Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4ccf9704-c00a-485a-ba25-6a6fdf3e6daf.roa
File:                     4ccf9704-c00a-485a-ba25-6a6fdf3e6daf.roa (raw, json)
Hash identifier:          UdvoYqBfUJu0e1mDwh9K/+36jXbQoPcc+4tfMIlD3XI=
Subject key identifier:   75:4A:3C:61:14:05:CA:77:4C:2E:6E:25:19:3C:4D:AA:AB:93:9D:FE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       354EB3F2121ED37CCF5DB99615E15D920BD5531B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4ccf9704-c00a-485a-ba25-6a6fdf3e6daf.roa
Signing time:             Thu 25 Sep 2025 22:32:02 +0000
ROA not before:           Thu 25 Sep 2025 22:32:02 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.167.144.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:4e:b3:f2:12:1e:d3:7c:cf:5d:b9:96:15:e1:5d:92:0b:d5:53:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 22:32:02 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=e7ae8ce83300cbb8f4e8684505a06af518b2ea6bd570c494614fac451d3e84e9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:53:31:b8:a9:8f:c0:4d:e5:47:6e:43:4a:ee:
                    5f:bd:07:a5:af:28:f8:8e:15:34:65:e0:0a:5d:43:
                    59:a5:f7:89:a3:f3:25:30:00:46:f5:b2:d8:53:2b:
                    dd:65:5c:6d:e9:4e:0b:a0:c5:bf:0c:58:1f:25:7f:
                    cf:c2:35:b7:c4:57:f4:20:d5:6f:1c:52:74:9f:3f:
                    7c:5b:29:e0:ba:2a:d7:70:e3:dd:b6:f8:38:cf:96:
                    89:eb:02:93:04:25:a6:b5:e6:d8:57:03:db:05:a4:
                    d0:36:fa:5b:20:30:9f:bb:f4:12:26:54:8a:c6:f3:
                    d8:ff:cf:8d:aa:59:b1:4e:ed:d3:55:f8:e6:43:39:
                    86:87:46:96:57:cc:40:5b:a0:61:e2:2c:8a:0d:90:
                    16:36:3a:9c:11:47:7a:f5:ad:97:ed:34:5b:8a:6a:
                    2e:1b:f1:76:ea:17:ed:e9:16:51:72:9f:53:cd:96:
                    41:5a:07:8b:8e:bd:37:4b:97:e7:c3:1b:8d:89:2d:
                    41:0b:7d:f4:24:c5:e7:15:d8:67:32:cd:96:ce:ce:
                    bd:46:50:8d:59:67:3d:b0:00:62:9c:73:4b:2f:be:
                    91:7e:d6:a4:3c:60:4a:6b:8a:f0:17:48:07:8a:a5:
                    24:30:68:07:38:fe:1c:34:7f:9b:86:9b:d6:ad:3b:
                    a5:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:4A:3C:61:14:05:CA:77:4C:2E:6E:25:19:3C:4D:AA:AB:93:9D:FE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4ccf9704-c00a-485a-ba25-6a6fdf3e6daf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.167.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:a9:cc:ca:d2:2b:52:8e:90:55:64:c0:66:7f:e2:69:6e:56:
         0c:b7:90:97:a4:6e:c9:f0:3a:fc:37:d4:0a:1e:ed:71:5f:ab:
         6f:77:19:40:84:e0:2f:81:ba:4a:52:4d:0c:7f:c1:31:02:52:
         45:3d:05:73:26:28:10:e3:aa:fd:54:b1:5b:01:0b:97:cd:ba:
         31:69:97:34:0b:87:4e:ae:61:7d:4b:bb:99:32:11:d6:6c:dd:
         23:1f:93:0b:a3:f5:a4:99:e5:66:b0:6c:9a:d8:43:60:2b:10:
         96:06:90:83:19:97:dc:7a:14:cc:2c:f1:06:b1:36:06:53:ac:
         74:c3:6d:f9:37:e8:01:5c:fa:19:32:02:bd:6a:00:87:46:86:
         32:ef:ae:e8:11:08:a5:34:71:3b:ca:06:5d:94:05:25:1f:99:
         cc:23:e6:28:8f:1f:e4:02:2c:17:25:6b:c2:43:83:7d:c6:d2:
         2f:1d:bc:d2:49:f2:af:46:d3:bc:e4:02:cf:fe:6f:40:ba:38:
         7c:85:97:41:66:aa:f0:d2:27:2f:73:aa:93:c9:52:fb:e5:b5:
         ce:ce:56:cf:4e:78:68:b5:47:72:07:f4:bc:db:0b:c9:ab:28:
         75:ae:45:5b:7e:bb:b1:28:0a:6b:d8:f2:09:2a:21:cd:14:e3:
         d8:db:66:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNU6z8hIe03zPXbmWFeFdkgvVUxswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjIzMjAyWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlN2FlOGNlODMzMDBjYmI4ZjRlODY4NDUwNWEwNmFmNTE4
YjJlYTZiZDU3MGM0OTQ2MTRmYWM0NTFkM2U4NGU5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnUzG4qY/ATeVHbkNK7l+9B6WvKPiOFTRl4ApdQ1ml94mj
8yUwAEb1sthTK91lXG3pTgugxb8MWB8lf8/CNbfEV/Qg1W8cUnSfP3xbKeC6Ktdw
4922+DjPlonrApMEJaa15thXA9sFpNA2+lsgMJ+79BImVIrG89j/z42qWbFO7dNV
+OZDOYaHRpZXzEBboGHiLIoNkBY2OpwRR3r1rZftNFuKai4b8XbqF+3pFlFyn1PN
lkFaB4uOvTdLl+fDG42JLUELffQkxecV2GcyzZbOzr1GUI1ZZz2wAGKcc0svvpF+
1qQ8YEprivAXSAeKpSQwaAc4/hw0f5uGm9atO6V/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdUo8YRQFyndMLm4lGTxNqquTnf4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRjY2Y5NzA0LWMwMGEtNDg1YS1iYTI1LTZhNmZkZjNlNmRhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDp5AwDQYJKoZIhvcNAQELBQADggEBALCpzMrSK1KOkFVkwGZ/4mluVgy3
kJekbsnwOvw31Aoe7XFfq293GUCE4C+BukpSTQx/wTECUkU9BXMmKBDjqv1UsVsB
C5fNujFplzQLh06uYX1Lu5kyEdZs3SMfkwuj9aSZ5WawbJrYQ2ArEJYGkIMZl9x6
FMws8QaxNgZTrHTDbfk36AFc+hkyAr1qAIdGhjLvrugRCKU0cTvKBl2UBSUfmcwj
5iiPH+QCLBcla8JDg33G0i8dvNJJ8q9G07zkAs/+b0C6OHyFl0FmqvDSJy9zqpPJ
Uvvltc7OVs9OeGi1R3IH9LzbC8mrKHWuRVt+u7EoCmvY8gkqIc0U49jbZsQ=
-----END CERTIFICATE-----