Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/37306c06-44b1-4cfe-a701-0747b21615d1.roa
File:                     37306c06-44b1-4cfe-a701-0747b21615d1.roa (raw, json)
Hash identifier:          ZSNIgl3hOMRxYyaF0TqIAkWDu1erH3k5uzY4ykF2Xho=
Subject key identifier:   EF:BC:38:B4:E8:E6:88:F7:41:9F:8D:84:A9:28:D8:92:03:ED:A8:04
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3B4CD4E5926AF4C1A1973C73DAA94D51702A9ACF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/37306c06-44b1-4cfe-a701-0747b21615d1.roa
Signing time:             Thu 25 Sep 2025 22:22:15 +0000
ROA not before:           Thu 25 Sep 2025 22:22:15 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.166.136.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:4c:d4:e5:92:6a:f4:c1:a1:97:3c:73:da:a9:4d:51:70:2a:9a:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 22:22:15 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=a7a192c883e2a0aa35e72e20ea5811aeb229268771b96c647b36096ecf732c0d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:81:8e:74:c7:86:e6:a2:60:21:49:7f:f4:6e:
                    aa:c9:e1:5d:59:8e:49:e4:17:be:73:74:0b:07:e2:
                    d6:d7:85:74:7e:98:1f:a3:f3:c8:fb:61:8f:4b:79:
                    75:e6:49:a1:80:4f:dc:4b:69:00:2e:89:9f:5b:ab:
                    d5:d4:99:91:b0:0a:4c:39:45:66:7f:42:25:4c:9b:
                    b8:b7:1f:1d:fd:79:55:a6:4a:77:bb:4a:f0:3b:25:
                    cb:89:dc:c1:d3:a2:8c:e9:cb:7a:8d:5d:10:bc:cf:
                    7b:ea:41:03:71:6a:9d:55:9d:4f:01:2e:8a:45:74:
                    59:d2:bb:3b:33:c0:b4:26:3c:e9:a7:4a:82:62:5b:
                    01:f0:f0:8a:b8:3f:97:29:3a:6a:27:78:9e:6e:8f:
                    31:7b:96:26:61:c6:8f:68:5a:fb:50:3b:96:d9:cc:
                    e0:ae:60:1c:a5:36:11:3e:52:6e:da:da:41:94:c3:
                    9e:b1:c4:96:07:15:ef:80:0b:68:38:ea:ae:f2:40:
                    b5:21:4f:5f:b6:62:61:f5:dd:ea:66:0d:fe:91:37:
                    fd:4d:10:55:03:6f:73:4a:51:90:07:47:bf:b6:a2:
                    83:b2:7a:7b:c2:31:3a:43:45:0a:c3:31:d5:91:01:
                    9e:5a:3b:bb:2c:da:73:ec:0f:70:b2:ff:75:a4:7f:
                    d1:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:BC:38:B4:E8:E6:88:F7:41:9F:8D:84:A9:28:D8:92:03:ED:A8:04
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/37306c06-44b1-4cfe-a701-0747b21615d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.166.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:75:20:44:21:29:8e:45:e1:04:ad:98:65:71:12:70:74:8a:
         4c:5c:e1:a8:33:7b:dd:1a:c7:fc:43:75:c0:41:bb:5d:7f:73:
         90:37:c5:81:2c:a1:f1:24:c0:2d:8e:ca:65:df:e5:0a:f0:da:
         6b:4f:01:78:ac:b7:a6:e0:ca:5a:5d:11:d5:77:d3:06:5d:13:
         86:4a:7e:57:2b:8c:fd:76:b9:bb:d3:7b:a6:b2:50:73:74:7d:
         b6:07:dc:41:57:f2:a8:0c:62:5a:b2:1d:05:c4:2e:45:21:88:
         3b:7d:b6:34:0d:9b:50:0b:b5:0e:66:7e:29:db:31:3b:1a:4e:
         63:12:7c:84:55:8e:57:07:dc:07:57:5d:33:f7:c2:8e:ed:03:
         ba:f6:3b:56:71:16:63:08:94:2d:4a:a8:cd:74:d9:b4:ac:21:
         67:b8:c3:ef:8a:f5:0a:3a:c4:43:ef:c8:03:5f:5e:68:6b:b5:
         77:16:78:11:d2:1e:7f:a4:17:cf:5a:b3:53:2a:f1:94:60:84:
         77:ff:f6:59:df:5d:85:e9:e2:ed:dc:1e:00:26:94:ba:60:13:
         94:9e:7c:52:da:b1:47:19:d5:70:47:62:9a:37:a7:34:75:fd:
         f1:17:b7:cb:5d:19:24:da:cd:24:ae:61:41:c6:9a:27:27:ce:
         ba:5f:2c:42
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO0zU5ZJq9MGhlzxz2qlNUXAqms8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjIyMjE1WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhN2ExOTJjODgzZTJhMGFhMzVlNzJlMjBlYTU4MTFhZWIy
MjkyNjg3NzFiOTZjNjQ3YjM2MDk2ZWNmNzMyYzBkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNgY50x4bmomAhSX/0bqrJ4V1ZjknkF75zdAsH4tbXhXR+
mB+j88j7YY9LeXXmSaGAT9xLaQAuiZ9bq9XUmZGwCkw5RWZ/QiVMm7i3Hx39eVWm
Sne7SvA7JcuJ3MHToozpy3qNXRC8z3vqQQNxap1VnU8BLopFdFnSuzszwLQmPOmn
SoJiWwHw8Iq4P5cpOmoneJ5ujzF7liZhxo9oWvtQO5bZzOCuYBylNhE+Um7a2kGU
w56xxJYHFe+AC2g46q7yQLUhT1+2YmH13epmDf6RN/1NEFUDb3NKUZAHR7+2ooOy
envCMTpDRQrDMdWRAZ5aO7ss2nPsD3Cy/3Wkf9ETAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU77w4tOjmiPdBn42EqSjYkgPtqAQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM3MzA2YzA2LTQ0YjEtNGNmZS1hNzAxLTA3NDdiMjE2MTVkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDpogwDQYJKoZIhvcNAQELBQADggEBAFV1IEQhKY5F4QStmGVxEnB0ikxc
4agze90ax/xDdcBBu11/c5A3xYEsofEkwC2OymXf5Qrw2mtPAXist6bgylpdEdV3
0wZdE4ZKflcrjP12ubvTe6ayUHN0fbYH3EFX8qgMYlqyHQXELkUhiDt9tjQNm1AL
tQ5mfinbMTsaTmMSfIRVjlcH3AdXXTP3wo7tA7r2O1ZxFmMIlC1KqM102bSsIWe4
w++K9Qo6xEPvyANfXmhrtXcWeBHSHn+kF89as1Mq8ZRghHf/9lnfXYXp4u3cHgAm
lLpgE5SefFLasUcZ1XBHYpo3pzR1/fEXt8tdGSTazSSuYUHGmicnzrpfLEI=
-----END CERTIFICATE-----