Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/81977f47-77dc-44f3-868c-5e91a5ad7ad5.roa
File:                     81977f47-77dc-44f3-868c-5e91a5ad7ad5.roa (raw, json)
Hash identifier:          j8QDWkogO8+7OC9kU/oQoco3SsAqcSdilresNz9kwA8=
Subject key identifier:   BF:02:A1:D2:7C:51:5C:4D:67:62:99:C1:1F:6F:4E:65:3C:08:46:61
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2E3B2BE680D7F0E2F2A30C5CA3E4CECA3DE94648
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/81977f47-77dc-44f3-868c-5e91a5ad7ad5.roa
Signing time:             Thu 25 Sep 2025 20:09:55 +0000
ROA not before:           Thu 25 Sep 2025 20:09:55 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.171.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:3b:2b:e6:80:d7:f0:e2:f2:a3:0c:5c:a3:e4:ce:ca:3d:e9:46:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 20:09:55 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=1b361f84a55b666c5205a6e27f995bfb7c028ab82e4e9c7e70c1ff6af7549dd7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:86:aa:50:a2:82:3e:83:4b:33:a2:24:2e:db:
                    db:c2:42:1d:8f:00:87:f8:47:88:55:4d:0d:72:6c:
                    f6:b8:2f:0f:8a:22:e8:0d:c8:8c:be:c6:a1:28:1b:
                    ac:b3:82:df:ee:21:95:99:56:7c:de:48:5e:48:5e:
                    c4:b3:28:27:62:bb:0a:16:6e:c4:f7:74:aa:aa:33:
                    54:f8:d8:15:05:11:56:1e:81:f6:07:0f:dd:7f:d9:
                    b1:db:02:1a:f6:2f:c9:2a:42:b4:ef:82:99:64:3f:
                    31:65:1a:cc:69:18:6b:13:18:a4:03:e9:fb:5e:36:
                    ab:f4:89:9c:5f:f5:ce:d6:5d:9b:0d:bd:16:4b:c7:
                    42:57:97:85:0e:ae:b8:c5:ca:59:e4:62:d2:42:ad:
                    82:a1:9c:f3:a4:27:29:b6:36:d8:56:44:73:f8:b1:
                    88:62:d5:11:99:56:92:9d:82:a7:de:2a:fc:24:21:
                    c5:ea:b5:fd:20:38:28:15:00:1c:c8:f6:7c:50:63:
                    0e:e3:06:dc:aa:7d:f8:5b:f5:f4:eb:cb:2f:24:62:
                    01:76:45:e0:60:d4:22:a1:0b:93:3d:78:b5:e6:c8:
                    ee:c9:0a:70:33:44:ee:cd:30:53:7e:77:eb:62:22:
                    20:b3:6b:39:80:dd:0a:6a:54:5f:29:15:b1:62:a0:
                    a6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:02:A1:D2:7C:51:5C:4D:67:62:99:C1:1F:6F:4E:65:3C:08:46:61
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/81977f47-77dc-44f3-868c-5e91a5ad7ad5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.171.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:16:ce:4a:d1:bd:1b:fc:be:77:2e:a2:84:1a:5d:74:6c:8f:
         ad:18:95:c6:5f:20:44:25:db:14:6b:c3:a2:36:89:98:f0:bb:
         da:5e:6a:e4:6e:4d:2c:98:d4:52:ef:66:6f:46:ba:1b:6c:78:
         ad:7f:33:6f:a9:40:c4:b8:91:10:64:37:20:e6:f0:8a:43:6e:
         6a:cb:67:7a:b8:81:12:9b:00:39:24:29:98:81:61:c2:54:bc:
         28:85:b5:ff:ac:d4:fa:64:fa:f1:71:4d:d3:73:d0:41:f8:dd:
         e8:3e:5a:8b:41:ae:e4:2d:6a:f8:7a:52:61:6a:11:84:11:70:
         87:3c:cb:6a:cc:f3:c9:0f:b8:bc:51:21:9e:cb:b7:b3:40:9a:
         a4:2e:ea:83:bd:eb:e0:27:bc:80:f7:53:67:35:f8:55:c3:a5:
         89:39:ac:b5:51:0d:25:67:ea:1e:30:24:9b:1a:b4:f2:f5:d7:
         05:11:c0:fd:32:5b:29:7c:dd:5a:df:55:ca:05:87:5a:2e:93:
         62:38:ef:61:f4:56:fb:b9:67:f8:bf:ca:04:81:14:2f:7d:2f:
         10:1a:cf:72:55:f6:de:8b:c3:ff:29:0d:bd:e4:4c:d7:d2:70:
         2e:38:7e:03:09:a9:dc:96:bf:84:93:6a:a2:0f:75:99:4d:64:
         1e:23:da:8e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULjsr5oDX8OLyowxco+TOyj3pRkgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjAwOTU1WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYjM2MWY4NGE1NWI2NjZjNTIwNWE2ZTI3Zjk5NWJmYjdj
MDI4YWI4MmU0ZTljN2U3MGMxZmY2YWY3NTQ5ZGQ3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDChqpQooI+g0szoiQu29vCQh2PAIf4R4hVTQ1ybPa4Lw+K
IugNyIy+xqEoG6yzgt/uIZWZVnzeSF5IXsSzKCdiuwoWbsT3dKqqM1T42BUFEVYe
gfYHD91/2bHbAhr2L8kqQrTvgplkPzFlGsxpGGsTGKQD6fteNqv0iZxf9c7WXZsN
vRZLx0JXl4UOrrjFylnkYtJCrYKhnPOkJym2NthWRHP4sYhi1RGZVpKdgqfeKvwk
IcXqtf0gOCgVABzI9nxQYw7jBtyqffhb9fTryy8kYgF2ReBg1CKhC5M9eLXmyO7J
CnAzRO7NMFN+d+tiIiCzazmA3QpqVF8pFbFioKbRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvwKh0nxRXE1nYpnBH29OZTwIRmEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzgxOTc3ZjQ3LTc3ZGMtNDRmMy04NjhjLTVlOTFhNWFkN2FkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADq7kwDQYJKoZIhvcNAQELBQADggEBAJUWzkrRvRv8vncuooQaXXRsj60Y
lcZfIEQl2xRrw6I2iZjwu9peauRuTSyY1FLvZm9GuhtseK1/M2+pQMS4kRBkNyDm
8IpDbmrLZ3q4gRKbADkkKZiBYcJUvCiFtf+s1Ppk+vFxTdNz0EH43eg+WotBruQt
avh6UmFqEYQRcIc8y2rM88kPuLxRIZ7Lt7NAmqQu6oO96+AnvID3U2c1+FXDpYk5
rLVRDSVn6h4wJJsatPL11wURwP0yWyl83VrfVcoFh1ouk2I472H0Vvu5Z/i/ygSB
FC99LxAaz3JV9t6Lw/8pDb3kTNfScC44fgMJqdyWv4STaqIPdZlNZB4j2o4=
-----END CERTIFICATE-----