Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2b8ccb4f-0647-4860-bb15-14042040a7f2.roa
File:                     2b8ccb4f-0647-4860-bb15-14042040a7f2.roa (raw, json)
Hash identifier:          lZqu+NuGTWpF/hDkRc324z9/gYp7fj0jRbODWyQ26AU=
Subject key identifier:   20:A0:22:EC:C3:52:66:6B:A8:19:80:3D:FB:A4:0E:AD:F7:02:CF:78
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       18C781738CBF099F5C3A60833CEA3F1E636537E7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2b8ccb4f-0647-4860-bb15-14042040a7f2.roa
Signing time:             Mon 30 Jun 2025 16:11:28 +0000
ROA not before:           Mon 30 Jun 2025 16:11:28 +0000
ROA not after:            Mon 04 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        3.83.168.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 05 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:c7:81:73:8c:bf:09:9f:5c:3a:60:83:3c:ea:3f:1e:63:65:37:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun 30 16:11:28 2025 GMT
            Not After : Aug  4 23:59:59 2025 GMT
        Subject: serialNumber=15c0983937a80af66934aa0ca28fa1b7280fca6a0288888b8cb231f782bc0a16, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:88:ee:de:c8:0e:69:33:1b:75:08:09:52:64:
                    92:cf:95:c4:b9:b9:98:ad:2a:1a:42:ae:d7:2c:8f:
                    95:52:49:9a:39:82:be:a8:b4:7f:bb:fb:55:d2:dc:
                    c6:d2:f4:d6:a4:e0:bc:54:3c:a8:6c:98:ac:0c:ac:
                    59:80:a5:d9:41:d5:47:03:c2:9a:f9:ea:ac:59:0a:
                    89:7d:93:cd:ce:25:00:dd:bf:eb:ee:d4:27:26:6d:
                    cc:39:26:31:e6:a1:5e:90:5c:83:92:7b:4f:b5:9d:
                    21:ef:0e:a8:da:8c:37:e1:33:00:89:35:eb:17:ac:
                    65:38:b1:4b:fa:1b:29:f0:d9:fc:a3:9c:a7:96:35:
                    fc:e8:08:e8:23:86:0b:2a:22:c5:d7:2e:3f:8b:51:
                    53:3c:ef:d0:49:72:fe:ad:fe:d5:bd:61:f3:ac:09:
                    d1:3b:53:93:96:8a:fc:e0:f8:f4:b2:24:a1:6f:1d:
                    7f:1f:b5:ad:72:0d:e4:53:5c:76:0f:36:c9:f6:be:
                    ad:a7:7d:9c:37:d9:7c:ca:2f:d8:b0:f8:e5:8f:e1:
                    fa:4a:50:f7:6f:02:71:8a:6a:04:2a:20:2c:10:0f:
                    ee:5f:77:1a:d8:12:53:81:5b:0b:63:fc:d8:6f:59:
                    d0:59:6e:39:0a:cd:b3:9b:dd:ca:54:9f:b2:1b:e6:
                    27:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:A0:22:EC:C3:52:66:6B:A8:19:80:3D:FB:A4:0E:AD:F7:02:CF:78
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2b8ccb4f-0647-4860-bb15-14042040a7f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.83.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:56:22:d1:9e:de:47:05:0d:a7:f7:1f:b5:3e:09:51:73:30:
         a9:4c:5d:43:89:63:e3:a0:e5:16:ff:89:d0:0f:66:b2:86:ca:
         09:73:54:35:49:31:a0:72:16:5e:f9:35:86:65:ed:dd:21:ec:
         b5:03:92:4e:4e:5c:5a:de:c0:22:78:5c:13:a7:6b:4f:cf:9c:
         6f:6b:f3:f3:cf:4c:f8:fa:af:f4:6d:bc:0a:5f:f0:0c:b7:59:
         5e:6a:7a:7a:7a:2a:24:1d:b7:b3:17:13:0c:fe:3f:5a:c9:91:
         df:b7:b0:a9:ed:da:5f:15:f3:5c:43:d0:6b:47:ce:69:c6:0b:
         eb:12:48:a8:55:30:5c:17:5b:3c:c9:3b:58:c2:b4:a1:64:e9:
         f5:cb:0d:e5:54:35:30:88:da:01:a7:6b:29:63:b6:63:aa:9f:
         aa:fe:2d:32:a0:51:68:f3:fe:4a:cd:6c:7e:5f:77:60:be:22:
         94:e1:a2:76:be:3c:f9:e1:90:da:0c:05:16:df:39:e4:70:6b:
         58:43:b7:bc:d3:0d:92:d6:23:66:5b:52:ca:8e:8b:c5:cd:21:
         bb:70:08:50:f9:eb:37:da:2f:b5:fa:cb:d2:39:1e:dd:2b:ef:
         be:e3:c5:c5:1d:83:28:58:48:ff:98:1e:b9:91:0a:50:38:99:
         0a:81:8c:a0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGMeBc4y/CZ9cOmCDPOo/HmNlN+cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjMwMTYxMTI4WhcNMjUwODA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNWMwOTgzOTM3YTgwYWY2NjkzNGFhMGNhMjhmYTFiNzI4
MGZjYTZhMDI4ODg4OGI4Y2IyMzFmNzgyYmMwYTE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsiO7eyA5pMxt1CAlSZJLPlcS5uZitKhpCrtcsj5VSSZo5
gr6otH+7+1XS3MbS9Nak4LxUPKhsmKwMrFmApdlB1UcDwpr56qxZCol9k83OJQDd
v+vu1Ccmbcw5JjHmoV6QXIOSe0+1nSHvDqjajDfhMwCJNesXrGU4sUv6Gynw2fyj
nKeWNfzoCOgjhgsqIsXXLj+LUVM879BJcv6t/tW9YfOsCdE7U5OWivzg+PSyJKFv
HX8fta1yDeRTXHYPNsn2vq2nfZw32XzKL9iw+OWP4fpKUPdvAnGKagQqICwQD+5f
dxrYElOBWwtj/NhvWdBZbjkKzbOb3cpUn7Ib5ifrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIKAi7MNSZmuoGYA9+6QOrfcCz3gwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJiOGNjYjRmLTA2NDctNDg2MC1iYjE1LTE0MDQyMDQwYTdmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDU6gwDQYJKoZIhvcNAQELBQADggEBAHRWItGe3kcFDaf3H7U+CVFzMKlM
XUOJY+Og5Rb/idAPZrKGyglzVDVJMaByFl75NYZl7d0h7LUDkk5OXFrewCJ4XBOn
a0/PnG9r8/PPTPj6r/RtvApf8Ay3WV5qenp6KiQdt7MXEwz+P1rJkd+3sKnt2l8V
81xD0GtHzmnGC+sSSKhVMFwXWzzJO1jCtKFk6fXLDeVUNTCI2gGnayljtmOqn6r+
LTKgUWjz/krNbH5fd2C+IpThona+PPnhkNoMBRbfOeRwa1hDt7zTDZLWI2ZbUsqO
i8XNIbtwCFD56zfaL7X6y9I5Ht0r777jxcUdgyhYSP+YHrmRClA4mQqBjKA=
-----END CERTIFICATE-----