Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6386d18f-04ed-42a0-b197-b93b0a61e854.roa
File:                     6386d18f-04ed-42a0-b197-b93b0a61e854.roa (raw, json)
Hash identifier:          7aTJAQfqVr3DtWjXjlHegV+zCENcXzYfP+YMd9Khhg4=
Subject key identifier:   D2:2B:0A:C1:68:EF:14:C5:BA:6C:97:72:B3:5B:7E:48:E7:AA:A9:35
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       452E84A0D7F5629E7B600227986E6ADFCD71DF9A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6386d18f-04ed-42a0-b197-b93b0a61e854.roa
Signing time:             Thu 25 Sep 2025 20:36:49 +0000
ROA not before:           Thu 25 Sep 2025 20:36:49 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.173.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:2e:84:a0:d7:f5:62:9e:7b:60:02:27:98:6e:6a:df:cd:71:df:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 20:36:49 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=163fc8aac95ea8f7ce6fa853f94516caf611c7c983bd7b94bf0e74a348ea4b78, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cd:14:d6:1c:ce:61:fc:fc:7d:c5:0f:4c:7b:
                    6f:7f:f4:ab:d3:34:fa:31:95:a5:62:6e:a9:c6:5f:
                    8e:24:63:36:1c:16:28:e8:7a:fa:ff:f7:8d:14:cd:
                    f8:78:44:9b:2b:80:cb:af:3c:54:6f:d3:25:f5:d6:
                    31:f9:9b:94:68:9e:9c:d0:2b:1c:98:1b:c2:00:1a:
                    6e:28:25:78:24:87:b4:09:49:92:06:0a:50:db:ca:
                    30:ce:6e:24:14:7c:12:1c:ab:9f:08:e4:83:b8:3a:
                    af:13:a0:c0:2a:fb:44:73:e6:3a:41:b1:9e:18:65:
                    f5:9f:d0:a1:c9:fb:fe:0a:ce:c0:f8:10:60:9a:e5:
                    07:b1:a4:22:56:2c:60:fd:05:03:b1:b4:45:1a:71:
                    c7:bc:a2:90:61:73:85:b9:c5:20:d8:31:c7:f3:a3:
                    cf:5c:47:c6:83:63:23:74:db:30:22:36:d9:2e:46:
                    fe:b0:b5:c8:c0:04:b8:3b:38:37:f6:95:2b:bb:51:
                    a2:83:d7:62:23:33:c9:b3:05:32:06:38:41:54:ba:
                    b8:34:e5:01:f3:95:3b:e6:c2:6c:86:49:db:56:71:
                    83:89:f1:ba:68:fb:70:02:e6:d8:b8:cd:2a:14:76:
                    45:3d:b1:83:60:be:c5:88:aa:75:f0:82:43:4d:3c:
                    76:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:2B:0A:C1:68:EF:14:C5:BA:6C:97:72:B3:5B:7E:48:E7:AA:A9:35
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6386d18f-04ed-42a0-b197-b93b0a61e854.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.173.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:15:2e:51:5b:c0:9c:77:d4:e4:f2:ba:ed:fd:b3:d2:00:56:
         33:65:d9:4d:a7:ad:58:5d:d0:83:89:4e:f1:53:1f:88:8c:3e:
         08:fe:d6:24:9d:5d:ae:1a:f3:68:b3:ac:5b:d0:0a:14:86:17:
         12:4c:eb:68:59:dd:7d:f8:bd:a9:81:f3:b7:09:43:0c:1f:dc:
         ce:5e:0d:bd:84:99:f3:95:f6:47:59:16:ca:7a:c6:01:b6:b1:
         21:ec:09:c1:53:4f:55:00:2c:f4:16:bb:fd:b3:64:ce:dd:8d:
         a7:b8:72:d6:d7:66:d0:e9:0c:31:79:1b:31:16:7c:91:96:cd:
         ae:58:4b:da:8d:55:0c:eb:d6:71:59:e5:71:a7:dc:90:d4:aa:
         8f:d4:2f:a3:5e:84:25:7b:00:76:cd:54:9d:be:71:a1:4c:8d:
         fb:95:4d:1c:da:a4:17:1c:72:e9:c3:05:e6:6c:6f:67:c6:ca:
         09:23:b5:fa:13:e8:40:fc:32:7a:cd:43:b5:eb:d8:29:f7:0f:
         ab:a2:4a:27:b5:7d:21:79:08:eb:0f:68:83:49:dc:f1:a0:12:
         5d:2d:99:b5:92:eb:6d:75:92:0e:65:f7:f3:42:fb:9b:a9:1e:
         59:b7:5c:7e:66:0c:f7:93:dd:71:bb:ef:03:a8:d8:55:3c:70:
         0d:ae:be:11
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURS6EoNf1Yp57YAInmG5q381x35owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjAzNjQ5WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjNmYzhhYWM5NWVhOGY3Y2U2ZmE4NTNmOTQ1MTZjYWY2
MTFjN2M5ODNiZDdiOTRiZjBlNzRhMzQ4ZWE0Yjc4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+zRTWHM5h/Px9xQ9Me29/9KvTNPoxlaVibqnGX44kYzYc
Fijoevr/940Uzfh4RJsrgMuvPFRv0yX11jH5m5RonpzQKxyYG8IAGm4oJXgkh7QJ
SZIGClDbyjDObiQUfBIcq58I5IO4Oq8ToMAq+0Rz5jpBsZ4YZfWf0KHJ+/4KzsD4
EGCa5QexpCJWLGD9BQOxtEUacce8opBhc4W5xSDYMcfzo89cR8aDYyN02zAiNtku
Rv6wtcjABLg7ODf2lSu7UaKD12IjM8mzBTIGOEFUurg05QHzlTvmwmyGSdtWcYOJ
8bpo+3AC5ti4zSoUdkU9sYNgvsWIqnXwgkNNPHaHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0isKwWjvFMW6bJdys1t+SOeqqTUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzYzODZkMThmLTA0ZWQtNDJhMC1iMTk3LWI5M2IwYTYxZTg1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADrbowDQYJKoZIhvcNAQELBQADggEBAJcVLlFbwJx31OTyuu39s9IAVjNl
2U2nrVhd0IOJTvFTH4iMPgj+1iSdXa4a82izrFvQChSGFxJM62hZ3X34vamB87cJ
Qwwf3M5eDb2EmfOV9kdZFsp6xgG2sSHsCcFTT1UALPQWu/2zZM7djae4ctbXZtDp
DDF5GzEWfJGWza5YS9qNVQzr1nFZ5XGn3JDUqo/UL6NehCV7AHbNVJ2+caFMjfuV
TRzapBcccunDBeZsb2fGygkjtfoT6ED8MnrNQ7Xr2Cn3D6uiSie1fSF5COsPaINJ
3PGgEl0tmbWS6211kg5l9/NC+5upHlm3XH5mDPeT3XG77wOo2FU8cA2uvhE=
-----END CERTIFICATE-----