Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7ff9bf11-c10d-493d-a6a3-0bd36b489f32.roa
File:                     7ff9bf11-c10d-493d-a6a3-0bd36b489f32.roa (raw, json)
Hash identifier:          LHCFZi3NV7aqWYagpMOOCFaiXZJ18jv/G7jnEbCjZmM=
Subject key identifier:   1A:93:10:DD:09:A7:3F:81:03:DE:45:25:24:CD:A0:43:7E:AB:D0:FB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       74570C870DA80D0046D596D4B0EBC0F83E69B1A3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7ff9bf11-c10d-493d-a6a3-0bd36b489f32.roa
Signing time:             Fri 26 Sep 2025 00:07:28 +0000
ROA not before:           Fri 26 Sep 2025 00:07:28 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.163.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:57:0c:87:0d:a8:0d:00:46:d5:96:d4:b0:eb:c0:f8:3e:69:b1:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:07:28 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=780e1380f6c22731bdff427d1e52c0a6c16d4d871ec931e03107ac181343cb4c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:76:7b:5a:de:2c:06:0a:5d:c8:57:c3:2b:15:
                    cc:77:ae:49:2c:dd:cb:cb:df:3f:db:d2:33:7a:d3:
                    d5:de:68:8a:d1:c4:df:30:2d:62:03:d3:6d:d9:13:
                    fd:35:68:0d:19:06:6e:84:d2:1e:fb:2d:7c:6e:59:
                    15:c4:bb:2f:30:4a:61:33:0a:b1:6f:ad:40:56:92:
                    fc:e0:6d:f3:29:5d:43:81:81:20:64:3f:a6:af:62:
                    56:da:0f:df:76:04:49:fd:c1:71:c9:96:02:ac:4f:
                    a6:79:74:49:8f:3c:aa:10:1a:bd:c8:ca:58:95:50:
                    b5:9c:18:a5:c2:e9:c2:a8:cf:bd:96:42:6e:1d:8c:
                    7d:9e:4e:ae:23:12:1d:b6:65:c8:01:fe:47:83:1a:
                    7d:12:08:6e:06:10:c1:1c:04:f3:93:f0:04:f6:1f:
                    27:c0:c8:b5:8e:47:87:88:0b:1c:40:cd:9d:e6:ff:
                    ba:40:a9:6d:7f:3a:07:b2:50:0c:88:b4:94:72:53:
                    24:ac:3d:83:e9:c9:e6:f8:97:21:5b:bf:12:ba:e6:
                    2d:2c:70:b9:c4:9c:cb:b6:6a:01:b9:ae:b6:fa:75:
                    92:94:46:95:56:74:5f:7a:64:3a:d2:32:92:6f:6e:
                    81:e3:92:0a:a2:95:bf:e7:7a:d5:91:0c:22:4b:0d:
                    27:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:93:10:DD:09:A7:3F:81:03:DE:45:25:24:CD:A0:43:7E:AB:D0:FB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7ff9bf11-c10d-493d-a6a3-0bd36b489f32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.163.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:51:35:9b:a2:2f:81:10:6f:ec:4d:a5:1f:ac:c2:42:0b:37:
         24:46:38:0e:58:89:97:71:d1:5c:a6:55:24:a3:e9:c0:35:24:
         e1:1c:7f:ce:c5:db:93:e3:c5:e2:81:94:2c:ea:f1:0c:87:3a:
         49:d8:bf:9f:71:27:a2:34:18:88:53:65:0c:98:aa:e9:ae:1e:
         3b:fc:cd:f4:aa:97:0c:95:a9:a7:9d:d8:9d:ab:d8:a7:6f:3f:
         1b:d3:b6:bb:72:91:75:17:d5:82:38:84:51:44:0c:da:99:e4:
         16:44:8e:99:ac:5c:a8:8a:4b:69:f0:04:16:5d:08:38:d5:8b:
         15:70:a4:32:52:3c:cf:5c:22:de:7d:d7:2f:44:25:bc:e4:4d:
         14:ee:94:78:f8:24:3c:0f:8d:01:62:e0:37:a2:de:da:de:bb:
         7b:17:e0:bb:d2:45:3c:cb:00:d6:a1:4b:bd:da:97:d7:7f:ec:
         18:62:03:b3:88:0e:a6:48:85:77:22:6a:12:82:12:6b:3b:e8:
         5d:ce:ac:41:b6:36:f6:a3:63:d5:bb:79:a3:d7:8a:6c:23:42:
         38:b6:a0:aa:ee:02:ef:ba:34:5e:43:b3:a0:a0:ee:d8:85:be:
         02:62:f1:88:82:13:dc:c5:02:52:2a:44:1b:b9:67:bc:f0:0d:
         98:92:95:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdFcMhw2oDQBG1ZbUsOvA+D5psaMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAwNzI4WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODBlMTM4MGY2YzIyNzMxYmRmZjQyN2QxZTUyYzBhNmMx
NmQ0ZDg3MWVjOTMxZTAzMTA3YWMxODEzNDNjYjRjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXdnta3iwGCl3IV8MrFcx3rkks3cvL3z/b0jN609XeaIrR
xN8wLWID023ZE/01aA0ZBm6E0h77LXxuWRXEuy8wSmEzCrFvrUBWkvzgbfMpXUOB
gSBkP6avYlbaD992BEn9wXHJlgKsT6Z5dEmPPKoQGr3IyliVULWcGKXC6cKoz72W
Qm4djH2eTq4jEh22ZcgB/keDGn0SCG4GEMEcBPOT8AT2HyfAyLWOR4eICxxAzZ3m
/7pAqW1/OgeyUAyItJRyUySsPYPpyeb4lyFbvxK65i0scLnEnMu2agG5rrb6dZKU
RpVWdF96ZDrSMpJvboHjkgqilb/netWRDCJLDSdbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGpMQ3QmnP4ED3kUlJM2gQ36r0PswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdmZjliZjExLWMxMGQtNDkzZC1hNmEzLTBiZDM2YjQ4OWYzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDo3QwDQYJKoZIhvcNAQELBQADggEBACBRNZuiL4EQb+xNpR+swkILNyRG
OA5YiZdx0VymVSSj6cA1JOEcf87F25PjxeKBlCzq8QyHOknYv59xJ6I0GIhTZQyY
qumuHjv8zfSqlwyVqaed2J2r2KdvPxvTtrtykXUX1YI4hFFEDNqZ5BZEjpmsXKiK
S2nwBBZdCDjVixVwpDJSPM9cIt591y9EJbzkTRTulHj4JDwPjQFi4Dei3treu3sX
4LvSRTzLANahS73al9d/7BhiA7OIDqZIhXciahKCEms76F3OrEG2NvajY9W7eaPX
imwjQji2oKruAu+6NF5Ds6Cg7tiFvgJi8YiCE9zFAlIqRBu5Z7zwDZiSlUg=
-----END CERTIFICATE-----