Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/39f4276c-85ad-4e79-9ed9-a93beefbbc35.roa
File:                     39f4276c-85ad-4e79-9ed9-a93beefbbc35.roa (raw, json)
Hash identifier:          AbxtYvL9PMPZZyySbF3zS9cAp5eNeXFb/LrmnoloXi4=
Subject key identifier:   AC:DF:6B:81:C4:B5:31:32:F7:5F:B8:10:B2:03:AE:BE:21:D6:D6:C5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       37CB71C9B6E45E362AF013192977B4D608303C2D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/39f4276c-85ad-4e79-9ed9-a93beefbbc35.roa
Signing time:             Fri 26 Sep 2025 00:24:40 +0000
ROA not before:           Fri 26 Sep 2025 00:24:40 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.166.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:cb:71:c9:b6:e4:5e:36:2a:f0:13:19:29:77:b4:d6:08:30:3c:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:24:40 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=5311747d2763ab7bf2a8f9342f7e7cf8db7f5d008b88c58af02bdf9f0414a485, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e8:72:b8:4d:7a:dd:a4:df:58:a8:96:18:35:
                    3f:1c:29:94:1d:8c:b6:7b:c8:48:59:c4:4f:97:dc:
                    06:a9:64:83:f6:e4:67:05:fe:77:31:72:de:0d:dd:
                    48:21:53:ed:f7:67:e3:d4:1d:fa:9b:1a:7d:be:42:
                    ad:64:3a:09:0c:1c:78:ae:90:a2:f7:c7:7b:5f:3e:
                    2d:1f:8d:b7:df:0a:86:83:a8:4c:ea:f1:1a:ba:c6:
                    0f:55:0a:8c:f9:5d:c3:d2:13:f9:d0:e4:c6:91:f8:
                    d8:f8:a9:f9:e5:0e:f1:48:2d:fd:ef:44:99:c9:d1:
                    51:56:b2:6d:98:49:05:3e:57:1a:b7:8c:24:1d:66:
                    7e:4a:a2:62:33:7a:5c:cd:aa:ac:0e:d4:3c:f5:0d:
                    36:a3:87:50:fb:e8:33:16:cf:9d:a5:03:85:33:1a:
                    8d:66:75:b9:15:bb:0d:02:2b:cd:d9:63:b9:fd:0c:
                    f9:0b:e8:cd:0e:26:c3:a6:cc:1f:01:c6:72:2c:54:
                    d5:70:60:1c:26:b3:b7:85:4a:91:65:b9:83:e4:34:
                    e0:8d:15:7c:a9:d2:78:32:bb:96:53:99:3f:f8:7a:
                    ab:1b:bb:4a:8a:2f:e8:08:c6:0c:e1:33:ce:4d:bc:
                    99:61:a9:9a:85:a7:a6:95:94:d6:54:72:67:73:e8:
                    83:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:DF:6B:81:C4:B5:31:32:F7:5F:B8:10:B2:03:AE:BE:21:D6:D6:C5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/39f4276c-85ad-4e79-9ed9-a93beefbbc35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.166.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:e3:7a:e3:5d:57:43:76:bf:4e:a0:e3:f6:cb:a6:1d:e5:b3:
         3d:f4:1c:11:b3:61:72:2d:0d:79:d8:96:8a:c3:89:82:b7:9c:
         13:78:43:80:14:c9:1c:b9:76:49:d7:83:94:60:71:b8:15:5d:
         3d:92:d4:62:54:7a:8c:a4:50:56:92:98:54:df:2d:e5:51:5d:
         82:15:43:3a:18:5e:e5:95:b3:e0:d1:eb:b0:26:97:4c:9a:ce:
         00:78:25:9b:de:24:04:3d:ff:99:45:96:5b:92:2a:b9:ad:db:
         de:e1:a8:a8:8e:e1:4d:d1:34:b4:bb:75:85:95:53:2c:f4:e4:
         af:28:20:e7:d1:52:c3:ff:b5:55:79:d4:c6:43:43:dc:ad:79:
         08:ca:01:24:08:3d:aa:9e:c2:45:18:c7:89:47:4e:c5:e3:d3:
         5d:62:ad:dc:88:74:e7:2b:8d:a1:a0:16:6b:63:6d:c8:9c:39:
         62:8c:0e:1d:49:68:3c:3d:69:1a:a9:ad:e6:9e:b1:ce:96:9e:
         b4:a2:26:e2:11:44:09:97:4e:cf:76:29:bc:91:6e:b2:d9:71:
         28:12:69:14:7c:6f:31:b6:6d:6a:6c:e8:2a:f1:4c:2a:c2:22:
         4c:eb:13:62:71:83:48:88:a2:21:35:b1:f6:93:1c:bc:13:92:
         02:df:88:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN8txybbkXjYq8BMZKXe01ggwPC0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAyNDQwWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MzExNzQ3ZDI3NjNhYjdiZjJhOGY5MzQyZjdlN2NmOGRi
N2Y1ZDAwOGI4OGM1OGFmMDJiZGY5ZjA0MTRhNDg1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDN6HK4TXrdpN9YqJYYNT8cKZQdjLZ7yEhZxE+X3AapZIP2
5GcF/ncxct4N3UghU+33Z+PUHfqbGn2+Qq1kOgkMHHiukKL3x3tfPi0fjbffCoaD
qEzq8Rq6xg9VCoz5XcPSE/nQ5MaR+Nj4qfnlDvFILf3vRJnJ0VFWsm2YSQU+Vxq3
jCQdZn5KomIzelzNqqwO1Dz1DTajh1D76DMWz52lA4UzGo1mdbkVuw0CK83ZY7n9
DPkL6M0OJsOmzB8BxnIsVNVwYBwms7eFSpFluYPkNOCNFXyp0ngyu5ZTmT/4eqsb
u0qKL+gIxgzhM85NvJlhqZqFp6aVlNZUcmdz6IOhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrN9rgcS1MTL3X7gQsgOuviHW1sUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM5ZjQyNzZjLTg1YWQtNGU3OS05ZWQ5LWE5M2JlZWZiYmMzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDpigwDQYJKoZIhvcNAQELBQADggEBAAnjeuNdV0N2v06g4/bLph3lsz30
HBGzYXItDXnYlorDiYK3nBN4Q4AUyRy5dknXg5RgcbgVXT2S1GJUeoykUFaSmFTf
LeVRXYIVQzoYXuWVs+DR67Aml0yazgB4JZveJAQ9/5lFlluSKrmt297hqKiO4U3R
NLS7dYWVUyz05K8oIOfRUsP/tVV51MZDQ9yteQjKASQIPaqewkUYx4lHTsXj011i
rdyIdOcrjaGgFmtjbcicOWKMDh1JaDw9aRqpreaesc6WnrSiJuIRRAmXTs92KbyR
brLZcSgSaRR8bzG2bWps6CrxTCrCIkzrE2Jxg0iIoiE1sfaTHLwTkgLfiE4=
-----END CERTIFICATE-----