Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3d9f6850-ea24-4765-9602-5905c8ae5b41.roa
File:                     3d9f6850-ea24-4765-9602-5905c8ae5b41.roa (raw, json)
Hash identifier:          4vcpBpMZMFsdm7n+0iMZ4IobNIySIeNNzAJ4eD6a1u4=
Subject key identifier:   42:84:27:00:53:9B:4C:A7:45:EF:61:AF:99:BB:4E:00:DB:6A:C5:98
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       62E62BC24FDEBDDB49DC3EB72B85439CBC33AABE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3d9f6850-ea24-4765-9602-5905c8ae5b41.roa
Signing time:             Fri 26 Sep 2025 02:02:12 +0000
ROA not before:           Fri 26 Sep 2025 02:02:12 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.163.192.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:e6:2b:c2:4f:de:bd:db:49:dc:3e:b7:2b:85:43:9c:bc:33:aa:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 02:02:12 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=ea13de6dfd381708fd5a4de4a1d542b8e01968b0b93702439f51d3f6a5d65b9e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:77:d3:4e:18:76:dd:4e:10:32:4e:95:5d:f1:
                    e1:84:02:a8:36:6b:19:36:b6:e1:14:07:8b:50:bd:
                    99:73:42:cd:6e:76:76:0b:94:36:1b:37:e9:9c:34:
                    9e:d2:72:44:53:3a:0a:df:ad:7a:72:28:2c:04:2e:
                    49:74:8b:d3:4a:51:e9:6f:35:38:1a:58:56:44:15:
                    7c:24:8b:3d:3c:65:92:77:05:77:ff:37:7c:4f:53:
                    1f:da:7d:83:62:2b:0e:0c:38:b0:59:79:b8:be:87:
                    e3:5b:c1:9d:ea:3d:3b:2d:84:01:b6:51:ad:bf:01:
                    04:c2:6f:76:74:bb:7f:12:42:f2:55:84:06:47:b9:
                    b4:29:fc:a2:a4:da:88:3f:f5:19:2a:9c:d2:86:d6:
                    fe:96:57:a6:7a:11:6c:6a:8d:22:8f:8a:2b:3f:27:
                    a4:c8:63:62:3d:ea:c2:da:95:e3:e0:17:45:64:62:
                    c7:0d:48:86:27:bc:d6:a3:91:80:a3:c3:20:2d:a1:
                    ff:b1:ee:00:f8:12:e1:ca:6a:75:87:72:0f:ac:80:
                    c9:42:e7:43:bd:70:7e:b8:04:c4:03:2b:14:2c:4b:
                    a0:d4:c0:0d:88:dc:db:21:73:a7:7e:72:74:47:32:
                    28:aa:55:e0:66:05:39:b4:4a:9c:e4:25:81:06:4c:
                    6c:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:84:27:00:53:9B:4C:A7:45:EF:61:AF:99:BB:4E:00:DB:6A:C5:98
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3d9f6850-ea24-4765-9602-5905c8ae5b41.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.163.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         89:68:fd:8d:38:4b:ef:9b:5d:c5:fa:2a:2e:fd:d7:73:e5:b7:
         2c:f3:b1:0e:aa:75:4a:eb:7a:10:2c:16:0f:82:bd:19:ca:bb:
         f5:85:09:f0:04:aa:a9:00:8c:9b:9e:e5:6a:3a:88:a1:c5:ca:
         a3:42:43:06:1a:44:f7:3c:9c:1e:65:37:84:71:7f:85:05:81:
         d9:f2:71:aa:0a:23:84:85:55:71:78:74:e5:98:84:75:20:a8:
         09:16:a0:ad:1c:ee:79:b0:5a:e4:5a:11:14:ab:ee:42:df:1a:
         55:07:dc:12:83:15:cd:5e:2f:19:d2:95:e4:4f:08:67:49:6a:
         9d:8d:3d:db:3d:c0:db:2d:7e:35:42:a7:9b:48:3e:a4:41:63:
         49:f7:c0:27:64:89:f9:b7:20:40:00:ac:a4:c6:bc:e0:93:f9:
         c0:49:03:c7:8a:5a:e8:03:02:bd:60:57:42:26:ca:c1:b5:f2:
         3d:31:ce:36:63:e4:fa:e7:29:78:00:13:d3:5c:55:c7:4e:37:
         a4:b9:63:d8:db:5f:1e:fc:1d:e0:91:b7:ac:c3:09:6f:c8:26:
         d5:49:aa:60:87:7c:91:74:11:1d:e9:34:dd:65:80:91:e5:45:
         4c:94:75:9c:56:9c:ee:c0:ab:1f:75:0a:6a:40:31:21:22:ff:
         f6:b5:9b:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYuYrwk/evdtJ3D63K4VDnLwzqr4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDIwMjEyWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTEzZGU2ZGZkMzgxNzA4ZmQ1YTRkZTRhMWQ1NDJiOGUw
MTk2OGIwYjkzNzAyNDM5ZjUxZDNmNmE1ZDY1YjllMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdd9NOGHbdThAyTpVd8eGEAqg2axk2tuEUB4tQvZlzQs1u
dnYLlDYbN+mcNJ7SckRTOgrfrXpyKCwELkl0i9NKUelvNTgaWFZEFXwkiz08ZZJ3
BXf/N3xPUx/afYNiKw4MOLBZebi+h+NbwZ3qPTsthAG2Ua2/AQTCb3Z0u38SQvJV
hAZHubQp/KKk2og/9RkqnNKG1v6WV6Z6EWxqjSKPiis/J6TIY2I96sLalePgF0Vk
YscNSIYnvNajkYCjwyAtof+x7gD4EuHKanWHcg+sgMlC50O9cH64BMQDKxQsS6DU
wA2I3Nshc6d+cnRHMiiqVeBmBTm0SpzkJYEGTGxzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQoQnAFObTKdF72GvmbtOANtqxZgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNkOWY2ODUwLWVhMjQtNDc2NS05NjAyLTU5MDVjOGFlNWI0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUDo8AwDQYJKoZIhvcNAQELBQADggEBAIlo/Y04S++bXcX6Ki7913Pltyzz
sQ6qdUrrehAsFg+CvRnKu/WFCfAEqqkAjJue5Wo6iKHFyqNCQwYaRPc8nB5lN4Rx
f4UFgdnycaoKI4SFVXF4dOWYhHUgqAkWoK0c7nmwWuRaERSr7kLfGlUH3BKDFc1e
LxnSleRPCGdJap2NPds9wNstfjVCp5tIPqRBY0n3wCdkifm3IEAArKTGvOCT+cBJ
A8eKWugDAr1gV0ImysG18j0xzjZj5PrnKXgAE9NcVcdON6S5Y9jbXx78HeCRt6zD
CW/IJtVJqmCHfJF0ER3pNN1lgJHlRUyUdZxWnO7Aqx91CmpAMSEi//a1m2o=
-----END CERTIFICATE-----