Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/70a702fb-9655-4efd-bc74-a80d7151333d.roa
File:                     70a702fb-9655-4efd-bc74-a80d7151333d.roa (raw, json)
Hash identifier:          Y7XJMQPsN7jPuCnxhufZ5VgdKXY91+c7HoLSawjwjlI=
Subject key identifier:   F7:0C:92:32:42:DA:68:0D:22:2D:9D:55:54:3C:68:04:39:C3:10:C7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0F42DF30B87E24DF658D9B407E892CD5C1BF768C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/70a702fb-9655-4efd-bc74-a80d7151333d.roa
Signing time:             Thu 25 Sep 2025 22:39:31 +0000
ROA not before:           Thu 25 Sep 2025 22:39:31 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.168.100.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:42:df:30:b8:7e:24:df:65:8d:9b:40:7e:89:2c:d5:c1:bf:76:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 22:39:31 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=44f66741956b536db3f2da80c19a78b8d3df55fe176a751c7936b09bede74208, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c7:9c:32:ea:66:f0:af:e5:57:60:41:82:30:
                    df:9a:5d:2d:1c:15:b3:d9:a6:35:51:2c:68:ec:a2:
                    27:3c:fe:e9:90:7a:02:ce:a3:13:d4:0e:a2:c1:0a:
                    72:df:5b:11:52:ab:0e:73:59:e9:6f:7f:38:49:a1:
                    eb:8d:f9:a1:01:83:93:58:94:7f:c5:bd:06:74:29:
                    47:1e:8d:d5:05:eb:68:9d:19:ae:00:11:da:b2:84:
                    41:5c:08:4b:5a:5a:59:56:48:e4:fa:f4:89:de:d4:
                    b2:de:7a:d0:d8:3e:45:3b:22:53:b9:d9:e0:11:d7:
                    a5:8f:a2:ca:a5:ec:df:21:c7:fc:b8:49:14:9f:4c:
                    03:63:34:3b:da:1a:aa:fa:d4:ea:ee:be:c5:c8:2a:
                    5f:b6:38:a0:04:55:c0:42:fd:a1:81:ee:a0:17:ee:
                    26:07:8a:e7:a6:d3:21:f1:f7:dc:d9:f2:11:5e:aa:
                    31:f9:cb:99:4a:31:4e:dc:3b:1e:3d:27:5b:5a:cc:
                    a3:3b:bc:df:42:cf:ab:0d:f2:62:7b:eb:e2:64:81:
                    82:11:b4:92:1e:85:e8:23:62:99:59:7a:e7:f2:38:
                    56:ce:45:53:7c:9d:03:01:b8:2e:ed:d2:8f:b1:01:
                    14:b2:10:c5:ca:90:04:e5:1f:33:35:77:20:bc:d4:
                    fb:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:0C:92:32:42:DA:68:0D:22:2D:9D:55:54:3C:68:04:39:C3:10:C7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/70a702fb-9655-4efd-bc74-a80d7151333d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.168.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:37:96:91:64:66:f1:c8:cb:ae:7b:71:50:ca:61:25:9d:8d:
         8e:81:14:f3:c5:1a:69:bf:04:03:f0:b1:e7:6d:80:1a:a9:08:
         a4:06:e9:f4:ff:b7:92:65:7e:85:1b:98:a4:05:69:87:79:b0:
         9f:ff:99:12:2d:be:a5:c6:09:7b:f5:43:b1:71:3f:82:2a:38:
         2d:b0:b0:d2:7f:5c:12:aa:c7:0d:17:bd:66:80:d4:3a:2b:94:
         1b:ba:a4:5e:f9:ea:c7:02:10:b7:01:56:6c:d1:72:e1:ce:88:
         26:68:24:08:06:c4:ea:42:d1:50:f6:d1:21:51:f9:e7:c0:61:
         ef:0f:25:2c:9d:5c:9d:a4:73:6d:ec:64:54:92:b4:7b:c1:eb:
         76:3e:a5:18:37:3e:9b:76:56:90:bb:ee:6a:0a:ce:b3:8f:7b:
         27:0b:61:4d:0d:d4:69:af:8f:74:cb:df:1c:fa:7d:60:87:f6:
         af:32:b8:5d:31:a3:5b:b2:6c:93:e0:16:06:67:8c:6d:4f:1a:
         cd:ce:9f:7b:5b:86:fe:11:7a:b8:46:1a:f5:6e:1c:7a:cc:75:
         57:84:14:63:e8:dd:4f:a0:5a:14:1a:64:80:cd:b0:64:e5:55:
         22:97:3d:f9:37:c7:fe:1d:1d:4e:b6:4b:5d:84:c0:af:66:2c:
         84:c5:d8:1d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD0LfMLh+JN9ljZtAfoks1cG/dowwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjIzOTMxWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NGY2Njc0MTk1NmI1MzZkYjNmMmRhODBjMTlhNzhiOGQz
ZGY1NWZlMTc2YTc1MWM3OTM2YjA5YmVkZTc0MjA4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdx5wy6mbwr+VXYEGCMN+aXS0cFbPZpjVRLGjsoic8/umQ
egLOoxPUDqLBCnLfWxFSqw5zWelvfzhJoeuN+aEBg5NYlH/FvQZ0KUcejdUF62id
Ga4AEdqyhEFcCEtaWllWSOT69Ine1LLeetDYPkU7IlO52eAR16WPosql7N8hx/y4
SRSfTANjNDvaGqr61OruvsXIKl+2OKAEVcBC/aGB7qAX7iYHiuem0yHx99zZ8hFe
qjH5y5lKMU7cOx49J1tazKM7vN9Cz6sN8mJ76+JkgYIRtJIehegjYplZeufyOFbO
RVN8nQMBuC7t0o+xARSyEMXKkATlHzM1dyC81PtRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9wySMkLaaA0iLZ1VVDxoBDnDEMcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcwYTcwMmZiLTk2NTUtNGVmZC1iYzc0LWE4MGQ3MTUxMzMzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDqGQwDQYJKoZIhvcNAQELBQADggEBAK03lpFkZvHIy657cVDKYSWdjY6B
FPPFGmm/BAPwsedtgBqpCKQG6fT/t5JlfoUbmKQFaYd5sJ//mRItvqXGCXv1Q7Fx
P4IqOC2wsNJ/XBKqxw0XvWaA1DorlBu6pF756scCELcBVmzRcuHOiCZoJAgGxOpC
0VD20SFR+efAYe8PJSydXJ2kc23sZFSStHvB63Y+pRg3Ppt2VpC77moKzrOPeycL
YU0N1Gmvj3TL3xz6fWCH9q8yuF0xo1uybJPgFgZnjG1PGs3On3tbhv4RerhGGvVu
HHrMdVeEFGPo3U+gWhQaZIDNsGTlVSKXPfk3x/4dHU62S12EwK9mLITF2B0=
-----END CERTIFICATE-----