Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/325439f5-7521-473f-be3d-2bbb4d64688a.roa
File:                     325439f5-7521-473f-be3d-2bbb4d64688a.roa (raw, json)
Hash identifier:          WVr+U7PPn8QydD/lkPXN7hhcM61otc/S+SbEAf5TyUo=
Subject key identifier:   77:29:A2:81:E4:04:8F:05:3D:17:58:88:F2:A1:BF:08:CE:6F:F7:96
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2331A9B21F20954A4ECBB6D9FC435972471C270B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/325439f5-7521-473f-be3d-2bbb4d64688a.roa
Signing time:             Fri 26 Sep 2025 00:27:23 +0000
ROA not before:           Fri 26 Sep 2025 00:27:23 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.167.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:31:a9:b2:1f:20:95:4a:4e:cb:b6:d9:fc:43:59:72:47:1c:27:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:27:23 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=0a6beb4656e6d0744b850f72ca7de320f2b6cfec61c5e29f67f6d739d9a06a2d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:0a:fd:86:2f:9a:c6:5e:a9:05:8c:e5:3c:a9:
                    79:7c:cb:d1:90:8b:11:54:e9:9b:6e:6f:7b:bb:60:
                    14:45:49:de:80:65:c0:53:b6:66:6a:a5:fb:77:ef:
                    6d:10:c0:72:ac:a5:42:4d:33:9d:6a:36:89:1c:35:
                    17:0a:4b:46:7f:96:70:3d:78:f7:af:88:79:fa:f5:
                    12:20:49:bd:d0:3b:f3:67:b3:de:62:d2:03:b1:4a:
                    c0:99:42:fb:cd:ca:81:34:ec:e1:ea:0a:7c:eb:24:
                    9b:6a:b7:15:5e:31:c4:c6:1c:13:b1:af:f6:ea:55:
                    26:48:8e:7a:aa:78:07:4f:b8:51:d2:ae:fd:ff:8f:
                    7d:3f:34:e0:b6:13:a9:1c:f3:91:bd:e7:96:d1:e0:
                    b3:3c:0d:94:66:19:ea:c7:03:3c:fe:f9:7f:28:8b:
                    3f:20:04:e0:e9:62:11:b1:06:92:20:22:9a:5b:04:
                    23:d4:15:d6:43:f1:7c:67:ce:b1:fc:d3:eb:88:40:
                    95:96:68:2c:c3:75:5d:93:c1:76:00:27:40:e3:0e:
                    e7:4b:4e:7c:3e:59:19:e4:90:85:b1:db:82:20:ed:
                    9f:68:76:fe:1f:44:91:b4:39:80:dc:c0:e9:13:ab:
                    25:72:ac:07:4c:78:55:9c:ed:5b:f7:24:4a:a7:38:
                    c5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:29:A2:81:E4:04:8F:05:3D:17:58:88:F2:A1:BF:08:CE:6F:F7:96
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/325439f5-7521-473f-be3d-2bbb4d64688a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.167.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:4e:35:b3:59:10:79:74:b9:c4:a1:34:0b:13:6e:77:14:86:
         57:e4:c7:af:c0:03:61:f5:24:5d:cb:d9:fa:f3:94:16:be:36:
         ec:54:80:b5:9a:5d:a1:ca:f2:99:6b:55:b5:e7:91:0d:42:b5:
         67:d5:3b:f2:0a:dc:fc:c7:2d:f1:0f:cc:a8:62:0e:3b:01:e7:
         56:d2:2a:53:57:5d:66:01:dc:ea:39:a9:c2:f9:f9:b5:f2:66:
         91:81:73:21:21:97:a5:1f:73:09:b1:2b:8f:f9:43:13:92:68:
         c8:56:c1:bc:f1:c2:4b:81:f1:40:ea:55:4a:e8:cd:5c:c6:d0:
         5d:e2:47:30:d3:d7:d4:34:c5:60:13:89:3a:bf:55:79:11:27:
         eb:00:f2:fa:22:2b:94:8c:63:e2:71:7c:ad:a2:76:3f:49:25:
         16:98:de:01:80:b9:5a:9a:97:24:7a:e0:9d:b9:55:39:a0:27:
         53:2e:a1:02:de:3d:f7:52:f4:f8:80:68:3e:3b:86:c2:26:ca:
         3c:16:0b:5f:d8:0d:25:09:d2:80:54:15:8d:18:7e:f4:90:bf:
         a8:ec:57:12:57:d8:a7:2a:28:6d:37:9c:50:a6:15:4d:b2:68:
         bf:9b:4d:a6:55:22:d0:c6:fc:9d:01:71:72:05:0b:48:16:a1:
         53:10:3a:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIzGpsh8glUpOy7bZ/ENZckccJwswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAyNzIzWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYTZiZWI0NjU2ZTZkMDc0NGI4NTBmNzJjYTdkZTMyMGYy
YjZjZmVjNjFjNWUyOWY2N2Y2ZDczOWQ5YTA2YTJkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWCv2GL5rGXqkFjOU8qXl8y9GQixFU6Ztub3u7YBRFSd6A
ZcBTtmZqpft3720QwHKspUJNM51qNokcNRcKS0Z/lnA9ePeviHn69RIgSb3QO/Nn
s95i0gOxSsCZQvvNyoE07OHqCnzrJJtqtxVeMcTGHBOxr/bqVSZIjnqqeAdPuFHS
rv3/j30/NOC2E6kc85G955bR4LM8DZRmGerHAzz++X8oiz8gBODpYhGxBpIgIppb
BCPUFdZD8XxnzrH80+uIQJWWaCzDdV2TwXYAJ0DjDudLTnw+WRnkkIWx24Ig7Z9o
dv4fRJG0OYDcwOkTqyVyrAdMeFWc7Vv3JEqnOMXHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdymigeQEjwU9F1iI8qG/CM5v95YwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMyNTQzOWY1LTc1MjEtNDczZi1iZTNkLTJiYmI0ZDY0Njg4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDp7AwDQYJKoZIhvcNAQELBQADggEBAKlONbNZEHl0ucShNAsTbncUhlfk
x6/AA2H1JF3L2frzlBa+NuxUgLWaXaHK8plrVbXnkQ1CtWfVO/IK3PzHLfEPzKhi
DjsB51bSKlNXXWYB3Oo5qcL5+bXyZpGBcyEhl6UfcwmxK4/5QxOSaMhWwbzxwkuB
8UDqVUrozVzG0F3iRzDT19Q0xWATiTq/VXkRJ+sA8voiK5SMY+JxfK2idj9JJRaY
3gGAuVqalyR64J25VTmgJ1MuoQLePfdS9PiAaD47hsImyjwWC1/YDSUJ0oBUFY0Y
fvSQv6jsVxJX2KcqKG03nFCmFU2yaL+bTaZVItDG/J0BcXIFC0gWoVMQOik=
-----END CERTIFICATE-----