Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/53c17d31-58eb-4449-9632-9a521962ae61.roa
File:                     53c17d31-58eb-4449-9632-9a521962ae61.roa (raw, json)
Hash identifier:          qCUyQUzLsPXTNUviyHAYO1VMokHFvP/13gdVJlvDPt4=
Subject key identifier:   0F:5A:C0:3D:EA:27:08:3A:A7:56:2C:60:24:2D:98:80:FB:D3:9E:54
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       74EC0794FD22FFDBE01212E0E5655067A5A6619C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/53c17d31-58eb-4449-9632-9a521962ae61.roa
Signing time:             Thu 25 Sep 2025 18:57:37 +0000
ROA not before:           Thu 25 Sep 2025 18:57:37 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.167.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:ec:07:94:fd:22:ff:db:e0:12:12:e0:e5:65:50:67:a5:a6:61:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 18:57:37 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=afc54f21d7406c76b89b3674e632208fcd90b7eca66a08d77207a29d49efc452, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5e:64:7f:c9:d5:4c:a0:0f:1c:cc:d4:bf:8f:
                    ec:ef:00:1f:15:8d:4e:3c:0e:c3:97:5e:a3:cb:c9:
                    2c:7a:43:95:01:42:88:9f:89:d6:a3:9e:33:14:ac:
                    c9:5a:a1:71:33:89:e1:ed:50:1a:36:30:83:04:3f:
                    db:19:19:93:1f:56:30:b7:34:cd:ac:6c:0e:f3:4a:
                    66:5b:18:9f:50:6e:11:3e:7a:69:cd:96:46:53:e5:
                    17:10:0c:a8:6c:75:52:b8:7d:6e:86:67:93:ea:25:
                    3a:b7:b7:09:ee:52:7d:c4:45:2a:5d:85:ae:5a:17:
                    d0:09:16:49:aa:e1:b2:6e:68:c9:84:42:59:58:4b:
                    53:72:b7:73:c2:0a:72:49:b5:2a:47:6e:29:80:5e:
                    52:fe:67:e9:93:3c:3b:e8:b8:f0:ff:93:8b:fb:46:
                    f6:15:18:d7:70:f1:e1:70:89:8d:2e:1b:0c:b1:df:
                    e7:6a:08:ab:ac:2e:87:29:b2:26:30:ac:f6:ae:83:
                    69:3f:77:7e:c8:10:00:62:35:20:7f:8d:f2:d3:a1:
                    24:00:74:b9:ef:e8:9c:89:54:57:6c:dd:34:00:c9:
                    0f:f0:50:95:09:b7:b5:50:f0:2d:e7:54:8f:d4:08:
                    2d:58:59:d3:12:9d:1a:99:c2:ca:47:ff:60:26:41:
                    a1:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:5A:C0:3D:EA:27:08:3A:A7:56:2C:60:24:2D:98:80:FB:D3:9E:54
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/53c17d31-58eb-4449-9632-9a521962ae61.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.167.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:fd:15:5e:91:98:2b:bd:f4:b8:c8:e7:5a:2f:e2:a6:46:e7:
         08:f0:11:d6:2b:d9:f0:58:36:3c:a2:41:15:a9:40:de:21:1d:
         f7:1f:85:a8:52:9b:f0:e6:f6:c5:31:fe:28:ed:fc:84:35:2c:
         02:74:fa:4f:84:3b:23:4e:35:59:23:2a:8c:0a:f2:0c:c2:2a:
         07:1c:18:5a:8d:25:64:ca:70:3d:47:a9:f9:6e:2c:fc:61:92:
         2b:ef:b9:e1:0f:49:10:e2:cf:15:ab:3b:0c:15:14:c7:ed:5b:
         18:d1:f0:30:ab:50:5a:dc:7e:15:2a:58:9d:c6:08:2b:d0:cf:
         6e:bd:a6:15:ae:96:38:a3:11:ff:2c:41:f6:e2:08:93:8d:4d:
         b6:1c:2e:c8:4b:2b:2d:d0:d1:fb:03:1b:f6:98:23:20:c0:6d:
         95:48:ce:7b:c5:63:c0:59:f1:bd:b5:92:4e:4c:4b:93:48:ee:
         50:7e:e2:f6:9b:14:9e:a9:5d:20:ae:ff:b3:48:14:53:b3:34:
         05:ca:2c:58:4d:26:86:3e:a1:eb:86:35:f0:ef:fe:22:43:2e:
         bb:38:63:9f:e8:70:66:06:4f:4c:ea:66:60:29:0c:c5:cf:84:
         f8:8d:d2:3b:54:47:c2:96:90:35:5d:62:85:53:2e:5a:62:4b:
         ee:fd:a9:ee
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdOwHlP0i/9vgEhLg5WVQZ6WmYZwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTg1NzM3WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZmM1NGYyMWQ3NDA2Yzc2Yjg5YjM2NzRlNjMyMjA4ZmNk
OTBiN2VjYTY2YTA4ZDc3MjA3YTI5ZDQ5ZWZjNDUyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3XmR/ydVMoA8czNS/j+zvAB8VjU48DsOXXqPLySx6Q5UB
QoifidajnjMUrMlaoXEzieHtUBo2MIMEP9sZGZMfVjC3NM2sbA7zSmZbGJ9QbhE+
emnNlkZT5RcQDKhsdVK4fW6GZ5PqJTq3twnuUn3ERSpdha5aF9AJFkmq4bJuaMmE
QllYS1Nyt3PCCnJJtSpHbimAXlL+Z+mTPDvouPD/k4v7RvYVGNdw8eFwiY0uGwyx
3+dqCKusLocpsiYwrPaug2k/d37IEABiNSB/jfLToSQAdLnv6JyJVFds3TQAyQ/w
UJUJt7VQ8C3nVI/UCC1YWdMSnRqZwspH/2AmQaENAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUD1rAPeonCDqnVixgJC2YgPvTnlQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUzYzE3ZDMxLTU4ZWItNDQ0OS05NjMyLTlhNTIxOTYyYWU2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADp9QwDQYJKoZIhvcNAQELBQADggEBAID9FV6RmCu99LjI51ov4qZG5wjw
EdYr2fBYNjyiQRWpQN4hHfcfhahSm/Dm9sUx/ijt/IQ1LAJ0+k+EOyNONVkjKowK
8gzCKgccGFqNJWTKcD1HqfluLPxhkivvueEPSRDizxWrOwwVFMftWxjR8DCrUFrc
fhUqWJ3GCCvQz269phWuljijEf8sQfbiCJONTbYcLshLKy3Q0fsDG/aYIyDAbZVI
znvFY8BZ8b21kk5MS5NI7lB+4vabFJ6pXSCu/7NIFFOzNAXKLFhNJoY+oeuGNfDv
/iJDLrs4Y5/ocGYGT0zqZmApDMXPhPiN0jtUR8KWkDVdYoVTLlpiS+79qe4=
-----END CERTIFICATE-----