Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/45a3265a-81bb-4292-a38b-10cdd04db824.roa
File:                     45a3265a-81bb-4292-a38b-10cdd04db824.roa (raw, json)
Hash identifier:          ow5yIwCzQzxLVntppihARBqccdBTjsvCwyXsgFQy320=
Subject key identifier:   8A:18:46:13:2C:F1:BD:CE:67:BF:6C:03:06:12:EB:4B:17:4B:05:16
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       64D3B864F752B7E48637253748D81771993B63A0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/45a3265a-81bb-4292-a38b-10cdd04db824.roa
Signing time:             Thu 25 Sep 2025 23:17:56 +0000
ROA not before:           Thu 25 Sep 2025 23:17:56 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.172.10.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:d3:b8:64:f7:52:b7:e4:86:37:25:37:48:d8:17:71:99:3b:63:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 23:17:56 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=fc79730d0a87b386b37df207937e7f45318f3bb4ce2060a099e5a6fc2ad2ee36, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:65:a3:62:c1:d0:41:91:83:45:df:10:d7:2d:
                    e2:bd:49:18:77:81:fd:33:ed:c7:2b:40:9e:eb:c3:
                    bf:b0:f5:73:67:c7:44:1a:1d:e0:5f:76:e7:a2:84:
                    3f:5d:32:84:a6:e6:a4:61:01:77:f9:e5:ce:8f:25:
                    b4:88:5f:64:b3:63:86:95:51:ff:c9:4d:da:eb:21:
                    6f:79:34:c5:1e:3e:a7:56:51:2c:fe:87:8d:00:bd:
                    39:55:b4:e6:f7:83:51:62:ff:0f:3d:ce:35:27:9c:
                    71:37:e8:7e:4b:bf:cb:a0:f3:8d:39:79:19:3c:b8:
                    f9:df:99:96:ea:18:fd:8d:0b:f9:f5:fc:c6:c9:84:
                    02:35:92:61:a9:96:fd:41:eb:4c:04:37:be:38:5e:
                    67:37:5a:08:15:8d:e3:42:d8:18:93:33:1c:f7:f8:
                    67:b2:d1:07:d3:5a:ce:68:e5:1d:10:62:47:a5:88:
                    72:5b:c0:1c:e2:a9:03:f1:f1:a3:7b:1f:8d:43:dc:
                    76:f1:a6:07:f4:56:c2:40:9d:51:a0:6f:3b:5b:20:
                    49:60:69:14:51:b7:f8:d2:d1:8e:f7:bb:92:b0:fd:
                    09:34:46:46:35:56:35:e3:5f:1b:a6:83:e2:f3:3d:
                    08:c5:54:ad:5c:09:71:cd:fe:44:65:82:7a:d3:67:
                    f1:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:18:46:13:2C:F1:BD:CE:67:BF:6C:03:06:12:EB:4B:17:4B:05:16
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/45a3265a-81bb-4292-a38b-10cdd04db824.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.172.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:4e:7a:9b:ec:b0:3a:db:fe:95:aa:27:c8:a7:41:0e:9e:39:
         dc:4b:b0:47:63:09:31:b1:5b:9f:b5:3a:8d:c4:5f:1e:72:c5:
         dd:a0:2c:f0:68:2e:dc:6a:7c:48:86:5a:21:0b:10:d5:6d:de:
         c6:5f:95:a8:86:e2:ae:af:0a:6a:24:95:e5:df:88:b4:2f:b6:
         df:83:0a:a0:c7:88:cb:8b:64:23:d6:f7:96:a1:0c:41:88:06:
         d5:cc:d0:21:03:f6:ef:9a:aa:63:d3:7f:00:b8:cf:f7:02:ee:
         20:89:44:de:bf:2d:20:fa:81:92:0a:44:8c:45:74:41:f3:f4:
         3e:b9:ab:c6:e2:4d:26:0e:67:ff:1d:de:7b:bf:4b:86:fb:22:
         fc:21:86:ee:6b:e3:a2:03:23:42:01:78:07:9f:5a:28:40:d5:
         4f:fd:21:be:37:ed:1f:e3:38:ec:81:09:be:4c:73:19:72:bf:
         45:97:71:d9:3a:0f:84:6d:5d:4a:da:97:71:c3:2e:a1:37:f0:
         43:c9:f7:05:1c:5a:3c:7b:ef:ad:37:ea:c4:08:ad:b7:8d:d8:
         3a:5e:96:fc:c8:5e:7d:a3:41:5e:9c:8e:cf:7c:4f:39:86:0d:
         ba:ab:4b:65:73:2b:46:bc:94:2c:7b:89:fa:6f:71:c4:6d:87:
         b6:ea:ae:b5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZNO4ZPdSt+SGNyU3SNgXcZk7Y6AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjMxNzU2WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYzc5NzMwZDBhODdiMzg2YjM3ZGYyMDc5MzdlN2Y0NTMx
OGYzYmI0Y2UyMDYwYTA5OWU1YTZmYzJhZDJlZTM2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDxZaNiwdBBkYNF3xDXLeK9SRh3gf0z7ccrQJ7rw7+w9XNn
x0QaHeBfdueihD9dMoSm5qRhAXf55c6PJbSIX2SzY4aVUf/JTdrrIW95NMUePqdW
USz+h40AvTlVtOb3g1Fi/w89zjUnnHE36H5Lv8ug8405eRk8uPnfmZbqGP2NC/n1
/MbJhAI1kmGplv1B60wEN744Xmc3WggVjeNC2BiTMxz3+Gey0QfTWs5o5R0QYkel
iHJbwBziqQPx8aN7H41D3Hbxpgf0VsJAnVGgbztbIElgaRRRt/jS0Y73u5Kw/Qk0
RkY1VjXjXxumg+LzPQjFVK1cCXHN/kRlgnrTZ/H3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUihhGEyzxvc5nv2wDBhLrSxdLBRYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ1YTMyNjVhLTgxYmItNDI5Mi1hMzhiLTEwY2RkMDRkYjgyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDrAowDQYJKoZIhvcNAQELBQADggEBABVOepvssDrb/pWqJ8inQQ6eOdxL
sEdjCTGxW5+1Oo3EXx5yxd2gLPBoLtxqfEiGWiELENVt3sZflaiG4q6vCmokleXf
iLQvtt+DCqDHiMuLZCPW95ahDEGIBtXM0CED9u+aqmPTfwC4z/cC7iCJRN6/LSD6
gZIKRIxFdEHz9D65q8biTSYOZ/8d3nu/S4b7Ivwhhu5r46IDI0IBeAefWihA1U/9
Ib437R/jOOyBCb5Mcxlyv0WXcdk6D4RtXUral3HDLqE38EPJ9wUcWjx776036sQI
rbeN2DpelvzIXn2jQV6cjs98TzmGDbqrS2VzK0a8lCx7ifpvccRth7bqrrU=
-----END CERTIFICATE-----