b0:03:09:1a:63:4d:
                    3e:03:f4:94:75:14:f3:cd:cd:3c:3c:60:10:1c:92:
                    9e:ee:53:8a:c7:b4:a2:6e:e8:b0:4e:f2:de:20:04:
                    f6:dc:ae:46:0d:8d:e0:63:3c:cb:21:63:ed:a0:7e:
                    59:f4:69:75:52:04:cd:74:74:80:d6:e8:16:25:8e:
                    69:bc:32:c7:a6:88:77:33:ab:81:b3:e5:62:dc:77:
                    e9:cb:0d:c0:ff:18:06:9e:87:fa:f9:93:58:18:a5:
                    1c:fc:ae:f7:f6:91:71:a5:c6:97:e2:98:24:f3:79:
                    9f:a8:de:e6:66:85:de:8d:eb:de:c0:35:44:12:fb:
                    c5:c7:44:b9:8b:c4:48:7c:b8:e3:aa:f0:34:9c:60:
                    a1:7e:12:3e:1c:23:ef:d7:e9:dc:3c:bb:f2:b5:7f:
                    06:87:3e:29:fc:4a:56:1f:61:22:61:54:c7:38:dd:
                    35:68:9c:21:c7:89:e7:d6:02:d9:b1:0d:b2:e7:39:
                    f9:e1:a5:17:19:f8:a4:90:10:25:c2:25:30:62:7d:
                    89:b8:18:a2:77:58:39:6d:de:cd:2c:8b:31:e5:9a:
                    42:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:E3:75:1F:9D:0B:2A:05:56:9C:F6:39:4D:31:F4:CD:F4:BD:AA:EE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/246a03bd-2ff0-42e6-8fa8-a15cbb116d09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.170.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:6c:76:c9:98:29:cc:76:79:cf:9a:8c:75:91:dc:71:c4:38:
         4d:b9:59:25:68:b8:7c:9c:8d:5f:a0:74:ec:39:18:1d:b1:b9:
         4c:22:66:02:29:8c:d8:11:28:f1:38:18:bf:9c:a6:48:28:de:
         d1:fa:e5:07:92:75:f2:a4:dc:e0:44:32:76:c9:0b:f3:1e:7f:
         60:8b:13:81:1e:3a:1e:75:0e:ee:b9:47:55:f2:03:f2:81:ca:
         8d:65:57:01:fa:b2:02:d9:0d:db:ae:4b:9d:a4:18:1b:ab:5b:
         af:7c:5d:96:9a:d2:92:66:85:af:0f:d0:a1:b4:63:d2:6e:eb:
         b0:e0:a7:f7:c4:c8:7e:f6:d4:9f:9a:46:35:71:38:33:cc:3a:
         d4:22:71:e0:09:f1:63:06:c2:aa:ed:2a:e0:f0:d2:a6:c5:99:
         44:4f:5f:57:62:4e:48:36:47:37:06:2d:f6:8d:51:3d:c2:a7:
         09:ed:db:85:56:0e:a5:80:cd:db:71:c3:24:65:5b:83:f3:89:
         27:5b:89:d9:80:65:42:3d:f7:2f:97:34:dc:4b:4c:58:bf:0a:
         b0:f5:01:7f:dc:c5:52:c5:d3:be:ef:d7:db:b8:32:82:75:90:
         ec:c9:c0:93:06:e0:72:d0:2e:7a:c6:a3:21:50:48:e4:7d:aa:
         1b:90:83:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPq1aL3Jhiy5LZk0FHUOZuYHaKlowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDA0MjEyWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZWJhMTU2NDZlZTQzNmZiNjUyZTQzMTNlODFmNDkxYjJm
ZWMzY2U3OTVkMzc4ZDUyYWU0NjljNTk3OWU4YjIwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcnC7qzSFSNYfLdx8oINO7Vu8tAwSKh7k5N0aVHUgo4CRN
lY+XZLADCRpjTT4D9JR1FPPNzTw8YBAckp7uU4rHtKJu6LBO8t4gBPbcrkYNjeBj
PMshY+2gfln0aXVSBM10dIDW6BYljmm8MsemiHczq4Gz5WLcd+nLDcD/GAaeh/r5
k1gYpRz8rvf2kXGlxpfimCTzeZ+o3uZmhd6N697ANUQS+8XHRLmLxEh8uOOq8DSc
YKF+Ej4cI+/X6dw8u/K1fwaHPin8SlYfYSJhVMc43TVonCHHiefWAtmxDbLnOfnh
pRcZ+KSQECXCJTBifYm4GKJ3WDlt3s0sizHlmkLLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIuN1H50LKgVWnPY5TTH0zfS9qu4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI0NmEwM2JkLTJmZjAtNDJlNi04ZmE4LWExNWNiYjExNmQwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDqhAwDQYJKoZIhvcNAQELBQADggEBAGlsdsmYKcx2ec+ajHWR3HHEOE25
WSVouHycjV+gdOw5GB2xuUwiZgIpjNgRKPE4GL+cpkgo3tH65QeSdfKk3OBEMnbJ
C/Mef2CLE4EeOh51Du65R1XyA/KByo1lVwH6sgLZDduuS52kGBurW698XZaa0pJm
ha8P0KG0Y9Ju67Dgp/fEyH721J+aRjVxODPMOtQiceAJ8WMGwqrtKuDw0qbFmURP
X1diTkg2RzcGLfaNUT3Cpwnt24VWDqWAzdtxwyRlW4PziSdbidmAZUI99y+XNNxL
TFi/CrD1AX/cxVLF077v19u4MoJ1kOzJwJMG4HLQLnrGoyFQSOR9qhuQg4M=
-----END CERTIFICATE-----