Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/49fab3b0-e96e-4c96-a0e6-43d3c7d35564.roa
File:                     49fab3b0-e96e-4c96-a0e6-43d3c7d35564.roa (raw, json)
Hash identifier:          7LQm4BdeK9iXwYDudJ53uyZghbAdXirViuCNMqboCug=
Subject key identifier:   64:67:49:90:A8:5E:81:C6:B1:BE:3A:B0:43:96:A9:77:DD:FA:CB:A9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       31D50B854BE388D4713B9CDD2702166E5FAF8024
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/49fab3b0-e96e-4c96-a0e6-43d3c7d35564.roa
Signing time:             Fri 26 Sep 2025 00:02:52 +0000
ROA not before:           Fri 26 Sep 2025 00:02:52 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.162.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:d5:0b:85:4b:e3:88:d4:71:3b:9c:dd:27:02:16:6e:5f:af:80:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:02:52 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=e69a3d7e6df81e290912b085ed910286730f5c0813e0bc79064fa3626d1ac02b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4e:da:fa:52:45:42:69:ce:3c:63:5e:3b:df:
                    3f:ee:9e:f8:c8:8e:3a:02:45:03:63:81:3e:9d:38:
                    38:0c:e0:b5:6a:71:21:eb:3a:ba:b9:85:fc:63:91:
                    ab:37:8a:7d:25:7b:56:cc:c4:69:e1:91:fc:ea:6e:
                    8d:c6:45:31:a4:d1:c8:c8:20:21:ca:98:2c:f0:44:
                    31:bb:81:0a:90:ee:bf:f5:98:58:32:8d:4e:2a:bc:
                    1c:8c:64:c1:c6:77:c2:65:a0:9a:a0:da:ff:80:38:
                    fb:6d:f2:1c:bc:5c:6e:5f:fd:bd:52:3b:da:c5:cf:
                    fa:26:89:76:b0:3a:ec:1e:13:b3:83:10:2f:3e:3e:
                    f6:02:aa:d7:a5:d8:55:72:d7:20:f2:4f:4a:a5:b8:
                    89:7e:fc:12:fb:d3:7c:c9:10:95:cb:df:0a:15:cf:
                    7e:fe:80:eb:92:67:17:b9:d2:df:b7:b7:97:aa:91:
                    3b:dd:3f:57:27:33:87:1d:b7:f9:fe:0a:8b:87:3a:
                    db:ec:37:2e:2f:59:3c:b0:1f:92:c4:de:ad:fa:59:
                    8b:b6:39:97:fb:5f:ff:74:ee:68:0a:2f:f8:ff:a8:
                    65:21:86:ba:b0:1f:25:78:4e:f9:f0:94:15:13:57:
                    f4:9b:a1:44:81:fe:60:91:c0:78:c7:0e:f4:29:45:
                    8e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:67:49:90:A8:5E:81:C6:B1:BE:3A:B0:43:96:A9:77:DD:FA:CB:A9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/49fab3b0-e96e-4c96-a0e6-43d3c7d35564.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.162.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:5e:90:f9:2e:31:75:4f:70:10:3d:48:24:43:da:3e:ab:6c:
         96:90:78:66:5d:66:d1:40:08:55:67:40:f4:6a:05:c0:ae:91:
         9b:2c:05:11:0b:d4:ae:06:29:58:43:55:54:d8:66:c0:db:28:
         f1:54:06:86:34:c3:f7:bf:fe:1b:f1:49:f1:80:9a:8b:1e:c8:
         a0:72:5e:1b:92:29:71:2b:3a:b5:18:4e:96:1f:f0:73:0b:4b:
         e3:11:34:0b:93:69:45:04:f8:79:23:f1:ee:b9:c9:79:51:ed:
         69:29:ca:96:da:ad:d9:05:10:fe:87:34:94:35:cd:4e:a1:86:
         61:96:ec:7e:52:29:e6:b6:0d:7a:46:59:20:3a:39:de:51:03:
         ba:37:f5:61:d8:27:85:90:42:b1:fd:bc:db:df:b5:cf:62:95:
         26:17:a8:5a:09:83:1e:92:92:93:bc:6a:d6:6e:bd:19:be:5c:
         b0:4f:b2:cc:b2:dd:df:fd:51:81:b9:eb:ee:ed:42:7f:27:85:
         e7:72:7f:ca:0f:b6:0d:b6:e7:27:3b:38:29:0d:65:99:bd:25:
         ab:58:78:cc:ec:17:b7:a2:9a:de:ac:64:e6:34:41:bc:33:61:
         e3:48:20:8f:7d:20:5b:31:40:31:8b:89:ce:c6:f3:a8:dc:b7:
         1e:cd:8e:d0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMdULhUvjiNRxO5zdJwIWbl+vgCQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAwMjUyWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNjlhM2Q3ZTZkZjgxZTI5MDkxMmIwODVlZDkxMDI4Njcz
MGY1YzA4MTNlMGJjNzkwNjRmYTM2MjZkMWFjMDJiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDETtr6UkVCac48Y1473z/unvjIjjoCRQNjgT6dODgM4LVq
cSHrOrq5hfxjkas3in0le1bMxGnhkfzqbo3GRTGk0cjIICHKmCzwRDG7gQqQ7r/1
mFgyjU4qvByMZMHGd8JloJqg2v+AOPtt8hy8XG5f/b1SO9rFz/omiXawOuweE7OD
EC8+PvYCqtel2FVy1yDyT0qluIl+/BL703zJEJXL3woVz37+gOuSZxe50t+3t5eq
kTvdP1cnM4cdt/n+CouHOtvsNy4vWTywH5LE3q36WYu2OZf7X/907mgKL/j/qGUh
hrqwHyV4TvnwlBUTV/SboUSB/mCRwHjHDvQpRY7HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZGdJkKhegcaxvjqwQ5apd936y6kwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ5ZmFiM2IwLWU5NmUtNGM5Ni1hMGU2LTQzZDNjN2QzNTU2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDohQwDQYJKoZIhvcNAQELBQADggEBAJhekPkuMXVPcBA9SCRD2j6rbJaQ
eGZdZtFACFVnQPRqBcCukZssBREL1K4GKVhDVVTYZsDbKPFUBoY0w/e//hvxSfGA
moseyKByXhuSKXErOrUYTpYf8HMLS+MRNAuTaUUE+Hkj8e65yXlR7WkpypbardkF
EP6HNJQ1zU6hhmGW7H5SKea2DXpGWSA6Od5RA7o39WHYJ4WQQrH9vNvftc9ilSYX
qFoJgx6SkpO8atZuvRm+XLBPssyy3d/9UYG56+7tQn8nhedyf8oPtg225yc7OCkN
ZZm9JatYeMzsF7eimt6sZOY0QbwzYeNIII99IFsxQDGLic7G86jctx7NjtA=
-----END CERTIFICATE-----