Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6bf8a552-c340-41c4-a471-2e2c19aca893.roa
File:                     6bf8a552-c340-41c4-a471-2e2c19aca893.roa (raw, json)
Hash identifier:          DP8dcoHFdWwS4t0NMkUA9kMS2J2ILrLq/Bk9DWNBe4Q=
Subject key identifier:   9D:9B:66:5F:06:CD:F4:AB:56:71:F0:7E:68:8C:35:10:76:E4:EA:C3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       276BA99C53543760864C97CCF2F9EFAA23B70186
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6bf8a552-c340-41c4-a471-2e2c19aca893.roa
Signing time:             Fri 26 Sep 2025 00:15:55 +0000
ROA not before:           Fri 26 Sep 2025 00:15:55 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.165.136.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:6b:a9:9c:53:54:37:60:86:4c:97:cc:f2:f9:ef:aa:23:b7:01:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:15:55 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=cb219ac519b1f5a8c1a64584fe6dd6d6d6ae3af498ddd18a65cb18f71e179361, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:21:6f:4a:3e:8c:1a:c9:c6:a1:20:f7:7a:2b:
                    85:d2:f8:28:cb:fd:fb:c4:05:4b:ec:98:93:7c:ea:
                    2b:86:40:8c:32:2c:b4:62:57:87:9e:96:53:de:86:
                    97:b2:f8:b4:f3:1a:4e:72:f1:c9:98:2a:06:0d:2b:
                    e7:f0:2d:92:a6:59:23:04:f6:11:50:c6:35:27:c8:
                    29:2d:12:5f:e1:39:df:74:06:94:cc:a5:2f:8f:ec:
                    31:89:2b:43:0b:8c:82:e9:e2:1c:b5:fe:79:ca:b7:
                    9a:f8:39:1a:ae:3f:43:a1:6d:b8:2b:1d:f8:af:c5:
                    2c:6b:58:f2:43:2e:97:a9:60:ff:f6:bd:86:34:f7:
                    dc:63:4d:8f:8a:6b:44:4b:43:4b:b9:29:e8:b5:e8:
                    c2:dd:93:25:c6:87:ce:08:72:ee:f6:fe:e8:5e:9b:
                    95:56:ea:d2:35:31:fb:ef:97:3f:84:f9:80:41:10:
                    34:19:c5:1d:f1:65:66:fe:11:db:07:03:8b:5b:7e:
                    5d:9b:b7:af:0d:5f:fe:25:c4:95:43:51:19:48:2b:
                    f1:49:59:3e:dc:82:7a:12:0c:3c:bb:18:84:bd:fa:
                    f0:dc:f3:a9:e5:be:6d:4f:25:68:6d:19:95:91:1f:
                    31:80:b0:03:c3:93:0d:ee:a9:87:6e:2b:9e:59:f7:
                    1e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:9B:66:5F:06:CD:F4:AB:56:71:F0:7E:68:8C:35:10:76:E4:EA:C3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6bf8a552-c340-41c4-a471-2e2c19aca893.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.165.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         26:c5:f3:df:6b:96:f1:0c:d7:cb:48:aa:26:98:93:52:75:90:
         b6:b8:fb:71:65:90:ef:f0:80:09:79:84:25:13:98:59:b4:85:
         10:a9:8d:bc:a2:84:92:b9:8c:e6:bc:85:19:28:a0:7a:e9:df:
         b2:c1:a9:51:26:c4:51:70:a0:80:84:2a:04:3a:a1:7b:eb:0c:
         ee:c1:05:66:91:f3:ab:bc:73:5b:96:7c:0f:13:6c:ad:b5:af:
         d9:4d:ff:db:0a:98:6d:57:0a:62:c7:bf:e8:6e:1a:96:f8:6f:
         5d:ec:77:98:cd:10:ab:a0:ee:c1:85:a4:83:bf:ff:9d:c4:40:
         b9:81:ae:cc:7f:43:01:ae:99:cc:d3:66:57:94:ec:e5:4a:0e:
         55:78:b6:61:4a:18:00:e9:17:42:91:a1:c5:7f:f5:61:08:a2:
         bf:0a:8c:74:bf:49:a3:14:dd:07:11:e5:81:f4:ea:f4:76:e4:
         be:70:75:c3:f6:ff:38:b8:fc:3d:96:ee:c7:a6:2c:01:e3:8e:
         7c:55:6e:cc:43:93:86:e6:d3:46:52:c3:8a:33:f5:c2:be:79:
         6b:61:bb:7e:c4:8d:da:e9:04:16:71:ab:6e:b9:a4:3f:54:a8:
         62:ee:ac:e1:88:41:88:0e:ae:2f:ec:3c:3b:1e:a8:90:e6:f8:
         53:e7:82:82
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJ2upnFNUN2CGTJfM8vnvqiO3AYYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAxNTU1WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjIxOWFjNTE5YjFmNWE4YzFhNjQ1ODRmZTZkZDZkNmQ2
YWUzYWY0OThkZGQxOGE2NWNiMThmNzFlMTc5MzYxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7IW9KPowaycahIPd6K4XS+CjL/fvEBUvsmJN86iuGQIwy
LLRiV4eellPehpey+LTzGk5y8cmYKgYNK+fwLZKmWSME9hFQxjUnyCktEl/hOd90
BpTMpS+P7DGJK0MLjILp4hy1/nnKt5r4ORquP0OhbbgrHfivxSxrWPJDLpepYP/2
vYY099xjTY+Ka0RLQ0u5Kei16MLdkyXGh84Icu72/uhem5VW6tI1Mfvvlz+E+YBB
EDQZxR3xZWb+EdsHA4tbfl2bt68NX/4lxJVDURlIK/FJWT7cgnoSDDy7GIS9+vDc
86nlvm1PJWhtGZWRHzGAsAPDkw3uqYduK55Z9x4VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnZtmXwbN9KtWcfB+aIw1EHbk6sMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZiZjhhNTUyLWMzNDAtNDFjNC1hNDcxLTJlMmMxOWFjYTg5My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDpYgwDQYJKoZIhvcNAQELBQADggEBACbF899rlvEM18tIqiaYk1J1kLa4
+3FlkO/wgAl5hCUTmFm0hRCpjbyihJK5jOa8hRkooHrp37LBqVEmxFFwoICEKgQ6
oXvrDO7BBWaR86u8c1uWfA8TbK21r9lN/9sKmG1XCmLHv+huGpb4b13sd5jNEKug
7sGFpIO//53EQLmBrsx/QwGumczTZleU7OVKDlV4tmFKGADpF0KRocV/9WEIor8K
jHS/SaMU3QcR5YH06vR25L5wdcP2/zi4/D2W7semLAHjjnxVbsxDk4bm00ZSw4oz
9cK+eWthu37EjdrpBBZxq265pD9UqGLurOGIQYgOri/sPDseqJDm+FPngoI=
-----END CERTIFICATE-----