Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/710ea397-1084-4f77-89dd-60b94eab36ab.roa
File:                     710ea397-1084-4f77-89dd-60b94eab36ab.roa (raw, json)
Hash identifier:          nMDPdiE9BS1Zg4Rsj1Id72bjNDl1Hngz+n6rLwacj+4=
Subject key identifier:   60:2E:74:E5:D8:78:10:BF:90:97:D8:7B:D5:84:3E:23:03:A9:51:D4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       137CD2D2278A428C92EB90E1D9BCE0866824C937
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/710ea397-1084-4f77-89dd-60b94eab36ab.roa
Signing time:             Thu 25 Sep 2025 17:22:01 +0000
ROA not before:           Thu 25 Sep 2025 17:22:01 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.162.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:7c:d2:d2:27:8a:42:8c:92:eb:90:e1:d9:bc:e0:86:68:24:c9:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 17:22:01 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=03ac9c64dded5a98898fd6f5c161467af66941b9602694434760ad2213e448a0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ad:e6:ca:0c:98:ce:b2:c3:eb:47:86:66:d3:
                    ee:1b:3a:8d:96:e1:15:e2:3d:46:e0:dc:9c:13:ee:
                    53:b8:57:fd:9e:d8:4b:86:da:98:f7:45:58:9a:76:
                    76:4b:68:42:6f:3f:87:d8:03:d6:9b:01:0a:4c:53:
                    a6:ee:24:db:a9:01:76:de:de:bf:85:8d:0d:b8:cb:
                    80:de:ce:f0:3e:4c:1a:21:94:08:ec:cb:14:d9:68:
                    3c:85:a0:b7:40:11:b0:6f:60:6f:7e:66:88:64:4e:
                    0e:dd:1b:5a:16:e7:98:60:b0:8d:e0:e5:51:76:90:
                    b3:1f:c3:a6:a0:ce:44:72:4c:96:eb:ef:19:29:03:
                    06:19:10:95:3a:dc:83:1d:4e:4b:f1:85:56:92:05:
                    6a:a0:0d:25:ea:9a:44:1b:80:90:89:38:8c:4f:89:
                    b0:f2:9e:ba:63:96:95:fa:c2:a3:f4:a4:93:de:9e:
                    06:18:51:7d:1f:02:7b:47:eb:df:83:e8:d3:f8:3e:
                    d9:6f:62:00:79:74:d0:1d:3d:f0:c7:1a:4e:71:ea:
                    6b:6a:b2:58:7f:5f:8b:d3:ed:05:e8:fc:52:14:9d:
                    58:eb:c3:57:cb:84:4e:f6:c5:f7:f5:30:03:89:5b:
                    e8:69:ce:93:83:7b:73:a7:06:06:97:53:b2:4c:db:
                    b9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:2E:74:E5:D8:78:10:BF:90:97:D8:7B:D5:84:3E:23:03:A9:51:D4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/710ea397-1084-4f77-89dd-60b94eab36ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.162.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:4d:8e:c5:fd:bd:69:d5:11:3e:59:ea:14:74:b3:6c:8f:9d:
         2e:3a:a2:0f:8e:ed:19:20:87:76:d0:ed:74:b5:e8:10:b6:9f:
         e6:a5:1d:1c:da:dc:4a:eb:2b:45:3c:56:7d:1c:27:b4:2f:a1:
         93:76:2e:d4:cb:f8:bd:46:7d:c5:f5:a4:3e:39:31:15:b4:f3:
         28:f3:f3:18:78:3e:1d:f1:42:3e:0b:00:0b:21:52:e0:37:02:
         d6:68:4a:85:19:42:ce:f3:c6:fe:03:fa:05:9f:5d:37:2c:ed:
         44:e0:be:65:ab:6c:b1:a4:56:70:ac:4b:b4:e1:6c:3f:2e:70:
         9e:52:4c:0a:c1:ad:62:ac:86:f5:69:b4:1a:13:13:95:6d:e8:
         d5:91:5d:45:87:92:8d:ef:2e:0d:61:f9:19:39:60:38:c4:17:
         20:c5:2a:92:c0:b7:b6:8a:33:7f:dc:3b:50:9f:45:91:77:5c:
         03:78:88:60:68:b8:40:ac:cd:79:80:bb:48:67:87:8c:dc:e5:
         d6:b8:85:3e:4f:18:8e:c9:ad:d8:b2:63:5e:d6:15:6f:64:b4:
         de:5f:8d:ff:61:c5:2e:9b:94:6c:34:4c:2c:be:87:c9:d5:28:
         a7:9f:c8:dd:30:6c:a4:80:e7:a1:41:95:f6:12:0d:83:41:49:
         fe:e5:f7:1f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE3zS0ieKQoyS65Dh2bzghmgkyTcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTcyMjAxWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwM2FjOWM2NGRkZWQ1YTk4ODk4ZmQ2ZjVjMTYxNDY3YWY2
Njk0MWI5NjAyNjk0NDM0NzYwYWQyMjEzZTQ0OGEwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTrebKDJjOssPrR4Zm0+4bOo2W4RXiPUbg3JwT7lO4V/2e
2EuG2pj3RViadnZLaEJvP4fYA9abAQpMU6buJNupAXbe3r+FjQ24y4DezvA+TBoh
lAjsyxTZaDyFoLdAEbBvYG9+ZohkTg7dG1oW55hgsI3g5VF2kLMfw6agzkRyTJbr
7xkpAwYZEJU63IMdTkvxhVaSBWqgDSXqmkQbgJCJOIxPibDynrpjlpX6wqP0pJPe
ngYYUX0fAntH69+D6NP4PtlvYgB5dNAdPfDHGk5x6mtqslh/X4vT7QXo/FIUnVjr
w1fLhE72xff1MAOJW+hpzpODe3OnBgaXU7JM27k3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYC505dh4EL+Ql9h71YQ+IwOpUdQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcxMGVhMzk3LTEwODQtNGY3Ny04OWRkLTYwYjk0ZWFiMzZhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADosswDQYJKoZIhvcNAQELBQADggEBAKZNjsX9vWnVET5Z6hR0s2yPnS46
og+O7Rkgh3bQ7XS16BC2n+alHRza3ErrK0U8Vn0cJ7QvoZN2LtTL+L1GfcX1pD45
MRW08yjz8xh4Ph3xQj4LAAshUuA3AtZoSoUZQs7zxv4D+gWfXTcs7UTgvmWrbLGk
VnCsS7ThbD8ucJ5STArBrWKshvVptBoTE5Vt6NWRXUWHko3vLg1h+Rk5YDjEFyDF
KpLAt7aKM3/cO1CfRZF3XAN4iGBouECszXmAu0hnh4zc5da4hT5PGI7JrdiyY17W
FW9ktN5fjf9hxS6blGw0TCy+h8nVKKefyN0wbKSA56FBlfYSDYNBSf7l9x8=
-----END CERTIFICATE-----