Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29b01bc5-78ea-4f2b-b197-f976e0a8391d.roa
File:                     29b01bc5-78ea-4f2b-b197-f976e0a8391d.roa (raw, json)
Hash identifier:          nDjxBoHzc0VPKBPXxZ4/aLOxcGw6jb5Z4NCg7WyAv4g=
Subject key identifier:   1E:67:F9:A2:FD:6F:72:5B:86:80:89:32:E1:B8:BC:C5:68:A6:18:02
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3983630906717C79CBE01EA39E49949EBC6C048C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29b01bc5-78ea-4f2b-b197-f976e0a8391d.roa
Signing time:             Mon 01 Sep 2025 17:20:08 +0000
ROA not before:           Mon 01 Sep 2025 17:20:08 +0000
ROA not after:            Mon 06 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        129.160.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 19 Sep 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:83:63:09:06:71:7c:79:cb:e0:1e:a3:9e:49:94:9e:bc:6c:04:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep  1 17:20:08 2025 GMT
            Not After : Oct  6 23:59:59 2025 GMT
        Subject: serialNumber=e99ff7e8ee6b8045a7739caf896b363280243e692923d1a0c33c31673d6c1bf7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:99:c9:74:c9:15:f9:f5:73:a6:8b:de:d5:d6:
                    5a:7e:e5:9c:bb:f1:41:05:34:da:fb:0f:7f:58:b0:
                    0d:ce:f5:d1:e8:65:dd:e5:32:55:cb:54:1b:aa:dd:
                    f3:21:eb:41:52:e4:90:47:4c:59:50:31:2d:97:a9:
                    fd:6a:b9:45:17:66:9c:60:72:43:90:b4:58:3f:37:
                    f0:5d:60:72:a5:eb:1f:eb:72:d4:5a:76:98:06:78:
                    b2:d7:79:a9:27:e9:53:da:ce:1a:02:2d:2e:ef:96:
                    ee:c4:a1:27:90:d4:6e:b0:f5:cb:07:a2:b1:fd:26:
                    84:f4:85:f3:c6:3c:42:43:ab:18:cb:f8:6e:bc:1c:
                    5e:ae:df:30:af:aa:ea:ce:74:33:bf:18:95:cc:c0:
                    2c:69:0b:14:ae:33:f9:5d:3f:47:24:11:b7:af:7a:
                    94:9f:39:13:ca:76:d8:96:65:27:fe:0d:1a:f0:38:
                    94:e7:11:04:b7:6d:f1:09:41:76:f4:7d:cb:00:55:
                    7f:5a:fa:48:03:04:76:59:8a:4d:00:10:d8:7d:dd:
                    cd:cc:e8:e2:68:75:f3:76:23:64:48:33:54:16:05:
                    c9:61:6f:09:53:b7:06:a3:19:dc:96:7f:04:63:1b:
                    18:6d:d6:16:d1:da:f6:91:5c:f2:b1:32:2e:10:37:
                    a6:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:67:F9:A2:FD:6F:72:5B:86:80:89:32:E1:B8:BC:C5:68:A6:18:02
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29b01bc5-78ea-4f2b-b197-f976e0a8391d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.160.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a4:07:fd:99:bb:60:83:5c:89:ce:3f:9e:74:16:77:cd:d7:3b:
         ea:6d:3b:a0:90:37:b7:3d:36:5d:92:2e:d8:52:42:9a:15:cc:
         41:61:d8:14:19:a0:0b:3b:eb:0c:7c:c3:a7:fb:a2:b2:07:d3:
         6c:28:8e:bc:1a:10:f5:f9:85:0a:a4:f7:3d:52:1f:ad:4c:dc:
         1d:70:e6:7a:6f:d8:c6:8f:9f:7b:a2:93:c2:e5:5e:c6:8e:bf:
         46:2c:40:41:8c:13:9e:01:c8:54:17:37:26:31:90:00:51:b3:
         0a:dd:1b:2c:9f:47:48:16:ef:b6:7c:4c:31:d7:51:2f:d3:a0:
         f0:fc:e2:ba:4c:64:8c:e4:df:74:10:5e:af:20:64:3a:6a:f7:
         6b:ec:cb:aa:bd:d4:a2:15:e3:d2:6a:50:f2:b0:11:c9:02:40:
         23:27:da:3f:a7:74:93:83:4e:c2:28:10:38:fc:55:9c:6c:5f:
         0a:92:3a:6c:6b:a2:b7:c4:66:a5:f3:e2:f2:1a:3e:b3:aa:ed:
         7e:8a:8f:d8:6b:b3:45:61:50:22:d3:a5:e4:8d:c6:1b:84:a2:
         47:62:57:63:de:89:38:ce:73:a0:ec:1b:fc:23:6a:57:2d:58:
         c8:9a:7e:dc:26:60:fb:d2:62:72:07:a2:a0:99:61:05:a8:81:
         ba:e3:8c:e6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUOYNjCQZxfHnL4B6jnkmUnrxsBIwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTAxMTcyMDA4WhcNMjUxMDA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlOTlmZjdlOGVlNmI4MDQ1YTc3MzljYWY4OTZiMzYzMjgw
MjQzZTY5MjkyM2QxYTBjMzNjMzE2NzNkNmMxYmY3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFmcl0yRX59XOmi97V1lp+5Zy78UEFNNr7D39YsA3O9dHo
Zd3lMlXLVBuq3fMh60FS5JBHTFlQMS2Xqf1quUUXZpxgckOQtFg/N/BdYHKl6x/r
ctRadpgGeLLXeakn6VPazhoCLS7vlu7EoSeQ1G6w9csHorH9JoT0hfPGPEJDqxjL
+G68HF6u3zCvqurOdDO/GJXMwCxpCxSuM/ldP0ckEbevepSfORPKdtiWZSf+DRrw
OJTnEQS3bfEJQXb0fcsAVX9a+kgDBHZZik0AENh93c3M6OJodfN2I2RIM1QWBclh
bwlTtwajGdyWfwRjGxht1hbR2vaRXPKxMi4QN6aDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHmf5ov1vcluGgIky4bi8xWimGAIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI5YjAxYmM1LTc4ZWEtNGYyYi1iMTk3LWY5NzZlMGE4MzkxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCBoDANBgkqhkiG9w0BAQsFAAOCAQEApAf9mbtgg1yJzj+edBZ3zdc76m07
oJA3tz02XZIu2FJCmhXMQWHYFBmgCzvrDHzDp/uisgfTbCiOvBoQ9fmFCqT3PVIf
rUzcHXDmem/Yxo+fe6KTwuVexo6/RixAQYwTngHIVBc3JjGQAFGzCt0bLJ9HSBbv
tnxMMddRL9Og8PziukxkjOTfdBBeryBkOmr3a+zLqr3UohXj0mpQ8rARyQJAIyfa
P6d0k4NOwigQOPxVnGxfCpI6bGuit8RmpfPi8ho+s6rtfoqP2GuzRWFQItOl5I3G
G4SiR2JXY96JOM5zoOwb/CNqVy1YyJp+3CZg+9JicgeioJlhBaiBuuOM5g==
-----END CERTIFICATE-----