Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7ec25e92-a951-4793-8fc1-861c4d0c96f5.roa
File:                     7ec25e92-a951-4793-8fc1-861c4d0c96f5.roa (raw, json)
Hash identifier:          e8swaTlucvz5Q7w1NT9/O3vOGJDrBkpY0tMTveYpKww=
Subject key identifier:   D7:44:E9:5A:73:E3:C6:62:43:F1:3A:C0:20:F3:00:B6:C0:AB:DB:1A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1C86E31EBA9E12D5C9B2930CEA6090B8D688B6D1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7ec25e92-a951-4793-8fc1-861c4d0c96f5.roa
Signing time:             Fri 26 Sep 2025 00:27:07 +0000
ROA not before:           Fri 26 Sep 2025 00:27:07 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.167.128.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:86:e3:1e:ba:9e:12:d5:c9:b2:93:0c:ea:60:90:b8:d6:88:b6:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:27:07 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=4f7231f290e9e8bca4601ff92e0f4d15418c228f5ab5dce267ee64113741e2ba, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:21:b5:58:da:2c:ba:37:c2:aa:f9:81:b8:2f:
                    7e:ba:13:40:6a:86:23:3a:10:30:ac:45:2e:71:35:
                    af:c6:39:f2:ad:9c:90:d3:eb:70:d4:41:c7:a7:9f:
                    5e:8c:fb:ae:02:35:9a:f7:9a:44:6f:81:21:af:a2:
                    56:58:e6:16:ef:8f:7e:fd:7b:ae:ba:5a:33:40:6b:
                    0a:a4:25:21:c9:d4:ed:26:49:86:a7:87:d3:a9:4a:
                    57:d8:6f:9d:d9:a7:97:94:14:f1:30:b9:9e:7c:cd:
                    91:e9:97:63:70:66:dd:01:6f:bf:5d:c6:36:74:ad:
                    bf:d1:74:ea:45:90:a5:7d:e3:1f:28:56:90:f2:c2:
                    aa:8c:f1:3b:f9:df:e6:07:67:be:ba:e5:b0:b4:b8:
                    8d:18:74:7c:15:09:20:02:6b:42:1e:cc:e2:c7:35:
                    71:11:69:b3:26:b0:e9:b4:5b:f7:f9:b1:7b:e7:f2:
                    c4:f0:82:7c:9f:8b:74:e3:7c:1b:92:5f:74:2d:07:
                    28:95:10:7c:d9:6a:2f:86:fd:50:7b:0b:40:6a:c8:
                    20:13:6e:2f:7b:44:08:35:04:ce:b3:2e:8e:0d:81:
                    b0:d3:88:52:13:4b:e6:17:c4:0b:52:15:bc:d6:43:
                    4c:59:d8:8a:6e:c5:8b:a4:30:f8:99:66:f3:8a:dc:
                    10:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:44:E9:5A:73:E3:C6:62:43:F1:3A:C0:20:F3:00:B6:C0:AB:DB:1A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7ec25e92-a951-4793-8fc1-861c4d0c96f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.167.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:72:a1:5a:25:12:08:12:11:cf:bb:04:f0:b2:4c:51:53:31:
         11:0f:f2:55:8d:43:53:7a:88:2e:01:cf:cf:f0:aa:b4:be:52:
         74:d1:8a:af:80:a1:2c:5f:f1:41:50:37:b4:02:6a:8c:32:fa:
         43:38:3f:50:b7:22:5e:25:ef:52:12:76:89:70:f5:6c:ea:ff:
         40:89:0e:4c:ed:70:de:62:56:7f:32:d1:d7:73:eb:42:90:51:
         08:ff:cc:88:3a:55:7c:bb:fe:08:ea:5a:f7:48:cc:d7:94:a2:
         df:8c:4b:ce:57:b7:0f:58:e2:6d:61:a3:f9:e8:2d:32:95:c4:
         3d:4f:72:20:aa:1f:de:b8:d9:8c:f7:0a:5a:da:28:d9:71:c2:
         46:7a:36:cf:14:c2:c4:2b:5c:aa:bd:e3:8e:8a:33:7c:9b:2e:
         e4:41:65:2a:b7:bc:a1:61:dc:9b:f8:5d:9b:13:2f:9b:39:62:
         cd:6a:74:20:44:09:23:b5:90:9e:f6:86:0c:ba:80:3b:ae:c2:
         17:6e:22:e0:d7:7d:48:1d:a5:b4:38:97:13:09:42:e7:77:5b:
         af:b0:7a:1c:b8:8a:26:49:d4:d8:a9:15:57:2b:6f:37:ef:3b:
         00:c0:e7:6f:f8:8d:32:b7:6e:64:73:8b:a3:19:50:8e:ff:77:
         da:23:c6:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHIbjHrqeEtXJspMM6mCQuNaIttEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAyNzA3WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZjcyMzFmMjkwZTllOGJjYTQ2MDFmZjkyZTBmNGQxNTQx
OGMyMjhmNWFiNWRjZTI2N2VlNjQxMTM3NDFlMmJhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFIbVY2iy6N8Kq+YG4L366E0BqhiM6EDCsRS5xNa/GOfKt
nJDT63DUQcenn16M+64CNZr3mkRvgSGvolZY5hbvj379e666WjNAawqkJSHJ1O0m
SYanh9OpSlfYb53Zp5eUFPEwuZ58zZHpl2NwZt0Bb79dxjZ0rb/RdOpFkKV94x8o
VpDywqqM8Tv53+YHZ7665bC0uI0YdHwVCSACa0IezOLHNXERabMmsOm0W/f5sXvn
8sTwgnyfi3TjfBuSX3QtByiVEHzZai+G/VB7C0BqyCATbi97RAg1BM6zLo4NgbDT
iFITS+YXxAtSFbzWQ0xZ2IpuxYukMPiZZvOK3BDNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU10TpWnPjxmJD8TrAIPMAtsCr2xowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdlYzI1ZTkyLWE5NTEtNDc5My04ZmMxLTg2MWM0ZDBjOTZmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDp4AwDQYJKoZIhvcNAQELBQADggEBAARyoVolEggSEc+7BPCyTFFTMREP
8lWNQ1N6iC4Bz8/wqrS+UnTRiq+AoSxf8UFQN7QCaowy+kM4P1C3Il4l71ISdolw
9Wzq/0CJDkztcN5iVn8y0ddz60KQUQj/zIg6VXy7/gjqWvdIzNeUot+MS85Xtw9Y
4m1ho/noLTKVxD1PciCqH9642Yz3ClraKNlxwkZ6Ns8UwsQrXKq9446KM3ybLuRB
ZSq3vKFh3Jv4XZsTL5s5Ys1qdCBECSO1kJ72hgy6gDuuwhduIuDXfUgdpbQ4lxMJ
Qud3W6+wehy4iiZJ1NipFVcrbzfvOwDA52/4jTK3bmRzi6MZUI7/d9ojxkA=
-----END CERTIFICATE-----