Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5a2fe351-73bf-4b26-bc3b-19aa4fce1f20.roa
File:                     5a2fe351-73bf-4b26-bc3b-19aa4fce1f20.roa (raw, json)
Hash identifier:          cNnwX9ehNLQmGxWX0nDJVupDiaUlK2/QCZ1KliK37C8=
Subject key identifier:   0D:8A:C5:72:D4:C3:A6:10:40:29:99:00:28:8D:49:C0:F9:1E:68:1D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       16D2DBA0C95739D2170CB55A49AAF8B0AB21EC0A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5a2fe351-73bf-4b26-bc3b-19aa4fce1f20.roa
Signing time:             Thu 25 Sep 2025 19:00:04 +0000
ROA not before:           Thu 25 Sep 2025 19:00:04 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.167.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:d2:db:a0:c9:57:39:d2:17:0c:b5:5a:49:aa:f8:b0:ab:21:ec:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 19:00:04 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=16ee144258d8691162db5d6e0b67e4c64184014d60ee443c7aecd4c7fe10f4e6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c8:5a:c8:b2:bb:1f:aa:d6:10:d7:19:54:75:
                    e8:71:2f:84:05:00:9f:0a:df:69:2b:e8:78:28:ab:
                    2f:3c:8d:a6:20:a6:1d:f4:ce:45:00:ca:b2:32:48:
                    1f:13:dd:ab:01:4c:0d:ed:03:67:c1:47:ec:8a:12:
                    d8:a6:54:51:ce:26:20:16:95:5a:0b:8d:3a:35:72:
                    49:94:16:1e:fe:8c:b1:28:8b:db:e7:c5:83:49:60:
                    22:ae:e6:b6:d3:a3:2c:a8:21:29:d9:9f:ea:7e:5c:
                    95:3c:13:d6:d8:00:9b:a1:72:54:26:34:8a:5e:42:
                    b8:0f:a1:4b:0e:9b:52:f3:56:fb:07:60:1d:c1:05:
                    a8:5c:3d:c6:25:e8:8e:72:05:d9:47:37:58:a0:4f:
                    6c:64:0d:73:04:b7:7f:c2:43:2b:a9:21:6e:ba:c6:
                    59:79:85:fe:57:c4:0a:19:04:ab:e2:ed:fe:08:37:
                    bb:73:28:e6:af:a6:4c:04:1e:77:63:66:d6:1f:f5:
                    b3:fd:cb:fb:9d:71:47:73:ee:96:eb:dc:9d:be:95:
                    25:46:c7:35:e1:df:11:29:f0:6d:9d:2f:07:77:89:
                    79:ed:c0:50:db:cd:97:d6:31:02:ef:18:f5:12:b8:
                    1c:2e:b7:32:7b:96:48:9f:d7:dd:b8:20:a5:37:37:
                    6b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:8A:C5:72:D4:C3:A6:10:40:29:99:00:28:8D:49:C0:F9:1E:68:1D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5a2fe351-73bf-4b26-bc3b-19aa4fce1f20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.167.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:2e:91:7a:cb:e1:6f:ec:74:28:0f:2b:5b:92:81:2a:66:9c:
         55:c7:5a:a3:de:09:09:4f:df:43:18:5e:bc:4b:f7:14:4b:24:
         fc:7f:c5:5d:a7:85:f2:9d:54:61:20:df:aa:b9:b8:52:3f:cd:
         cb:55:e9:90:2d:53:d9:5c:67:5d:a8:ef:f6:ec:e2:db:73:d4:
         4e:96:aa:49:c5:60:fd:a0:3b:50:d0:84:ff:79:52:b9:7c:c7:
         04:ff:80:f0:e3:de:c0:e2:ea:0a:30:f5:83:b5:08:c1:e2:9b:
         6d:89:6f:7d:8a:11:ff:2f:64:85:7f:fc:64:20:dc:e7:b8:e3:
         36:1b:9e:e1:97:c4:5f:15:8a:53:b9:85:04:bd:d5:7d:2f:f2:
         96:22:b2:e1:21:9d:86:d8:6b:ea:45:d6:79:85:9b:26:1f:ff:
         21:88:8c:3e:d9:54:11:7c:ae:64:91:ee:74:c6:82:5b:72:2f:
         08:9d:5c:ba:07:fc:54:d3:da:46:81:90:99:33:a6:fb:55:cd:
         2c:00:78:6a:43:53:88:1a:de:60:36:41:ef:83:fb:cb:c9:55:
         60:32:1f:d3:8d:80:71:c9:34:c6:73:3b:42:56:6d:99:cb:17:
         43:f0:e7:44:b7:3d:af:99:5b:5a:ed:35:73:ca:51:85:cb:59:
         e4:5e:97:5a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFtLboMlXOdIXDLVaSar4sKsh7AowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTkwMDA0WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNmVlMTQ0MjU4ZDg2OTExNjJkYjVkNmUwYjY3ZTRjNjQx
ODQwMTRkNjBlZTQ0M2M3YWVjZDRjN2ZlMTBmNGU2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoyFrIsrsfqtYQ1xlUdehxL4QFAJ8K32kr6Hgoqy88jaYg
ph30zkUAyrIySB8T3asBTA3tA2fBR+yKEtimVFHOJiAWlVoLjTo1ckmUFh7+jLEo
i9vnxYNJYCKu5rbToyyoISnZn+p+XJU8E9bYAJuhclQmNIpeQrgPoUsOm1LzVvsH
YB3BBahcPcYl6I5yBdlHN1igT2xkDXMEt3/CQyupIW66xll5hf5XxAoZBKvi7f4I
N7tzKOavpkwEHndjZtYf9bP9y/udcUdz7pbr3J2+lSVGxzXh3xEp8G2dLwd3iXnt
wFDbzZfWMQLvGPUSuBwutzJ7lkif1924IKU3N2ufAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDYrFctTDphBAKZkAKI1JwPkeaB0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVhMmZlMzUxLTczYmYtNGIyNi1iYzNiLTE5YWE0ZmNlMWYyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADp+swDQYJKoZIhvcNAQELBQADggEBAJoukXrL4W/sdCgPK1uSgSpmnFXH
WqPeCQlP30MYXrxL9xRLJPx/xV2nhfKdVGEg36q5uFI/zctV6ZAtU9lcZ12o7/bs
4ttz1E6WqknFYP2gO1DQhP95Url8xwT/gPDj3sDi6gow9YO1CMHim22Jb32KEf8v
ZIV//GQg3Oe44zYbnuGXxF8VilO5hQS91X0v8pYisuEhnYbYa+pF1nmFmyYf/yGI
jD7ZVBF8rmSR7nTGgltyLwidXLoH/FTT2kaBkJkzpvtVzSwAeGpDU4ga3mA2Qe+D
+8vJVWAyH9ONgHHJNMZzO0JWbZnLF0Pw50S3Pa+ZW1rtNXPKUYXLWeRel1o=
-----END CERTIFICATE-----