Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6b7b4250-e90b-4f27-b7b9-420a29d42515.roa
File:                     6b7b4250-e90b-4f27-b7b9-420a29d42515.roa (raw, json)
Hash identifier:          n9r1DMx8AoTUe2seE3Yke00PdmbQ60zJIb/6+6iZuec=
Subject key identifier:   D2:33:9E:7B:B3:BF:61:80:1B:67:E0:DF:FC:0E:4C:DC:0F:37:EB:B1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       42FBEC27B3A60059A3DDB388A38584604DC94CD3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6b7b4250-e90b-4f27-b7b9-420a29d42515.roa
Signing time:             Thu 25 Sep 2025 18:39:34 +0000
ROA not before:           Thu 25 Sep 2025 18:39:34 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.166.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:fb:ec:27:b3:a6:00:59:a3:dd:b3:88:a3:85:84:60:4d:c9:4c:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 18:39:34 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=8eef32b155d1a7c14cb922626a10ab067575501bc420c033dffd0559abc190f2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:0b:b7:fb:28:25:03:a9:85:a2:c2:44:80:f3:
                    0d:b3:86:ff:53:e6:45:7a:5d:22:e1:38:70:c0:50:
                    13:d5:29:ab:87:16:07:ff:9a:ff:08:bd:32:fc:7f:
                    d0:90:94:83:96:fa:db:6f:36:dc:8d:a0:00:4b:b0:
                    19:2a:a1:4f:30:e9:1c:a8:7f:b1:ca:28:2b:93:1d:
                    f1:7d:46:b9:b7:bd:3f:ae:5b:fb:61:c1:28:6e:9c:
                    c9:d3:3b:03:8b:d8:27:62:c9:b2:5a:7a:79:8b:b9:
                    4c:ab:c9:e3:17:dd:ae:46:4b:b4:1f:39:ae:9d:db:
                    17:ca:c0:38:bc:12:af:27:fc:13:14:b7:ea:92:56:
                    ac:36:71:05:49:61:65:35:3e:10:fa:4f:33:a2:c2:
                    76:c0:ed:ae:f6:19:0f:4e:89:50:19:bb:41:ef:d2:
                    9c:02:3e:5e:9b:9a:19:d2:c3:3b:fa:24:9d:ee:7c:
                    41:be:97:3d:37:7a:3a:85:3c:cd:15:d6:cf:f3:18:
                    8b:40:1b:bc:24:47:ac:0f:4c:8c:73:24:6a:da:8f:
                    23:e6:2d:aa:3a:3c:9a:03:dc:44:df:93:e9:a8:14:
                    bf:95:4b:f2:f4:29:e2:b5:de:d7:2f:26:79:aa:58:
                    29:7c:c2:9a:41:61:3c:10:69:c0:78:c4:f0:88:99:
                    b5:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:33:9E:7B:B3:BF:61:80:1B:67:E0:DF:FC:0E:4C:DC:0F:37:EB:B1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6b7b4250-e90b-4f27-b7b9-420a29d42515.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.166.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:c9:e4:40:df:64:73:7d:4c:df:6f:66:79:76:ce:e4:81:42:
         80:b4:4c:1b:3d:10:40:18:c0:9b:7a:03:96:bb:9f:dd:00:86:
         e4:c2:3c:5f:71:2f:f0:1f:02:fd:05:70:9f:4a:2d:9a:f5:85:
         3a:3a:af:76:0a:b2:b8:e1:48:79:d4:79:09:a8:e7:9a:f6:fd:
         3d:49:4d:57:d8:78:79:5d:5a:89:72:31:82:e5:00:20:1a:f8:
         21:ae:78:22:dd:76:bb:b8:b8:85:58:29:35:02:9e:72:78:97:
         a0:86:9f:96:47:6d:86:a6:06:3c:6e:15:a2:11:61:c9:56:84:
         40:73:c4:b1:61:de:df:35:cc:79:46:6f:ce:32:76:b8:02:84:
         28:28:e0:27:69:7f:80:aa:3e:b0:1f:2d:3b:53:6b:82:8f:cf:
         9a:a0:4b:f3:c6:85:4d:4d:4e:51:08:60:31:31:8a:00:47:fd:
         01:26:dd:99:39:87:e7:bb:c4:5d:21:58:c5:e7:ec:dc:da:c0:
         54:95:59:b6:14:df:62:35:85:3a:7b:10:48:28:9d:e5:56:09:
         0b:6e:97:da:e9:a1:cd:fb:f5:52:8c:58:a1:6f:88:17:49:a2:
         9d:a1:c3:01:a2:27:12:fa:e3:71:b8:47:d6:69:7f:fa:84:7f:
         ec:86:78:8a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQvvsJ7OmAFmj3bOIo4WEYE3JTNMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTgzOTM0WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZWVmMzJiMTU1ZDFhN2MxNGNiOTIyNjI2YTEwYWIwNjc1
NzU1MDFiYzQyMGMwMzNkZmZkMDU1OWFiYzE5MGYyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmC7f7KCUDqYWiwkSA8w2zhv9T5kV6XSLhOHDAUBPVKauH
Fgf/mv8IvTL8f9CQlIOW+ttvNtyNoABLsBkqoU8w6Ryof7HKKCuTHfF9Rrm3vT+u
W/thwShunMnTOwOL2CdiybJaenmLuUyryeMX3a5GS7QfOa6d2xfKwDi8Eq8n/BMU
t+qSVqw2cQVJYWU1PhD6TzOiwnbA7a72GQ9OiVAZu0Hv0pwCPl6bmhnSwzv6JJ3u
fEG+lz03ejqFPM0V1s/zGItAG7wkR6wPTIxzJGrajyPmLao6PJoD3ETfk+moFL+V
S/L0KeK13tcvJnmqWCl8wppBYTwQacB4xPCImbVRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0jOee7O/YYAbZ+Df/A5M3A8367EwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZiN2I0MjUwLWU5MGItNGYyNy1iN2I5LTQyMGEyOWQ0MjUxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADpsMwDQYJKoZIhvcNAQELBQADggEBAGnJ5EDfZHN9TN9vZnl2zuSBQoC0
TBs9EEAYwJt6A5a7n90AhuTCPF9xL/AfAv0FcJ9KLZr1hTo6r3YKsrjhSHnUeQmo
55r2/T1JTVfYeHldWolyMYLlACAa+CGueCLddru4uIVYKTUCnnJ4l6CGn5ZHbYam
BjxuFaIRYclWhEBzxLFh3t81zHlGb84ydrgChCgo4Cdpf4CqPrAfLTtTa4KPz5qg
S/PGhU1NTlEIYDExigBH/QEm3Zk5h+e7xF0hWMXn7NzawFSVWbYU32I1hTp7EEgo
neVWCQtul9rpoc379VKMWKFviBdJop2hwwGiJxL643G4R9Zpf/qEf+yGeIo=
-----END CERTIFICATE-----