Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a3b404b-2dca-4671-afd8-5cc3ca9cc774.roa
File:                     4a3b404b-2dca-4671-afd8-5cc3ca9cc774.roa (raw, json)
Hash identifier:          cwbwV1DpkM+4hbcDsPvwUpBcXbU0juctDj0Scpcc5+Q=
Subject key identifier:   57:12:5D:88:7B:B2:CD:17:63:23:B2:FF:81:0B:2D:9A:F6:32:21:02
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4128A8FE27DF917FAC708C5137FA1372529E99AC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a3b404b-2dca-4671-afd8-5cc3ca9cc774.roa
Signing time:             Thu 25 Sep 2025 19:51:46 +0000
ROA not before:           Thu 25 Sep 2025 19:51:46 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.170.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:28:a8:fe:27:df:91:7f:ac:70:8c:51:37:fa:13:72:52:9e:99:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 19:51:46 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=3daf32cb6217d9d44877735f5be5172a5531e453d5627363a548e223ec428d15, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b9:b2:8d:62:9d:e4:33:72:86:0d:51:22:09:
                    d7:1f:e4:df:9d:3c:22:35:53:62:c7:31:80:11:88:
                    73:72:56:b8:dc:b5:a5:aa:e7:bb:d4:32:e9:6e:5f:
                    28:2a:fc:bb:c8:7d:c7:8b:47:bb:de:9c:e7:55:d4:
                    ee:7e:95:9e:73:45:05:ef:51:cb:3c:f7:31:92:0f:
                    b3:0a:49:a1:4a:1e:39:5f:ce:52:e8:90:44:9e:70:
                    34:45:ee:10:9c:36:de:d1:32:29:04:6a:10:1d:e2:
                    a1:3b:ba:c8:48:1e:a8:b4:4e:20:37:94:81:6e:1b:
                    aa:a7:49:84:14:a9:39:9d:4f:74:10:92:1a:78:67:
                    a0:ac:63:9b:fe:a9:3a:b9:5d:91:1b:f4:79:f5:ef:
                    fb:3d:c9:10:8c:6a:d6:4f:23:34:e0:60:cd:2d:c0:
                    4b:a4:e0:08:ee:47:fc:51:4a:9e:bb:48:51:04:8b:
                    0a:65:eb:1e:a8:53:ff:30:e2:be:ed:e2:23:28:33:
                    a4:a8:b2:b6:3a:3d:dd:a9:34:30:64:06:35:19:16:
                    0a:16:4d:2d:5e:9a:ea:1d:d3:ba:51:09:69:dd:97:
                    3c:a6:a7:7e:d9:52:5e:4e:c1:c0:d8:f1:4f:fd:da:
                    2f:09:04:ca:1e:44:4b:6b:29:af:e8:db:c6:81:18:
                    1f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:12:5D:88:7B:B2:CD:17:63:23:B2:FF:81:0B:2D:9A:F6:32:21:02
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4a3b404b-2dca-4671-afd8-5cc3ca9cc774.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.170.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:bd:59:b8:c0:1a:4a:63:cf:5f:3f:06:b1:6c:68:99:02:c7:
         66:68:39:26:55:e1:02:d8:21:8d:19:86:02:06:11:b4:1a:55:
         18:ed:42:46:5c:da:91:77:6d:07:b9:fa:0d:98:f0:94:b1:85:
         bc:54:e6:0e:e7:e3:92:36:9d:4a:29:07:7d:ac:5b:94:1a:4d:
         8f:46:3e:7b:7f:15:1d:57:fe:f3:94:a7:f1:6a:0e:d1:9e:30:
         66:5e:ae:32:fe:ee:a6:4d:b3:a0:45:a1:89:fb:c1:bc:b1:fa:
         a6:58:9f:74:5e:f1:40:76:81:1b:07:c7:01:d7:d8:aa:00:2e:
         21:f9:02:9c:48:7e:75:2b:6f:79:cb:9e:4f:fb:58:7c:83:08:
         c1:f3:5a:fb:f7:56:45:4b:f9:cb:41:a2:90:a9:55:50:68:ff:
         9a:29:47:6d:3a:7d:a6:49:89:55:13:c3:e3:57:5d:00:3b:5f:
         4e:0d:5f:17:12:2f:3d:2e:92:65:52:75:76:d2:46:d4:1b:45:
         3a:93:1a:3a:84:9d:01:a8:f6:25:2f:b7:04:e0:c0:33:de:4f:
         f1:9e:b9:2c:15:8a:5d:d2:cf:6d:da:d1:34:5c:23:28:b5:b0:
         92:f6:43:db:88:42:c0:4d:d5:3c:a4:15:26:0a:b3:75:34:49:
         63:7b:61:4b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQSio/iffkX+scIxRN/oTclKemawwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTk1MTQ2WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZGFmMzJjYjYyMTdkOWQ0NDg3NzczNWY1YmU1MTcyYTU1
MzFlNDUzZDU2MjczNjNhNTQ4ZTIyM2VjNDI4ZDE1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1ubKNYp3kM3KGDVEiCdcf5N+dPCI1U2LHMYARiHNyVrjc
taWq57vUMuluXygq/LvIfceLR7venOdV1O5+lZ5zRQXvUcs89zGSD7MKSaFKHjlf
zlLokESecDRF7hCcNt7RMikEahAd4qE7ushIHqi0TiA3lIFuG6qnSYQUqTmdT3QQ
khp4Z6CsY5v+qTq5XZEb9Hn17/s9yRCMatZPIzTgYM0twEuk4AjuR/xRSp67SFEE
iwpl6x6oU/8w4r7t4iMoM6SosrY6Pd2pNDBkBjUZFgoWTS1emuod07pRCWndlzym
p37ZUl5OwcDY8U/92i8JBMoeREtrKa/o28aBGB+XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVxJdiHuyzRdjI7L/gQstmvYyIQIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRhM2I0MDRiLTJkY2EtNDY3MS1hZmQ4LTVjYzNjYTljYzc3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADqpwwDQYJKoZIhvcNAQELBQADggEBAFS9WbjAGkpjz18/BrFsaJkCx2Zo
OSZV4QLYIY0ZhgIGEbQaVRjtQkZc2pF3bQe5+g2Y8JSxhbxU5g7n45I2nUopB32s
W5QaTY9GPnt/FR1X/vOUp/FqDtGeMGZerjL+7qZNs6BFoYn7wbyx+qZYn3Re8UB2
gRsHxwHX2KoALiH5ApxIfnUrb3nLnk/7WHyDCMHzWvv3VkVL+ctBopCpVVBo/5op
R206faZJiVUTw+NXXQA7X04NXxcSLz0ukmVSdXbSRtQbRTqTGjqEnQGo9iUvtwTg
wDPeT/GeuSwVil3Sz23a0TRcIyi1sJL2Q9uIQsBN1TykFSYKs3U0SWN7YUs=
-----END CERTIFICATE-----