Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/59e5f141-5b3c-4594-bde5-6e11b9de6159.roa
File:                     59e5f141-5b3c-4594-bde5-6e11b9de6159.roa (raw, json)
Hash identifier:          7PY2qsCQykVvFoLkCkLYv0rzuFI1+opuCa2Gn19WxmY=
Subject key identifier:   24:35:D5:95:4B:66:02:E2:2C:C9:85:F1:FB:97:BC:07:0C:BD:52:45
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6A80073339AA98D69862D82BB09B92422B9CC802
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/59e5f141-5b3c-4594-bde5-6e11b9de6159.roa
Signing time:             Thu 25 Sep 2025 21:12:12 +0000
ROA not before:           Thu 25 Sep 2025 21:12:12 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.175.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:80:07:33:39:aa:98:d6:98:62:d8:2b:b0:9b:92:42:2b:9c:c8:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 21:12:12 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=93fe86d43189e96188fb00d17e3e95442f0e51264b645652df96ce395c25b768, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:a3:08:5e:12:51:db:a1:c9:47:a7:90:88:7d:
                    ed:45:62:0e:43:90:40:19:5a:15:e8:05:11:e6:e3:
                    c4:05:33:a5:0a:48:73:7d:19:dd:eb:db:62:73:a6:
                    8a:de:d8:30:e5:83:82:f4:f5:42:04:95:9a:0c:06:
                    9f:72:63:08:89:70:a6:6e:60:ee:e5:9b:7c:c3:b8:
                    bd:93:7e:0a:d1:aa:08:6c:a8:65:6f:f0:f4:15:17:
                    53:d8:4b:c8:54:03:ac:4b:83:43:4c:3b:b8:28:ff:
                    c5:16:5d:d7:22:dc:8c:e3:32:60:dc:0c:18:13:0a:
                    54:6c:5f:0f:4f:44:04:da:36:b7:90:58:08:de:2d:
                    cf:a7:ac:33:3c:28:b9:94:bd:43:9e:62:78:20:69:
                    ae:c6:a1:62:19:66:d9:be:d1:26:18:9a:78:ea:dc:
                    bb:83:46:ee:57:d9:16:09:a6:38:99:88:64:0a:bf:
                    0e:2d:54:6c:51:17:b7:5b:2d:ad:18:bc:d4:76:e9:
                    23:3e:21:c9:5e:98:c0:f8:7d:43:eb:30:b9:77:02:
                    dc:6f:d1:de:57:92:ef:ab:c4:92:ff:3e:fb:35:96:
                    a5:96:dd:dc:f0:62:e7:d6:99:de:bd:10:3c:9c:ed:
                    05:35:d5:78:38:15:d9:10:03:4d:25:49:cf:ba:7d:
                    11:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:35:D5:95:4B:66:02:E2:2C:C9:85:F1:FB:97:BC:07:0C:BD:52:45
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/59e5f141-5b3c-4594-bde5-6e11b9de6159.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.175.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:c4:85:09:44:c1:cf:8a:47:42:b2:b3:2a:ab:67:f5:ee:f8:
         53:ee:e6:4b:4b:30:9e:1d:f8:70:7c:36:ca:65:62:5f:97:8e:
         1c:a4:9d:66:95:39:04:ac:d6:ce:2a:cc:6e:53:15:ed:c2:a5:
         dc:9e:98:f4:91:bb:0c:b3:83:66:b0:df:37:50:9e:02:0c:95:
         1a:c2:4c:ad:dc:4c:ef:44:b4:61:68:06:52:8c:c2:fb:ba:58:
         15:2a:bb:eb:eb:71:47:68:e7:85:3d:37:75:75:ff:58:18:4a:
         95:93:91:c1:36:31:7d:e4:17:c7:0e:b0:38:cc:f5:bb:19:23:
         06:a9:10:06:6c:cf:ce:37:3d:b7:9e:ac:65:4e:9e:9a:e4:24:
         74:69:ec:28:ae:0e:bf:d9:fc:cb:21:b7:02:16:c9:90:2c:cc:
         c5:71:06:4c:d8:96:70:c6:36:5a:0d:76:30:96:06:31:bf:65:
         6f:15:19:e5:cf:19:0e:9d:fe:4f:97:b2:33:15:4d:26:5e:5c:
         9b:61:7d:53:e5:d0:43:f8:f6:91:d0:6a:55:3c:b2:c2:4e:ff:
         0f:73:ad:6a:ef:f7:f3:46:3c:f7:25:5e:39:f3:ee:c6:48:7a:
         bc:bb:6f:a0:b3:26:ff:21:40:ff:29:b6:90:17:f8:36:57:62:
         27:d2:e0:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaoAHMzmqmNaYYtgrsJuSQiucyAIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjExMjEyWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5M2ZlODZkNDMxODllOTYxODhmYjAwZDE3ZTNlOTU0NDJm
MGU1MTI2NGI2NDU2NTJkZjk2Y2UzOTVjMjViNzY4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkowheElHboclHp5CIfe1FYg5DkEAZWhXoBRHm48QFM6UK
SHN9Gd3r22Jzpore2DDlg4L09UIElZoMBp9yYwiJcKZuYO7lm3zDuL2TfgrRqghs
qGVv8PQVF1PYS8hUA6xLg0NMO7go/8UWXdci3IzjMmDcDBgTClRsXw9PRATaNreQ
WAjeLc+nrDM8KLmUvUOeYnggaa7GoWIZZtm+0SYYmnjq3LuDRu5X2RYJpjiZiGQK
vw4tVGxRF7dbLa0YvNR26SM+IclemMD4fUPrMLl3Atxv0d5Xku+rxJL/Pvs1lqWW
3dzwYufWmd69EDyc7QU11Xg4FdkQA00lSc+6fRHPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJDXVlUtmAuIsyYXx+5e8Bwy9UkUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU5ZTVmMTQxLTViM2MtNDU5NC1iZGU1LTZlMTFiOWRlNjE1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADrwIwDQYJKoZIhvcNAQELBQADggEBAKzEhQlEwc+KR0KysyqrZ/Xu+FPu
5ktLMJ4d+HB8NsplYl+XjhyknWaVOQSs1s4qzG5TFe3CpdyemPSRuwyzg2aw3zdQ
ngIMlRrCTK3cTO9EtGFoBlKMwvu6WBUqu+vrcUdo54U9N3V1/1gYSpWTkcE2MX3k
F8cOsDjM9bsZIwapEAZsz843PbeerGVOnprkJHRp7CiuDr/Z/MshtwIWyZAszMVx
BkzYlnDGNloNdjCWBjG/ZW8VGeXPGQ6d/k+XsjMVTSZeXJthfVPl0EP49pHQalU8
ssJO/w9zrWrv9/NGPPclXjnz7sZIery7b6CzJv8hQP8ptpAX+DZXYifS4D0=
-----END CERTIFICATE-----