Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/466b21b7-af83-409f-bdcd-f6398e88e4d5.roa
File:                     466b21b7-af83-409f-bdcd-f6398e88e4d5.roa (raw, json)
Hash identifier:          axfry2C/AI986EmTZJatRcPnlgKIyd8G4FnjPhgdv7U=
Subject key identifier:   58:7E:59:A0:2D:0F:6D:A2:BF:08:A1:ED:B4:AB:6A:76:68:67:7D:D1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       282044CE1C35BD72480A836BEDBD817FE98F1DF9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/466b21b7-af83-409f-bdcd-f6398e88e4d5.roa
Signing time:             Thu 25 Sep 2025 22:24:29 +0000
ROA not before:           Thu 25 Sep 2025 22:24:29 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.166.178.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:20:44:ce:1c:35:bd:72:48:0a:83:6b:ed:bd:81:7f:e9:8f:1d:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 22:24:29 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=f3bc58d67bf0206b8bac7b4c97a578c3c2b1622f54e03ede22679733fecd28d3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ca:8a:63:83:a9:ad:5c:aa:3c:93:fc:41:52:
                    5f:74:bd:70:6f:c2:4a:f6:8f:8b:3b:00:8b:ab:f2:
                    91:89:2e:5d:bd:64:a5:db:d3:37:aa:fa:34:e6:4d:
                    98:b5:41:05:c9:31:5a:93:08:28:5c:91:10:01:3a:
                    b2:72:d3:bc:8e:bc:87:cb:0b:f9:94:34:f0:ed:f7:
                    c4:d7:59:7c:b3:cd:02:57:9b:cf:ed:38:04:33:20:
                    db:f4:64:44:33:4f:d1:9b:ae:d0:fd:bc:59:7a:d0:
                    40:66:ed:63:3c:ef:57:77:d7:d3:9c:07:64:f3:4f:
                    ba:28:f1:d9:46:96:02:f1:20:05:af:71:03:57:6d:
                    07:77:19:1d:59:e4:65:3e:33:19:08:c1:01:45:85:
                    55:8d:bf:7d:eb:91:f7:5a:06:38:b2:8b:4d:8d:10:
                    6c:c6:43:ba:91:28:ff:a7:cc:c3:94:6e:cc:4b:1d:
                    97:ef:c8:1a:a0:d9:00:27:ef:80:c4:3d:4a:ed:33:
                    d4:2a:f7:15:2b:73:9f:27:e7:a3:fd:0f:71:d7:42:
                    4d:6a:d5:19:39:89:b4:95:6c:9c:a8:f6:9c:2a:ef:
                    f5:40:9d:59:9a:77:a2:e0:27:15:1f:16:80:19:bc:
                    cd:54:5b:c9:8f:81:de:9f:5b:14:98:d7:c7:07:c4:
                    ad:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:7E:59:A0:2D:0F:6D:A2:BF:08:A1:ED:B4:AB:6A:76:68:67:7D:D1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/466b21b7-af83-409f-bdcd-f6398e88e4d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.166.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:c8:09:73:50:5a:2e:d1:33:7e:ba:bb:77:7a:f1:b6:4a:0c:
         21:45:3b:1d:ff:49:90:98:51:34:a4:84:ff:7b:08:de:09:c4:
         b8:51:d1:7a:ad:75:5e:bb:15:05:be:c7:6c:85:e2:4c:6a:67:
         88:f7:62:c2:27:12:39:37:a1:97:26:3d:3d:6b:82:7f:f3:d0:
         8e:e3:29:b1:93:25:2b:04:ad:0a:1b:eb:0f:48:c7:6c:8a:57:
         95:8a:80:89:8e:d2:f8:6b:9d:7e:9e:b9:a3:3a:74:e3:06:b9:
         21:9b:ca:05:04:f8:42:b3:99:5b:20:be:f3:5f:72:bc:c4:ad:
         ca:d5:f6:d2:12:fd:c5:75:02:93:d4:7a:38:75:d4:70:2e:19:
         3b:5e:b9:04:81:5b:68:17:91:65:8b:a1:1b:4c:d1:8a:5a:66:
         ba:fc:0f:6b:42:04:51:9b:fb:98:8a:fe:21:77:0d:c2:bd:00:
         48:94:bd:a5:97:63:7f:27:3b:64:e4:f9:66:81:2f:50:40:52:
         66:e6:19:93:a1:76:56:ec:0a:d2:df:2b:75:a3:03:01:0b:3c:
         b9:f6:66:86:79:c2:a9:03:05:f6:37:96:2f:04:c4:61:c3:89:
         df:ed:87:f0:b4:db:76:2c:ba:f9:16:37:48:78:e0:bf:61:a7:
         94:4f:88:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKCBEzhw1vXJICoNr7b2Bf+mPHfkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjIyNDI5WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmM2JjNThkNjdiZjAyMDZiOGJhYzdiNGM5N2E1NzhjM2My
YjE2MjJmNTRlMDNlZGUyMjY3OTczM2ZlY2QyOGQzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOyopjg6mtXKo8k/xBUl90vXBvwkr2j4s7AIur8pGJLl29
ZKXb0zeq+jTmTZi1QQXJMVqTCChckRABOrJy07yOvIfLC/mUNPDt98TXWXyzzQJX
m8/tOAQzINv0ZEQzT9GbrtD9vFl60EBm7WM871d319OcB2TzT7oo8dlGlgLxIAWv
cQNXbQd3GR1Z5GU+MxkIwQFFhVWNv33rkfdaBjiyi02NEGzGQ7qRKP+nzMOUbsxL
HZfvyBqg2QAn74DEPUrtM9Qq9xUrc58n56P9D3HXQk1q1Rk5ibSVbJyo9pwq7/VA
nVmad6LgJxUfFoAZvM1UW8mPgd6fWxSY18cHxK1rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWH5ZoC0PbaK/CKHttKtqdmhnfdEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ2NmIyMWI3LWFmODMtNDA5Zi1iZGNkLWY2Mzk4ZTg4ZTRkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDprIwDQYJKoZIhvcNAQELBQADggEBAE3ICXNQWi7RM366u3d68bZKDCFF
Ox3/SZCYUTSkhP97CN4JxLhR0XqtdV67FQW+x2yF4kxqZ4j3YsInEjk3oZcmPT1r
gn/z0I7jKbGTJSsErQob6w9Ix2yKV5WKgImO0vhrnX6euaM6dOMGuSGbygUE+EKz
mVsgvvNfcrzErcrV9tIS/cV1ApPUejh11HAuGTteuQSBW2gXkWWLoRtM0YpaZrr8
D2tCBFGb+5iK/iF3DcK9AEiUvaWXY38nO2Tk+WaBL1BAUmbmGZOhdlbsCtLfK3Wj
AwELPLn2ZoZ5wqkDBfY3li8ExGHDid/th/C023YsuvkWN0h44L9hp5RPiK4=
-----END CERTIFICATE-----