Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7e91c92a-45f9-4dc2-bc8b-3d120229eafe.roa
File:                     7e91c92a-45f9-4dc2-bc8b-3d120229eafe.roa (raw, json)
Hash identifier:          VRY7mcF1fXEX9XMNJKBwB4gFboJVGbicy9AoGiVm700=
Subject key identifier:   E5:DD:84:3E:6C:5A:D4:C9:0F:BC:95:E6:CB:E7:06:1A:67:96:5F:61
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1BA6DBE53488969BE57C9BAEFB6141824DD44B00
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7e91c92a-45f9-4dc2-bc8b-3d120229eafe.roa
Signing time:             Thu 25 Sep 2025 19:59:15 +0000
ROA not before:           Thu 25 Sep 2025 19:59:15 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.170.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:a6:db:e5:34:88:96:9b:e5:7c:9b:ae:fb:61:41:82:4d:d4:4b:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 19:59:15 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=47de290c639b234c9e0c9c251c9c4ee30cf27dd57dfefb8108c9109161f52094, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:82:f1:c7:6e:67:6b:d0:bf:a4:10:05:96:d3:
                    8c:18:2b:40:2d:bf:51:bb:a5:3b:69:8a:12:f6:3e:
                    d7:54:83:c4:8d:05:fc:4c:45:d3:1a:31:3d:bc:e5:
                    8e:b7:33:6d:3d:b7:86:5f:06:0a:6a:6a:96:9a:fd:
                    ce:5a:bb:e0:b1:47:a0:a1:bf:20:c9:bd:3e:90:ea:
                    01:3c:da:4c:f8:a8:a2:d8:cc:36:38:30:87:1b:e5:
                    8d:23:98:6d:a0:28:4b:de:f4:d7:87:0c:c5:06:bb:
                    4b:71:b5:f6:bc:1e:6f:ab:f0:e6:52:db:68:3f:29:
                    76:57:f2:fa:21:88:20:1b:f2:37:59:b7:39:47:7d:
                    40:88:0b:32:00:03:dd:50:79:30:0f:97:16:40:6e:
                    57:c7:53:7b:4f:14:95:ad:f8:42:b2:2e:71:ba:81:
                    92:ea:e1:fd:02:9f:80:be:e3:41:7f:30:45:74:6e:
                    da:37:56:32:e2:23:f7:ca:0f:1c:6b:88:90:a0:6d:
                    2a:82:93:e0:8f:b4:03:10:53:ff:9b:15:3f:fa:5a:
                    45:9a:32:57:04:f0:f4:35:9c:31:e2:13:17:e1:85:
                    f8:08:79:d0:24:e7:09:25:eb:51:f0:c6:cc:eb:0e:
                    bd:8e:34:9c:e4:6b:41:79:6e:84:2c:d6:d8:6b:c6:
                    5b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:DD:84:3E:6C:5A:D4:C9:0F:BC:95:E6:CB:E7:06:1A:67:96:5F:61
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7e91c92a-45f9-4dc2-bc8b-3d120229eafe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.170.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:09:9d:06:5a:d1:66:a1:2c:2c:8b:f6:8a:1b:08:33:c7:3c:
         b3:c6:00:8b:7c:61:b5:47:50:28:02:be:b1:b2:32:5d:b9:61:
         71:17:78:02:fc:8c:67:af:da:5f:3c:c3:13:a3:46:5f:b4:cf:
         73:fc:f8:8c:f7:25:74:ed:44:18:07:7c:35:fb:94:c8:1c:71:
         1a:fb:36:18:c1:bd:8a:72:c3:4d:9a:f9:80:67:b1:f6:30:51:
         a2:fc:20:2b:57:76:9c:5c:52:a3:0d:89:88:ff:dc:ce:39:6e:
         78:49:ef:51:e9:f3:99:16:32:cf:95:bf:97:e2:9d:6e:90:92:
         b6:d4:69:b2:e1:59:65:08:e6:96:7d:1d:e0:18:3c:e4:db:84:
         72:d8:fd:71:f4:da:ed:78:ef:ce:88:3c:b9:9b:1f:17:9a:2c:
         9e:51:af:a4:5d:7f:b5:d8:ca:52:ed:d9:9c:d7:e1:91:15:70:
         14:14:07:51:76:fb:cf:36:b6:62:1c:64:54:17:0f:dc:8f:77:
         34:20:26:b5:c2:48:25:be:bd:dd:db:fa:12:85:f3:23:34:aa:
         c8:26:95:51:fc:d8:45:b9:d1:d8:56:39:2b:c4:ce:e3:d9:0d:
         3b:58:e5:88:dc:97:23:7c:f8:44:8f:c2:a9:1d:d5:53:98:00:
         74:74:f4:ef
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUG6bb5TSIlpvlfJuu+2FBgk3USwAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTk1OTE1WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0N2RlMjkwYzYzOWIyMzRjOWUwYzljMjUxYzljNGVlMzBj
ZjI3ZGQ1N2RmZWZiODEwOGM5MTA5MTYxZjUyMDk0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCegvHHbmdr0L+kEAWW04wYK0Atv1G7pTtpihL2PtdUg8SN
BfxMRdMaMT285Y63M209t4ZfBgpqapaa/c5au+CxR6ChvyDJvT6Q6gE82kz4qKLY
zDY4MIcb5Y0jmG2gKEve9NeHDMUGu0txtfa8Hm+r8OZS22g/KXZX8vohiCAb8jdZ
tzlHfUCICzIAA91QeTAPlxZAblfHU3tPFJWt+EKyLnG6gZLq4f0Cn4C+40F/MEV0
bto3VjLiI/fKDxxriJCgbSqCk+CPtAMQU/+bFT/6WkWaMlcE8PQ1nDHiExfhhfgI
edAk5wkl61HwxszrDr2ONJzka0F5boQs1thrxluHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5d2EPmxa1MkPvJXmy+cGGmeWX2EwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdlOTFjOTJhLTQ1ZjktNGRjMi1iYzhiLTNkMTIwMjI5ZWFmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADqjQwDQYJKoZIhvcNAQELBQADggEBABMJnQZa0WahLCyL9oobCDPHPLPG
AIt8YbVHUCgCvrGyMl25YXEXeAL8jGev2l88wxOjRl+0z3P8+Iz3JXTtRBgHfDX7
lMgccRr7NhjBvYpyw02a+YBnsfYwUaL8ICtXdpxcUqMNiYj/3M45bnhJ71Hp85kW
Ms+Vv5finW6QkrbUabLhWWUI5pZ9HeAYPOTbhHLY/XH02u14786IPLmbHxeaLJ5R
r6Rdf7XYylLt2ZzX4ZEVcBQUB1F2+882tmIcZFQXD9yPdzQgJrXCSCW+vd3b+hKF
8yM0qsgmlVH82EW50dhWOSvEzuPZDTtY5YjclyN8+ESPwqkd1VOYAHR09O8=
-----END CERTIFICATE-----