Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/478cbffe-e511-458c-a8b8-9a519bb19df5.roa
File:                     478cbffe-e511-458c-a8b8-9a519bb19df5.roa (raw, json)
Hash identifier:          Eup7qrnVtRosOotwAlqtABTSjxXJmotMdHQZYZs7s9M=
Subject key identifier:   23:0A:1A:61:39:8F:C8:7A:09:00:90:D9:96:BC:BC:CD:4E:E4:9E:DB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       72756948EB4592D051A6E3F039D150CC5DB28026
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/478cbffe-e511-458c-a8b8-9a519bb19df5.roa
Signing time:             Thu 25 Sep 2025 23:02:17 +0000
ROA not before:           Thu 25 Sep 2025 23:02:17 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.170.176.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:75:69:48:eb:45:92:d0:51:a6:e3:f0:39:d1:50:cc:5d:b2:80:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 23:02:17 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=f5a5b634289f319987617144c23616cb811ee733c63413693092187e8b2b609b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:27:4e:8f:79:23:71:de:b0:b1:6f:a6:97:d0:
                    15:d2:a8:28:c8:31:0c:2b:53:48:55:39:f9:a8:87:
                    07:d6:d3:ea:7c:47:e8:20:45:6d:ef:3f:bf:65:37:
                    11:b3:a5:ee:f8:e9:28:a9:67:22:cb:1d:64:3b:54:
                    89:a0:c9:61:b9:73:bd:d6:8e:47:89:f8:a6:0a:bd:
                    6a:69:95:17:55:ad:1e:35:a0:64:27:40:21:42:30:
                    cb:97:ba:2a:6a:f6:f3:20:85:dc:1e:eb:a4:69:16:
                    cb:bf:6c:31:e9:83:1c:36:ec:8f:71:e7:f3:a9:fe:
                    e9:d1:c9:d6:76:d3:00:ef:4f:2e:ba:fd:63:4e:9b:
                    32:b4:78:9f:15:8f:4d:70:8c:54:1a:15:67:b2:fa:
                    74:6a:f3:f3:c0:33:24:8c:40:6b:94:de:21:99:08:
                    01:66:0e:a6:6e:37:49:eb:af:ab:25:ed:4b:09:fc:
                    cc:dd:53:c9:68:d6:bf:96:38:15:f2:58:09:fd:db:
                    ef:5c:b3:3e:b6:66:50:0b:c1:f1:7b:af:b0:b4:63:
                    4a:e0:48:fb:9a:8b:3e:9e:65:99:56:73:7f:3b:e2:
                    ad:8d:11:6b:df:45:27:fd:25:ed:8e:bc:40:73:f3:
                    1f:46:3b:b6:3d:cc:f6:96:38:79:d0:69:50:67:ca:
                    9b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:0A:1A:61:39:8F:C8:7A:09:00:90:D9:96:BC:BC:CD:4E:E4:9E:DB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/478cbffe-e511-458c-a8b8-9a519bb19df5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.170.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:94:f7:e2:66:fb:d4:39:9a:43:e6:99:34:57:01:e8:9a:97:
         64:1c:d4:a7:a8:75:e9:d7:6e:1f:fa:8c:0a:40:06:01:32:61:
         a6:eb:3f:80:7d:4a:e2:e6:85:f4:bf:c1:24:2f:e1:43:15:03:
         bc:02:d6:87:47:f8:17:d0:84:2a:5b:9d:32:85:f3:06:c5:56:
         18:fe:a0:a5:29:ae:3c:f2:2a:75:ef:91:86:51:0e:f3:5a:ac:
         6f:3a:b0:33:f1:e6:0b:2d:a9:63:4f:a6:27:da:cc:ba:b0:99:
         ca:1b:ea:6e:bf:10:c7:c3:b5:a9:42:e3:3a:1c:66:92:75:c9:
         60:da:f5:a9:cd:d1:88:de:47:5f:0d:8c:29:8d:7f:73:cd:36:
         f6:ab:fb:cd:7a:35:b5:b2:d2:a3:06:c4:c7:f8:1b:1c:e9:f1:
         73:6a:5d:b0:ce:73:82:a5:b1:b0:93:76:f5:87:07:f1:69:9c:
         e3:a1:60:6a:5e:8f:84:ca:15:16:0e:d2:0f:4c:3e:fc:f6:19:
         0d:e5:f3:d8:15:fd:e4:7d:20:fe:37:95:5c:42:f0:ae:ed:1e:
         d3:e2:0c:79:35:63:09:9d:d1:59:6f:34:7c:ba:c2:13:1b:e7:
         cb:10:8c:fa:5b:f9:9c:6c:2f:ac:c5:77:45:9c:e6:31:c5:4d:
         b2:7a:3b:e0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcnVpSOtFktBRpuPwOdFQzF2ygCYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjMwMjE3WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNWE1YjYzNDI4OWYzMTk5ODc2MTcxNDRjMjM2MTZjYjgx
MWVlNzMzYzYzNDEzNjkzMDkyMTg3ZThiMmI2MDliMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDJ06PeSNx3rCxb6aX0BXSqCjIMQwrU0hVOfmohwfW0+p8
R+ggRW3vP79lNxGzpe746SipZyLLHWQ7VImgyWG5c73WjkeJ+KYKvWpplRdVrR41
oGQnQCFCMMuXuipq9vMghdwe66RpFsu/bDHpgxw27I9x5/Op/unRydZ20wDvTy66
/WNOmzK0eJ8Vj01wjFQaFWey+nRq8/PAMySMQGuU3iGZCAFmDqZuN0nrr6sl7UsJ
/MzdU8lo1r+WOBXyWAn92+9csz62ZlALwfF7r7C0Y0rgSPuaiz6eZZlWc3874q2N
EWvfRSf9Je2OvEBz8x9GO7Y9zPaWOHnQaVBnypsbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIwoaYTmPyHoJAJDZlry8zU7kntswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ3OGNiZmZlLWU1MTEtNDU4Yy1hOGI4LTlhNTE5YmIxOWRmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDqrAwDQYJKoZIhvcNAQELBQADggEBAG6U9+Jm+9Q5mkPmmTRXAeial2Qc
1KeodenXbh/6jApABgEyYabrP4B9SuLmhfS/wSQv4UMVA7wC1odH+BfQhCpbnTKF
8wbFVhj+oKUprjzyKnXvkYZRDvNarG86sDPx5gstqWNPpifazLqwmcob6m6/EMfD
talC4zocZpJ1yWDa9anN0YjeR18NjCmNf3PNNvar+816NbWy0qMGxMf4Gxzp8XNq
XbDOc4KlsbCTdvWHB/FpnOOhYGpej4TKFRYO0g9MPvz2GQ3l89gV/eR9IP43lVxC
8K7tHtPiDHk1Ywmd0VlvNHy6whMb58sQjPpb+ZxsL6zFd0Wc5jHFTbJ6O+A=
-----END CERTIFICATE-----