Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7ced8678-8c87-4ff5-a776-9abcb6e415fe.roa
File:                     7ced8678-8c87-4ff5-a776-9abcb6e415fe.roa (raw, json)
Hash identifier:          s83o5dVri0KOyiOXgP67xHhltUh9iql/zMUMZmkSmz8=
Subject key identifier:   A0:D7:B5:48:79:95:3E:58:F0:E8:80:CA:4F:1A:45:B8:DB:F4:61:0D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7CBB77A0B06E67307BB0C45051DDBB8EFF35BF12
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7ced8678-8c87-4ff5-a776-9abcb6e415fe.roa
Signing time:             Fri 26 Sep 2025 01:02:20 +0000
ROA not before:           Fri 26 Sep 2025 01:02:20 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.175.228.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:bb:77:a0:b0:6e:67:30:7b:b0:c4:50:51:dd:bb:8e:ff:35:bf:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 01:02:20 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=e959d6b2815c940db507b5d9899bd6eadc9d6a7b0af08e8d512aba30b594dc8e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0f:35:75:49:f1:9a:c0:d9:57:74:9b:74:2d:
                    4a:0f:ce:4b:04:6b:4f:c3:24:35:ad:60:b2:28:d7:
                    c2:20:c6:78:9e:37:35:c8:98:75:11:52:27:64:9c:
                    80:07:2e:a2:08:fb:eb:b9:6a:ee:08:08:7d:42:40:
                    85:e6:4f:45:d7:1e:a5:1f:90:da:2e:9a:8e:fe:ae:
                    b2:99:e7:9e:c3:3b:76:1f:59:5e:62:50:e9:03:20:
                    97:fa:58:92:6d:17:3a:c7:36:b0:01:2d:7f:76:a5:
                    b3:37:ed:f4:01:41:38:a7:41:22:6b:3e:c5:1d:15:
                    22:ee:46:7c:33:c8:e6:e0:f0:ed:4f:77:40:56:c4:
                    d7:89:ec:f0:ca:27:68:f8:30:3a:83:be:2f:56:96:
                    58:0d:03:fb:88:5d:f4:1b:52:4e:49:f3:a1:4b:73:
                    23:77:55:0c:e3:a6:e3:b5:a2:2d:5e:e4:28:15:92:
                    56:f9:ec:03:34:66:e9:6a:b6:64:74:80:40:db:4e:
                    12:48:1a:b6:23:59:23:62:d8:e1:14:a7:b1:b6:48:
                    8a:a0:09:e5:56:d3:3e:28:9e:33:3d:09:92:bb:4e:
                    0c:42:3d:fb:aa:9e:d8:05:c8:36:14:5d:aa:30:08:
                    52:59:c5:f4:8b:d2:c6:9f:e3:3a:0f:1b:88:fa:9e:
                    d2:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:D7:B5:48:79:95:3E:58:F0:E8:80:CA:4F:1A:45:B8:DB:F4:61:0D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7ced8678-8c87-4ff5-a776-9abcb6e415fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.175.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:b9:de:9e:32:2e:d4:b0:66:82:e9:ee:b0:16:f0:c1:9e:c2:
         d9:2e:d8:95:e8:76:92:9d:f7:7f:a9:8f:5e:2d:2b:51:57:58:
         0d:76:16:c6:11:3b:10:cb:7f:c5:d5:a4:09:0c:ec:83:00:a1:
         fc:a1:e0:92:57:cc:6b:f5:81:0e:2c:cb:48:c4:ca:5c:ce:53:
         cd:82:6a:08:ab:a0:c6:fd:c2:27:1e:43:2e:26:3e:1e:fa:c5:
         14:ee:72:92:6e:e3:11:28:d4:0f:91:3b:65:4a:19:70:61:cd:
         40:65:de:e0:30:23:bd:07:26:73:cc:d2:78:2f:56:38:14:26:
         6f:93:f5:de:9e:1a:eb:42:6f:bb:da:b0:12:63:e4:9d:a8:42:
         f5:6a:4b:75:58:73:55:3f:5e:46:79:71:ed:9a:ac:3b:6c:4e:
         64:4b:85:11:19:27:a2:ca:b1:5d:99:9f:25:d7:b9:0e:56:da:
         1a:49:a8:20:9a:b2:56:43:6f:88:e9:86:25:48:40:fb:b9:a3:
         88:82:ad:cd:08:6b:ba:48:b3:cb:21:f1:52:ad:07:61:a5:f0:
         a2:8e:1f:70:34:2f:35:59:37:a7:df:4a:f6:69:32:96:88:58:
         24:0e:f9:8a:bc:40:4c:95:d3:f0:3c:5a:22:fb:c9:a7:9b:09:
         30:aa:ce:e6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfLt3oLBuZzB7sMRQUd27jv81vxIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDEwMjIwWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlOTU5ZDZiMjgxNWM5NDBkYjUwN2I1ZDk4OTliZDZlYWRj
OWQ2YTdiMGFmMDhlOGQ1MTJhYmEzMGI1OTRkYzhlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEDzV1SfGawNlXdJt0LUoPzksEa0/DJDWtYLIo18Igxnie
NzXImHURUidknIAHLqII++u5au4ICH1CQIXmT0XXHqUfkNoumo7+rrKZ557DO3Yf
WV5iUOkDIJf6WJJtFzrHNrABLX92pbM37fQBQTinQSJrPsUdFSLuRnwzyObg8O1P
d0BWxNeJ7PDKJ2j4MDqDvi9WllgNA/uIXfQbUk5J86FLcyN3VQzjpuO1oi1e5CgV
klb57AM0ZulqtmR0gEDbThJIGrYjWSNi2OEUp7G2SIqgCeVW0z4onjM9CZK7TgxC
PfuqntgFyDYUXaowCFJZxfSL0saf4zoPG4j6ntKtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoNe1SHmVPljw6IDKTxpFuNv0YQ0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdjZWQ4Njc4LThjODctNGZmNS1hNzc2LTlhYmNiNmU0MTVmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDr+QwDQYJKoZIhvcNAQELBQADggEBAKu53p4yLtSwZoLp7rAW8MGewtku
2JXodpKd93+pj14tK1FXWA12FsYROxDLf8XVpAkM7IMAofyh4JJXzGv1gQ4sy0jE
ylzOU82CagiroMb9wiceQy4mPh76xRTucpJu4xEo1A+RO2VKGXBhzUBl3uAwI70H
JnPM0ngvVjgUJm+T9d6eGutCb7vasBJj5J2oQvVqS3VYc1U/XkZ5ce2arDtsTmRL
hREZJ6LKsV2ZnyXXuQ5W2hpJqCCaslZDb4jphiVIQPu5o4iCrc0Ia7pIs8sh8VKt
B2Gl8KKOH3A0LzVZN6ffSvZpMpaIWCQO+Yq8QEyV0/A8WiL7yaebCTCqzuY=
-----END CERTIFICATE-----