Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/47cfd1f6-66a6-486b-8b73-19783959bacf.roa
File:                     47cfd1f6-66a6-486b-8b73-19783959bacf.roa (raw, json)
Hash identifier:          rXMdBH/EP9mh3VhoBqP0x1iQCYSQPgN+TujVjYrs7zw=
Subject key identifier:   5A:C6:20:F7:1B:1A:8E:DF:70:E8:C7:80:72:97:A1:8A:24:AF:63:7C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4D0AE472F820DDC8F455A98E81E11C01AC7DA598
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/47cfd1f6-66a6-486b-8b73-19783959bacf.roa
Signing time:             Fri 26 Sep 2025 00:24:47 +0000
ROA not before:           Fri 26 Sep 2025 00:24:47 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.166.76.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:0a:e4:72:f8:20:dd:c8:f4:55:a9:8e:81:e1:1c:01:ac:7d:a5:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:24:47 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=97120867a87339e44d29718229dab1f3fc8fa8aea01aeccabc35d1675bc32e24, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:94:fc:96:81:c5:c1:32:55:55:fb:2b:5f:94:
                    24:6c:88:19:c2:e6:c5:e5:0c:09:df:37:d4:82:6d:
                    d6:b8:b3:cb:39:9e:17:e2:fa:03:dd:b4:ea:e6:8b:
                    d6:02:90:21:ca:ee:ce:cf:9f:bc:f1:f0:99:eb:2e:
                    5c:b3:d5:32:bf:ef:d1:c5:0a:f3:ab:bc:46:47:37:
                    a3:52:92:cf:82:e0:d8:6a:b7:20:c1:dc:15:d4:3e:
                    f8:c3:4f:49:a0:88:81:c8:c1:b2:9a:b8:f6:9f:bb:
                    9e:26:df:9d:74:79:6d:42:e4:73:a3:e1:da:4b:8d:
                    26:92:6d:63:4b:fc:7b:11:6f:42:db:2b:f2:39:43:
                    11:a4:0b:ea:14:5a:6e:a1:bf:06:9a:90:03:69:c0:
                    ec:59:43:6f:68:a8:9e:a2:5a:bf:93:1f:82:a5:2b:
                    98:84:dd:fd:bc:6e:12:a4:b2:ce:ad:ef:35:15:22:
                    0e:4d:a9:56:e6:cb:cc:31:e9:33:84:cf:8f:24:26:
                    ce:cd:5f:76:a5:f2:dd:19:aa:52:d4:d2:a1:ff:34:
                    04:bf:a9:4c:3a:93:7f:9e:e0:f6:bc:b4:18:52:49:
                    a4:ac:e2:15:7a:33:c6:67:45:2b:dd:90:49:d8:9e:
                    24:cb:e5:97:3d:23:aa:02:26:e8:0e:01:57:82:5d:
                    87:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:C6:20:F7:1B:1A:8E:DF:70:E8:C7:80:72:97:A1:8A:24:AF:63:7C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/47cfd1f6-66a6-486b-8b73-19783959bacf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.166.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:82:f6:f7:d2:99:eb:7e:3a:3f:22:7f:1b:c6:d7:83:60:75:
         1c:98:1a:9d:05:0f:5e:f7:ff:6c:3d:75:90:0e:3b:88:55:7e:
         6d:67:b9:d7:4e:28:f3:82:67:51:2e:b2:0e:b9:d3:b8:83:65:
         e6:69:90:66:75:1b:f9:03:7a:9f:0f:fa:f0:d3:ba:88:93:cf:
         32:b2:2e:56:df:86:5b:72:25:8e:51:ae:ed:94:a4:8a:ff:78:
         56:d0:b6:8c:2b:ce:1e:5f:38:98:25:61:9b:77:ac:7f:fb:96:
         bf:90:8c:85:03:ba:d4:56:d2:e7:57:d8:2b:58:f1:5f:da:99:
         18:08:f2:4a:e8:7f:9f:88:90:0a:fa:ea:b1:7b:d7:82:22:c4:
         dd:92:c2:fa:9b:32:44:c6:64:9f:b2:5f:aa:2d:67:65:98:85:
         a8:ef:27:77:4e:67:d1:39:b5:d6:79:37:0e:79:12:8c:c0:ef:
         00:73:38:8a:7c:4a:a0:82:f1:fd:42:aa:d2:3f:c8:e7:3b:ae:
         a4:db:e7:e9:0f:65:9f:d2:ba:9a:fb:d0:b2:66:ad:11:1c:3c:
         21:82:55:eb:97:3c:af:54:aa:92:e8:4c:ca:67:00:38:be:43:
         c1:c7:19:58:bd:52:4b:10:4e:49:b4:18:4b:26:5f:36:54:1d:
         99:22:6e:41
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTQrkcvgg3cj0VamOgeEcAax9pZgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAyNDQ3WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NzEyMDg2N2E4NzMzOWU0NGQyOTcxODIyOWRhYjFmM2Zj
OGZhOGFlYTAxYWVjY2FiYzM1ZDE2NzViYzMyZTI0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHlPyWgcXBMlVV+ytflCRsiBnC5sXlDAnfN9SCbda4s8s5
nhfi+gPdtOrmi9YCkCHK7s7Pn7zx8JnrLlyz1TK/79HFCvOrvEZHN6NSks+C4Nhq
tyDB3BXUPvjDT0mgiIHIwbKauPafu54m3510eW1C5HOj4dpLjSaSbWNL/HsRb0Lb
K/I5QxGkC+oUWm6hvwaakANpwOxZQ29oqJ6iWr+TH4KlK5iE3f28bhKkss6t7zUV
Ig5NqVbmy8wx6TOEz48kJs7NX3al8t0ZqlLU0qH/NAS/qUw6k3+e4Pa8tBhSSaSs
4hV6M8ZnRSvdkEnYniTL5Zc9I6oCJugOAVeCXYeFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWsYg9xsajt9w6MeAcpehiiSvY3wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ3Y2ZkMWY2LTY2YTYtNDg2Yi04YjczLTE5NzgzOTU5YmFjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDpkwwDQYJKoZIhvcNAQELBQADggEBADKC9vfSmet+Oj8ifxvG14NgdRyY
Gp0FD173/2w9dZAOO4hVfm1nuddOKPOCZ1Eusg6507iDZeZpkGZ1G/kDep8P+vDT
uoiTzzKyLlbfhltyJY5Rru2UpIr/eFbQtowrzh5fOJglYZt3rH/7lr+QjIUDutRW
0udX2CtY8V/amRgI8krof5+IkAr66rF714IixN2SwvqbMkTGZJ+yX6otZ2WYhajv
J3dOZ9E5tdZ5Nw55EozA7wBzOIp8SqCC8f1CqtI/yOc7rqTb5+kPZZ/Supr70LJm
rREcPCGCVeuXPK9UqpLoTMpnADi+Q8HHGVi9UksQTkm0GEsmXzZUHZkibkE=
-----END CERTIFICATE-----