Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2cc2d027-f369-46fa-8ab9-211a1afa4437.roa
File:                     2cc2d027-f369-46fa-8ab9-211a1afa4437.roa (raw, json)
Hash identifier:          bu8rlZRX7+NouZG4lT2BW4W+2FJI2lbI/wiTLo6H59s=
Subject key identifier:   88:EB:11:53:B9:3D:EE:F8:DB:86:FB:10:2E:B5:FC:7C:27:54:75:81
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1A068C58A2DE63520E85EF489CCE2D2B8045C034
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2cc2d027-f369-46fa-8ab9-211a1afa4437.roa
Signing time:             Thu 25 Sep 2025 16:54:58 +0000
ROA not before:           Thu 25 Sep 2025 16:54:58 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.161.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:06:8c:58:a2:de:63:52:0e:85:ef:48:9c:ce:2d:2b:80:45:c0:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 16:54:58 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=c728f96df8b2d17150ad68deec932b867a0c3fb19b43afb5029d792a4a7fd841, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fa:ec:69:90:b5:a9:ce:a5:7c:10:c8:9d:88:
                    47:fb:c3:dd:20:fc:a2:c0:84:bd:75:7f:ea:a1:df:
                    98:bf:72:ff:33:b4:9b:14:5a:16:8b:bf:07:4c:f2:
                    4a:1e:e9:c6:46:19:5f:ad:e7:43:96:ff:26:fb:18:
                    1d:3b:24:fa:1e:ef:2d:f3:7f:1d:95:ff:9f:81:6c:
                    3e:e4:23:11:68:cd:b4:fe:8e:e2:11:21:78:b2:01:
                    ac:70:80:ed:3d:ec:d6:c5:d9:8d:d2:56:f7:42:39:
                    58:8e:f6:b8:73:70:d2:86:d2:92:2a:04:ba:9f:ad:
                    9c:90:e0:95:61:f4:39:a4:e9:fd:3c:91:5c:53:eb:
                    cf:ac:62:b8:0f:5a:fb:9e:ab:53:38:90:d4:e5:68:
                    3e:d8:93:bc:ff:33:15:62:d7:5c:1f:4c:48:e9:c0:
                    4e:0a:a4:39:5b:f4:1e:85:5d:2e:69:47:44:68:31:
                    72:d3:36:79:03:27:6f:f9:60:23:0e:06:b0:d2:8b:
                    62:ca:93:90:1b:b1:7a:90:9e:4a:59:e9:9c:b3:e9:
                    d1:5b:19:21:4a:0c:63:5e:53:67:33:82:a4:8c:2e:
                    a5:0c:b1:26:0b:69:d0:2b:d7:5e:de:18:73:74:d9:
                    05:e4:82:af:51:b9:77:fa:4d:56:d7:e9:22:b1:aa:
                    0c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:EB:11:53:B9:3D:EE:F8:DB:86:FB:10:2E:B5:FC:7C:27:54:75:81
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2cc2d027-f369-46fa-8ab9-211a1afa4437.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.161.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:77:36:5d:36:da:94:0a:8c:75:b5:2c:7e:1b:45:ba:ee:ee:
         a6:39:29:be:b2:9a:19:ed:e4:cf:3f:3e:d9:28:77:fc:fc:3b:
         ba:54:9e:bb:ce:98:6b:cb:b2:85:9e:8c:e2:17:d7:95:46:b1:
         6c:25:82:cd:f5:00:b7:99:a4:72:5c:bc:61:31:9b:da:00:1b:
         79:78:0a:cc:5a:d6:25:ff:f7:49:68:0f:c3:35:d0:0f:64:39:
         79:13:a8:7e:77:cc:5e:df:1b:ba:8f:65:47:86:58:27:f4:d9:
         43:68:43:f6:b8:f2:af:03:29:ad:d0:75:26:7d:a5:2e:ee:a0:
         23:b9:60:10:68:35:4b:29:d2:95:0d:6c:2c:51:5f:b4:9c:c0:
         b4:a2:1b:39:c7:1c:f4:91:71:b4:ad:dc:98:22:ae:e4:3b:5d:
         3e:5c:bd:d4:27:85:bf:96:f0:c2:64:69:e1:d5:d4:ce:6d:6e:
         23:d5:06:1d:c6:c6:59:c4:b9:30:5b:f2:52:a1:3f:ba:96:3e:
         4c:f6:00:a0:f7:bf:e4:e3:66:4d:3b:2f:71:c2:ff:41:e7:67:
         05:3b:f2:3e:80:9e:af:04:e4:18:b9:df:2f:de:5b:2a:ac:ea:
         94:24:34:67:06:f9:45:56:1f:60:38:72:a3:ff:b2:82:79:d7:
         0b:36:f8:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGgaMWKLeY1IOhe9InM4tK4BFwDQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTY1NDU4WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNzI4Zjk2ZGY4YjJkMTcxNTBhZDY4ZGVlYzkzMmI4Njdh
MGMzZmIxOWI0M2FmYjUwMjlkNzkyYTRhN2ZkODQxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCl+uxpkLWpzqV8EMidiEf7w90g/KLAhL11f+qh35i/cv8z
tJsUWhaLvwdM8koe6cZGGV+t50OW/yb7GB07JPoe7y3zfx2V/5+BbD7kIxFozbT+
juIRIXiyAaxwgO097NbF2Y3SVvdCOViO9rhzcNKG0pIqBLqfrZyQ4JVh9Dmk6f08
kVxT68+sYrgPWvueq1M4kNTlaD7Yk7z/MxVi11wfTEjpwE4KpDlb9B6FXS5pR0Ro
MXLTNnkDJ2/5YCMOBrDSi2LKk5AbsXqQnkpZ6Zyz6dFbGSFKDGNeU2czgqSMLqUM
sSYLadAr117eGHN02QXkgq9RuXf6TVbX6SKxqgzLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiOsRU7k97vjbhvsQLrX8fCdUdYEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJjYzJkMDI3LWYzNjktNDZmYS04YWI5LTIxMWExYWZhNDQzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADoW8wDQYJKoZIhvcNAQELBQADggEBAD53Nl022pQKjHW1LH4bRbru7qY5
Kb6ymhnt5M8/Ptkod/z8O7pUnrvOmGvLsoWejOIX15VGsWwlgs31ALeZpHJcvGEx
m9oAG3l4Csxa1iX/90loD8M10A9kOXkTqH53zF7fG7qPZUeGWCf02UNoQ/a48q8D
Ka3QdSZ9pS7uoCO5YBBoNUsp0pUNbCxRX7ScwLSiGznHHPSRcbSt3JgiruQ7XT5c
vdQnhb+W8MJkaeHV1M5tbiPVBh3GxlnEuTBb8lKhP7qWPkz2AKD3v+TjZk07L3HC
/0HnZwU78j6Anq8E5Bi53y/eWyqs6pQkNGcG+UVWH2A4cqP/soJ51ws2+Fk=
-----END CERTIFICATE-----