Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/31305cd4-4f19-45e6-acb0-b3490c87bd92.roa
File:                     31305cd4-4f19-45e6-acb0-b3490c87bd92.roa (raw, json)
Hash identifier:          2prVD/pvJMtfAW0OysR/WE7OWU9BUPXTKRpLb3QDu/8=
Subject key identifier:   26:05:40:55:E6:C1:97:21:F5:CC:2C:31:95:52:5D:E0:E6:33:A5:92
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       67021C0A416A180FFF2E26F9465F4ACFCC882877
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/31305cd4-4f19-45e6-acb0-b3490c87bd92.roa
Signing time:             Thu 25 Sep 2025 21:41:54 +0000
ROA not before:           Thu 25 Sep 2025 21:41:54 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.161.68.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:02:1c:0a:41:6a:18:0f:ff:2e:26:f9:46:5f:4a:cf:cc:88:28:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 21:41:54 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=83a32edba3fce6066d71c6d80229b431a6e1086e0866cb9a444638f3ab3ea0e5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ab:fd:d1:c9:f7:f0:f3:8b:4b:be:ce:59:1d:
                    63:61:1e:c9:96:9a:1d:31:9f:6e:a5:fe:ed:1a:58:
                    f7:a0:9b:49:b1:fb:50:df:6c:65:4b:68:52:09:12:
                    28:57:9f:eb:a8:db:37:35:83:66:57:ff:8e:be:0b:
                    ba:2d:c1:24:4d:ce:8f:68:35:67:98:9d:02:bf:b7:
                    dc:aa:b1:8c:e6:f2:32:54:60:e1:bb:55:28:62:77:
                    73:44:1b:1a:76:eb:f0:23:10:b9:fe:c4:32:ce:94:
                    88:22:8c:10:aa:c8:27:6c:ed:55:4c:ac:ad:f1:e9:
                    a8:a5:da:8a:e0:06:cc:cc:d5:22:31:4f:45:dc:80:
                    43:32:fa:22:b9:b3:c1:09:5b:58:a2:c1:50:39:3f:
                    d4:75:3b:5e:5e:5f:05:62:f0:cc:13:22:15:d7:3f:
                    14:64:98:15:61:08:d6:62:fb:a7:96:82:c2:5f:a8:
                    7a:32:74:ca:75:92:aa:95:c4:d5:07:43:80:73:38:
                    fb:59:a0:f7:96:fb:e6:51:e2:9a:9a:0e:1d:17:da:
                    f9:06:4f:e0:d9:b0:88:46:54:9b:63:b0:be:c9:0a:
                    70:db:ca:1c:2d:4d:7c:1a:e2:47:df:18:fd:bc:71:
                    46:00:09:6a:b1:9c:03:c4:52:f3:32:a4:8a:d5:de:
                    d9:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:05:40:55:E6:C1:97:21:F5:CC:2C:31:95:52:5D:E0:E6:33:A5:92
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/31305cd4-4f19-45e6-acb0-b3490c87bd92.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.161.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:de:f9:35:65:b1:2d:ac:7d:33:20:f6:28:3f:a0:fa:b5:3e:
         68:da:70:3d:06:82:e1:4a:05:00:94:15:73:78:29:22:2d:e8:
         c6:c0:7a:26:7d:b3:af:2d:28:e8:67:da:15:0c:5e:e7:38:4e:
         31:c4:d1:eb:96:71:1c:49:d9:51:c5:6b:e1:1b:19:e4:75:d4:
         ad:3f:56:ec:f6:44:99:4f:8a:35:90:da:2d:d8:a8:ea:15:26:
         4f:22:6a:7e:d2:0f:7e:fc:b2:4b:04:6b:65:1d:ad:88:01:cb:
         f4:83:32:4d:cd:9e:63:f3:6d:85:c0:df:5a:8b:8e:cf:64:97:
         df:6c:cc:c1:f6:31:60:6a:97:08:32:6c:2b:df:ba:c8:32:13:
         4d:15:b4:a7:44:1a:45:d7:c9:b8:39:3b:68:dc:fe:05:e9:db:
         8b:1e:5c:5e:be:4f:84:1b:07:5b:1b:56:0b:8f:6c:1e:82:60:
         12:50:4b:bc:7c:3a:8e:49:0c:30:b4:56:ff:6a:be:2a:48:bc:
         46:9d:58:88:a2:5e:2b:ed:b2:59:08:0b:ec:1b:a2:f8:1d:72:
         33:47:34:38:d3:0f:24:04:7b:aa:7d:3f:04:90:3b:ad:e7:12:
         75:75:36:b9:26:bf:e9:6b:03:bf:fb:b6:f8:f1:e0:a0:11:6b:
         a0:bf:83:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZwIcCkFqGA//Lib5Rl9Kz8yIKHcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjE0MTU0WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4M2EzMmVkYmEzZmNlNjA2NmQ3MWM2ZDgwMjI5YjQzMWE2
ZTEwODZlMDg2NmNiOWE0NDQ2MzhmM2FiM2VhMGU1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjq/3Ryffw84tLvs5ZHWNhHsmWmh0xn26l/u0aWPegm0mx
+1DfbGVLaFIJEihXn+uo2zc1g2ZX/46+C7otwSRNzo9oNWeYnQK/t9yqsYzm8jJU
YOG7VShid3NEGxp26/AjELn+xDLOlIgijBCqyCds7VVMrK3x6ail2orgBszM1SIx
T0XcgEMy+iK5s8EJW1iiwVA5P9R1O15eXwVi8MwTIhXXPxRkmBVhCNZi+6eWgsJf
qHoydMp1kqqVxNUHQ4BzOPtZoPeW++ZR4pqaDh0X2vkGT+DZsIhGVJtjsL7JCnDb
yhwtTXwa4kffGP28cUYACWqxnAPEUvMypIrV3tmHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJgVAVebBlyH1zCwxlVJd4OYzpZIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMxMzA1Y2Q0LTRmMTktNDVlNi1hY2IwLWIzNDkwYzg3YmQ5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDoUQwDQYJKoZIhvcNAQELBQADggEBAG3e+TVlsS2sfTMg9ig/oPq1Pmja
cD0GguFKBQCUFXN4KSIt6MbAeiZ9s68tKOhn2hUMXuc4TjHE0euWcRxJ2VHFa+Eb
GeR11K0/Vuz2RJlPijWQ2i3YqOoVJk8ian7SD378sksEa2UdrYgBy/SDMk3NnmPz
bYXA31qLjs9kl99szMH2MWBqlwgybCvfusgyE00VtKdEGkXXybg5O2jc/gXp24se
XF6+T4QbB1sbVguPbB6CYBJQS7x8Oo5JDDC0Vv9qvipIvEadWIiiXivtslkIC+wb
ovgdcjNHNDjTDyQEe6p9PwSQO63nEnV1Nrkmv+lrA7/7tvjx4KARa6C/gyI=
-----END CERTIFICATE-----