Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/715f5035-9d85-46e4-871b-817e07ab45ed.roa
File:                     715f5035-9d85-46e4-871b-817e07ab45ed.roa (raw, json)
Hash identifier:          FvKWzQ5ZywTjCCTV9pBJ5JQzFFSEPlsERm4F3vrhdTo=
Subject key identifier:   75:CD:0F:68:14:8E:75:42:D2:F7:9C:51:B6:3B:B0:31:83:4A:B4:00
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       04D10F670086711AEEB81C4F82C8C6CB5CA106BC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/715f5035-9d85-46e4-871b-817e07ab45ed.roa
Signing time:             Thu 25 Sep 2025 22:17:15 +0000
ROA not before:           Thu 25 Sep 2025 22:17:15 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.165.246.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:d1:0f:67:00:86:71:1a:ee:b8:1c:4f:82:c8:c6:cb:5c:a1:06:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 22:17:15 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=e53dd04e143c47c197ecb29ae89bc4873187167e747a1e16388e4048c87014ed, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:db:f2:1d:5b:ca:39:09:dc:27:38:02:6e:bd:
                    85:e5:1f:42:d7:96:53:82:ad:dd:c1:37:a7:51:bf:
                    ad:70:55:66:f9:f0:2c:7d:59:52:c1:5b:ba:13:6f:
                    40:73:70:03:04:0a:a3:bb:ed:7b:00:02:1d:f5:04:
                    86:4b:ad:6b:2e:d9:ec:16:9e:85:87:b9:fb:dd:c8:
                    35:39:f0:89:5c:40:b5:f2:f6:07:3e:83:2c:7c:78:
                    36:50:fa:2e:9d:f5:98:2d:de:30:2f:d8:31:5f:87:
                    66:02:b6:52:fe:f0:d1:37:f8:d3:89:a0:4d:ad:91:
                    7d:4f:4e:d3:51:06:13:9e:0b:ed:60:d6:74:f2:35:
                    36:77:f7:9a:e4:9b:53:69:04:b5:98:a5:48:74:c5:
                    00:06:54:23:d5:08:ee:80:32:eb:2d:32:d0:52:ca:
                    aa:09:a0:8a:90:42:ed:20:c9:7b:91:b1:e6:51:c1:
                    07:0b:81:95:d7:d0:63:4f:18:7d:7e:10:34:1b:22:
                    62:c2:64:c0:9d:f2:6d:af:3f:d5:46:39:fd:d2:49:
                    48:7e:b5:71:db:6f:e7:c2:1f:70:4c:f9:c1:87:32:
                    d6:bf:43:7f:fc:5d:74:0d:91:d7:2a:00:bf:6f:d2:
                    cf:19:11:a1:11:0b:4c:1e:80:56:c5:0e:28:37:94:
                    ce:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:CD:0F:68:14:8E:75:42:D2:F7:9C:51:B6:3B:B0:31:83:4A:B4:00
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/715f5035-9d85-46e4-871b-817e07ab45ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.165.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:d8:da:0a:0c:3e:70:dd:cf:ff:45:48:87:cc:70:70:d9:6e:
         a1:59:2d:b0:13:56:33:7e:13:51:9a:60:5c:30:e3:34:4e:bc:
         17:16:e3:b0:78:a1:72:9c:e3:db:ae:b0:16:72:e9:e5:85:d2:
         cc:22:b8:df:08:31:76:b2:b9:0e:cf:62:b5:26:8d:a3:45:3f:
         bf:e1:30:c9:d1:59:f9:99:6b:5e:ea:b9:e5:1d:65:be:e5:12:
         68:e3:0e:a9:b9:08:04:74:b6:dc:9b:20:3f:43:ab:c8:4f:6d:
         dc:65:96:e7:d5:71:72:79:ca:b0:71:21:d3:eb:43:8e:cb:de:
         40:e5:c2:b8:12:a4:df:cb:79:69:07:da:27:89:70:6e:00:ee:
         9a:c3:0a:fb:47:14:61:70:59:3e:4e:66:44:4d:19:37:2c:9a:
         06:0b:a7:9b:f3:cf:b7:77:bc:41:73:db:ff:12:1b:99:f4:d8:
         e9:90:54:a0:6a:cc:af:10:bd:6b:6d:b3:71:ee:90:ce:51:dd:
         70:29:1e:53:37:16:5e:dc:80:7d:c4:0b:74:56:7f:98:8b:5c:
         72:d8:db:33:de:9f:5a:7e:46:ec:3f:05:4b:c6:f9:7d:25:ab:
         6c:b9:67:a6:4e:4a:11:c9:3a:99:62:88:3c:ec:e0:85:78:af:
         9b:0a:e3:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBNEPZwCGcRruuBxPgsjGy1yhBrwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjIxNzE1WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTNkZDA0ZTE0M2M0N2MxOTdlY2IyOWFlODliYzQ4NzMx
ODcxNjdlNzQ3YTFlMTYzODhlNDA0OGM4NzAxNGVkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCa2/IdW8o5CdwnOAJuvYXlH0LXllOCrd3BN6dRv61wVWb5
8Cx9WVLBW7oTb0BzcAMECqO77XsAAh31BIZLrWsu2ewWnoWHufvdyDU58IlcQLXy
9gc+gyx8eDZQ+i6d9Zgt3jAv2DFfh2YCtlL+8NE3+NOJoE2tkX1PTtNRBhOeC+1g
1nTyNTZ395rkm1NpBLWYpUh0xQAGVCPVCO6AMustMtBSyqoJoIqQQu0gyXuRseZR
wQcLgZXX0GNPGH1+EDQbImLCZMCd8m2vP9VGOf3SSUh+tXHbb+fCH3BM+cGHMta/
Q3/8XXQNkdcqAL9v0s8ZEaERC0wegFbFDig3lM7tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdc0PaBSOdULS95xRtjuwMYNKtAAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcxNWY1MDM1LTlkODUtNDZlNC04NzFiLTgxN2UwN2FiNDVlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDpfYwDQYJKoZIhvcNAQELBQADggEBAKPY2goMPnDdz/9FSIfMcHDZbqFZ
LbATVjN+E1GaYFww4zROvBcW47B4oXKc49uusBZy6eWF0swiuN8IMXayuQ7PYrUm
jaNFP7/hMMnRWfmZa17queUdZb7lEmjjDqm5CAR0ttybID9Dq8hPbdxllufVcXJ5
yrBxIdPrQ47L3kDlwrgSpN/LeWkH2ieJcG4A7prDCvtHFGFwWT5OZkRNGTcsmgYL
p5vzz7d3vEFz2/8SG5n02OmQVKBqzK8QvWtts3HukM5R3XApHlM3Fl7cgH3EC3RW
f5iLXHLY2zPen1p+Ruw/BUvG+X0lq2y5Z6ZOShHJOpliiDzs4IV4r5sK424=
-----END CERTIFICATE-----