Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6e35800b-535c-4f2f-a832-b93c315bfb1a.roa
File:                     6e35800b-535c-4f2f-a832-b93c315bfb1a.roa (raw, json)
Hash identifier:          XyDHTGaiJbj+gWXCGWtR8G+dasqMfkZo5fO0uSvS7Y0=
Subject key identifier:   20:D5:A9:96:1F:06:46:E5:77:0C:E8:0E:2A:76:1F:77:4C:0A:F1:A9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1F28A7A388C6BD937F5AEBC682F129436DC86007
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6e35800b-535c-4f2f-a832-b93c315bfb1a.roa
Signing time:             Thu 25 Sep 2025 22:12:24 +0000
ROA not before:           Thu 25 Sep 2025 22:12:24 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.165.130.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:28:a7:a3:88:c6:bd:93:7f:5a:eb:c6:82:f1:29:43:6d:c8:60:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 22:12:24 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=83edcd0ca666b489aa501dd61ee2e732a65ee21980ff501c0c2b6be5b3d7b989, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fd:b1:e9:61:61:ab:fb:6e:1a:08:5b:ae:db:
                    61:8d:34:c3:f3:23:db:82:5a:62:48:fd:ab:6a:ce:
                    76:21:74:84:e8:19:42:76:ef:36:16:61:02:bb:fb:
                    f6:d3:f2:e7:f9:34:24:ad:ee:d7:13:3e:9e:41:21:
                    ee:05:f9:4e:dc:55:39:21:d1:b2:eb:83:f0:41:3c:
                    6b:84:80:53:aa:eb:d4:5d:30:57:ea:eb:62:f2:e4:
                    f4:87:74:75:62:df:94:6d:53:91:29:93:94:ba:76:
                    70:05:0d:da:f0:5b:ef:a5:01:7e:03:b2:79:34:6f:
                    7b:49:91:cb:58:a7:ea:c8:00:03:d3:83:14:4b:0f:
                    21:5f:a0:ff:0a:9d:43:62:5a:bd:d3:e1:71:55:c2:
                    31:66:b4:03:d9:1e:71:4f:fe:6a:ae:3d:3e:1a:bf:
                    f4:89:c4:d7:b8:ad:49:ec:88:4a:57:a5:0b:61:45:
                    05:48:06:d7:79:c3:f5:0a:e9:b7:0d:7f:ad:4b:77:
                    d4:2b:62:8e:98:fb:e9:6d:e3:66:17:1b:57:97:a3:
                    88:7e:1a:be:74:7d:d7:45:a0:03:b3:d7:8a:14:08:
                    f2:00:f1:c0:65:93:cf:1a:7c:0b:04:45:21:53:11:
                    94:5b:80:96:96:e3:6b:4a:6a:61:d6:4b:8e:f9:8c:
                    5d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:D5:A9:96:1F:06:46:E5:77:0C:E8:0E:2A:76:1F:77:4C:0A:F1:A9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6e35800b-535c-4f2f-a832-b93c315bfb1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.165.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:d1:8e:7e:28:8e:a0:89:dc:b4:c4:5c:23:71:7c:80:90:b0:
         37:da:ae:5b:b4:f3:65:a6:58:fc:f5:d4:30:88:e7:c4:10:64:
         50:b5:e2:17:fa:96:ff:fc:bd:3c:4f:7a:b1:91:e9:31:31:93:
         c8:5c:6a:12:9e:81:05:23:42:75:95:3a:b8:04:45:19:53:08:
         47:5f:cd:a6:0c:4a:cc:61:67:da:7f:4e:e1:b1:05:86:ec:50:
         cd:15:3d:f9:40:f0:7e:63:30:00:9c:2c:49:66:ce:fb:b4:1e:
         12:3f:d0:0c:b4:fc:1d:5c:8b:8b:1f:cb:0d:9a:0a:00:74:d4:
         41:83:0c:f6:56:83:8a:88:a8:28:55:c7:8a:f4:7f:20:76:13:
         57:7d:f8:47:0a:b3:93:85:0e:bc:9a:8e:5a:83:b3:5b:68:40:
         77:85:42:64:4b:59:c1:e4:e7:90:8c:aa:b5:c9:e8:1c:35:ca:
         01:a3:5e:52:23:61:16:d3:ff:5a:14:f0:10:04:f7:0d:11:5e:
         7f:6a:32:90:ae:25:87:74:c8:85:dd:a7:12:1f:02:b1:cb:dd:
         81:b2:9c:d7:ba:55:6d:70:30:e6:a6:24:96:f0:a1:e0:97:d2:
         d3:1d:12:10:85:43:96:b9:20:7b:14:1c:5d:fe:95:39:28:8d:
         66:01:0f:fc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHyino4jGvZN/WuvGgvEpQ23IYAcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjIxMjI0WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4M2VkY2QwY2E2NjZiNDg5YWE1MDFkZDYxZWUyZTczMmE2
NWVlMjE5ODBmZjUwMWMwYzJiNmJlNWIzZDdiOTg5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCv/bHpYWGr+24aCFuu22GNNMPzI9uCWmJI/atqznYhdITo
GUJ27zYWYQK7+/bT8uf5NCSt7tcTPp5BIe4F+U7cVTkh0bLrg/BBPGuEgFOq69Rd
MFfq62Ly5PSHdHVi35RtU5Epk5S6dnAFDdrwW++lAX4Dsnk0b3tJkctYp+rIAAPT
gxRLDyFfoP8KnUNiWr3T4XFVwjFmtAPZHnFP/mquPT4av/SJxNe4rUnsiEpXpQth
RQVIBtd5w/UK6bcNf61Ld9QrYo6Y++lt42YXG1eXo4h+Gr50fddFoAOz14oUCPIA
8cBlk88afAsERSFTEZRbgJaW42tKamHWS475jF1FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUINWplh8GRuV3DOgOKnYfd0wK8akwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZlMzU4MDBiLTUzNWMtNGYyZi1hODMyLWI5M2MzMTViZmIxYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDpYIwDQYJKoZIhvcNAQELBQADggEBAALRjn4ojqCJ3LTEXCNxfICQsDfa
rlu082WmWPz11DCI58QQZFC14hf6lv/8vTxPerGR6TExk8hcahKegQUjQnWVOrgE
RRlTCEdfzaYMSsxhZ9p/TuGxBYbsUM0VPflA8H5jMACcLElmzvu0HhI/0Ay0/B1c
i4sfyw2aCgB01EGDDPZWg4qIqChVx4r0fyB2E1d9+EcKs5OFDryajlqDs1toQHeF
QmRLWcHk55CMqrXJ6Bw1ygGjXlIjYRbT/1oU8BAE9w0RXn9qMpCuJYd0yIXdpxIf
ArHL3YGynNe6VW1wMOamJJbwoeCX0tMdEhCFQ5a5IHsUHF3+lTkojWYBD/w=
-----END CERTIFICATE-----