Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/455a07ad-22d6-4cdb-b439-46557e43f06f.roa
File:                     455a07ad-22d6-4cdb-b439-46557e43f06f.roa (raw, json)
Hash identifier:          0zJKWOQVsmG97zJiBoF8Y+buyW++n+IATfeJ8e7i8pM=
Subject key identifier:   CE:98:C7:75:AB:28:8B:8D:85:3F:10:2D:AC:76:BA:09:21:F6:DF:0A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       638AB964E3C1FAF5F0651D00F829ABEF2E63F307
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/455a07ad-22d6-4cdb-b439-46557e43f06f.roa
Signing time:             Thu 25 Sep 2025 23:39:37 +0000
ROA not before:           Thu 25 Sep 2025 23:39:37 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.174.24.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:8a:b9:64:e3:c1:fa:f5:f0:65:1d:00:f8:29:ab:ef:2e:63:f3:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 23:39:37 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=3cc1cdce3cec04a7bc14ed9261eb2c1f3fef6bd30a678f998d1c724c4985359b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b1:61:59:dc:56:49:91:d5:5c:09:0d:5b:04:
                    09:ca:6a:ef:95:3b:5c:bb:4b:6b:59:47:87:59:86:
                    0a:af:74:5d:4a:b6:91:f8:d0:1a:66:65:81:f4:1a:
                    7b:dd:fa:1f:95:7f:1a:94:94:ca:8a:77:57:0a:75:
                    8d:a7:15:4a:bc:a3:20:c0:29:01:f7:19:01:b9:3e:
                    ad:b5:bd:3e:f6:58:26:1a:8e:f4:36:68:dc:dc:fc:
                    29:45:fe:87:e2:11:3c:be:5b:04:7e:ae:c8:85:f6:
                    1c:83:e1:7a:b3:79:b1:d5:57:99:43:af:9f:da:f2:
                    1c:78:98:d3:11:9a:92:cf:38:da:6f:da:a3:45:b2:
                    a1:3f:bc:84:17:ba:dc:9a:c9:9c:f6:15:64:71:ca:
                    a6:51:d3:30:a8:9b:a3:07:d8:a2:43:1f:ce:2e:ad:
                    bb:0f:d1:4b:01:44:c8:d4:67:4c:73:b0:bc:a3:90:
                    df:9c:bb:b9:04:33:64:0d:df:e7:bf:90:e7:57:f8:
                    ed:1f:f5:cf:04:5c:be:c0:7b:4a:6c:76:ff:dd:bd:
                    47:64:57:0f:84:89:f1:e1:f1:78:30:e9:79:2b:6b:
                    1b:2c:51:41:99:f2:61:8d:0f:0e:a5:77:3f:85:08:
                    e9:7b:5e:5f:1b:65:d7:b3:b8:87:df:20:bc:24:85:
                    6f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:98:C7:75:AB:28:8B:8D:85:3F:10:2D:AC:76:BA:09:21:F6:DF:0A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/455a07ad-22d6-4cdb-b439-46557e43f06f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.174.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:20:f0:63:0e:0c:50:93:3b:90:57:68:14:99:3d:0e:5e:35:
         8c:0b:b7:c0:d0:1c:d8:f0:50:c4:63:53:4c:86:6a:fb:be:48:
         2e:c6:76:38:d3:40:79:09:f3:81:45:3b:ca:47:bc:8d:02:40:
         52:65:24:57:15:fb:30:aa:16:fc:fc:42:af:29:3c:9d:f9:3f:
         25:8d:3d:1f:a4:37:a5:e3:52:a4:07:1f:86:81:ec:20:67:01:
         4b:61:19:b2:82:c8:7c:27:a0:d1:64:f7:38:b9:be:3c:81:55:
         60:eb:f5:ab:03:ad:87:2b:a9:38:12:c3:6c:9d:ae:6e:d4:0f:
         9e:b7:39:19:8d:e9:2d:20:c0:c4:f8:47:47:6f:b4:f2:93:e6:
         10:09:53:3a:56:51:e3:01:a1:d1:42:dd:07:1a:53:71:c9:c1:
         d4:45:a3:09:ed:74:93:94:90:ca:94:01:67:c7:92:f1:80:73:
         c3:d0:60:f7:9e:c8:f7:7e:ef:d4:f5:46:50:d3:eb:93:ef:b7:
         d2:b9:ff:fb:cc:6b:85:59:00:19:a9:26:e2:54:95:4c:bc:6a:
         e9:c7:d7:a0:46:5f:de:c8:62:1b:3a:8f:a7:b5:ad:5d:7a:98:
         6d:24:fe:31:39:71:70:f3:f4:b1:89:1d:a5:72:73:89:f3:73:
         52:52:a1:0f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY4q5ZOPB+vXwZR0A+Cmr7y5j8wcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjMzOTM3WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzY2MxY2RjZTNjZWMwNGE3YmMxNGVkOTI2MWViMmMxZjNm
ZWY2YmQzMGE2NzhmOTk4ZDFjNzI0YzQ5ODUzNTliMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClsWFZ3FZJkdVcCQ1bBAnKau+VO1y7S2tZR4dZhgqvdF1K
tpH40BpmZYH0Gnvd+h+VfxqUlMqKd1cKdY2nFUq8oyDAKQH3GQG5Pq21vT72WCYa
jvQ2aNzc/ClF/ofiETy+WwR+rsiF9hyD4XqzebHVV5lDr5/a8hx4mNMRmpLPONpv
2qNFsqE/vIQXutyayZz2FWRxyqZR0zCom6MH2KJDH84urbsP0UsBRMjUZ0xzsLyj
kN+cu7kEM2QN3+e/kOdX+O0f9c8EXL7Ae0psdv/dvUdkVw+EifHh8Xgw6Xkraxss
UUGZ8mGNDw6ldz+FCOl7Xl8bZdezuIffILwkhW9hAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzpjHdasoi42FPxAtrHa6CSH23wowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ1NWEwN2FkLTIyZDYtNGNkYi1iNDM5LTQ2NTU3ZTQzZjA2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDrhgwDQYJKoZIhvcNAQELBQADggEBABwg8GMODFCTO5BXaBSZPQ5eNYwL
t8DQHNjwUMRjU0yGavu+SC7GdjjTQHkJ84FFO8pHvI0CQFJlJFcV+zCqFvz8Qq8p
PJ35PyWNPR+kN6XjUqQHH4aB7CBnAUthGbKCyHwnoNFk9zi5vjyBVWDr9asDrYcr
qTgSw2ydrm7UD563ORmN6S0gwMT4R0dvtPKT5hAJUzpWUeMBodFC3QcaU3HJwdRF
owntdJOUkMqUAWfHkvGAc8PQYPeeyPd+79T1RlDT65Pvt9K5//vMa4VZABmpJuJU
lUy8aunH16BGX97IYhs6j6e1rV16mG0k/jE5cXDz9LGJHaVyc4nzc1JSoQ8=
-----END CERTIFICATE-----