Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8503bd8f-e8e3-409e-8145-d172fcc08621.roa
File:                     8503bd8f-e8e3-409e-8145-d172fcc08621.roa (raw, json)
Hash identifier:          SG4gJZvS9c9XzOR5dschqoZK0RRDeRMua5p3stnvb3M=
Subject key identifier:   B2:3E:FA:5B:41:AB:E5:EB:57:52:70:EC:D6:A5:AD:B0:F0:7B:E2:82
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       71D65D1233AB09679A1737E0F15A59CA96C5BDE6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8503bd8f-e8e3-409e-8145-d172fcc08621.roa
Signing time:             Tue 19 Aug 2025 15:11:56 +0000
ROA not before:           Tue 19 Aug 2025 15:11:56 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.101.206.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:d6:5d:12:33:ab:09:67:9a:17:37:e0:f1:5a:59:ca:96:c5:bd:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 19 15:11:56 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=a29f29793de35fcacb1aa4b307d0cd8679fd2c7b252fe8d2b58e94cdd8eb5613, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:2d:64:e2:2e:77:9a:15:3b:5a:72:6d:a3:fa:
                    c0:ad:ba:7e:5f:89:14:76:e2:51:40:df:ea:9d:a8:
                    59:ea:29:8f:7a:89:47:e6:1e:fa:af:02:32:2f:b2:
                    c1:85:3c:52:de:ef:4c:12:01:8f:25:67:fc:1d:51:
                    c4:2a:ce:80:d3:69:47:a5:97:08:6c:cf:27:7b:9f:
                    c2:00:97:7b:51:04:e6:f3:a6:f7:bb:97:c5:c4:55:
                    ed:f2:4c:14:f6:74:3b:18:61:fb:f5:9c:50:43:1b:
                    d5:41:4c:f8:fd:a2:9a:30:0d:ad:ea:be:2d:90:09:
                    3e:6c:fa:61:36:1e:68:bf:97:4d:a3:20:02:72:c6:
                    d2:56:ac:9e:fb:87:b4:57:3c:06:f7:c3:91:53:bd:
                    83:37:78:7b:a3:a9:66:e3:06:19:a3:fe:63:5e:0f:
                    a2:30:d9:ae:41:9d:4e:63:00:cd:eb:d3:7c:f8:7b:
                    9d:d3:7f:4a:71:8f:cd:2f:3d:3f:b6:d7:48:c5:c4:
                    3f:e5:cd:81:a6:64:57:55:c9:19:8f:26:70:33:89:
                    9d:c7:f9:20:10:cf:02:d2:17:39:6e:f7:ce:69:bc:
                    4a:b9:bd:5a:5d:bb:68:06:55:d4:b0:8a:d6:40:9c:
                    83:89:7e:5b:cd:e3:4b:9e:89:68:f9:d6:45:22:58:
                    36:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:3E:FA:5B:41:AB:E5:EB:57:52:70:EC:D6:A5:AD:B0:F0:7B:E2:82
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8503bd8f-e8e3-409e-8145-d172fcc08621.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.101.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:7d:be:8e:b2:7b:e3:ce:cf:3d:25:61:73:23:a1:5a:9a:91:
         52:03:ef:49:18:3c:c2:bc:af:1c:99:22:17:39:62:7b:17:2d:
         08:25:09:d8:fc:f9:25:45:37:83:d2:34:ba:c8:79:0e:1a:cc:
         31:49:1d:b3:20:e1:13:ce:54:07:0f:02:ad:a9:a0:2d:d8:d4:
         2d:20:c1:f0:de:8b:6d:c8:4c:32:2d:15:a6:9d:49:bb:be:da:
         7d:75:77:d8:4e:6b:ef:dd:ba:8c:59:9a:4a:bb:89:3c:f8:99:
         03:94:44:b6:32:6d:3b:aa:94:9c:2d:ca:2a:77:f0:59:29:b9:
         95:40:7a:2f:9b:61:e4:89:a2:be:45:bf:60:b7:62:93:da:1b:
         7a:49:b6:e6:f8:6e:9b:3c:7a:d5:02:53:8b:22:ea:d2:f9:eb:
         0c:04:19:d9:3a:f9:16:d4:8a:04:5e:07:c5:95:f8:d5:8b:e6:
         a1:32:6c:48:2d:f8:30:e1:82:91:5e:14:50:d4:3d:3b:dc:46:
         47:b0:fb:3b:31:18:7a:5d:ef:46:0b:62:47:3a:d0:35:9b:c8:
         07:64:84:2b:91:8e:ab:eb:9c:2c:91:e8:d9:9c:72:a5:37:5c:
         47:56:1e:cf:0b:66:ef:36:7f:cb:74:f5:68:ff:d0:96:fa:53:
         01:b8:ce:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcdZdEjOrCWeaFzfg8VpZypbFveYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE5MTUxMTU2WhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjlmMjk3OTNkZTM1ZmNhY2IxYWE0YjMwN2QwY2Q4Njc5
ZmQyYzdiMjUyZmU4ZDJiNThlOTRjZGQ4ZWI1NjEzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbLWTiLneaFTtacm2j+sCtun5fiRR24lFA3+qdqFnqKY96
iUfmHvqvAjIvssGFPFLe70wSAY8lZ/wdUcQqzoDTaUellwhszyd7n8IAl3tRBObz
pve7l8XEVe3yTBT2dDsYYfv1nFBDG9VBTPj9opowDa3qvi2QCT5s+mE2Hmi/l02j
IAJyxtJWrJ77h7RXPAb3w5FTvYM3eHujqWbjBhmj/mNeD6Iw2a5BnU5jAM3r03z4
e53Tf0pxj80vPT+210jFxD/lzYGmZFdVyRmPJnAziZ3H+SAQzwLSFzlu985pvEq5
vVpdu2gGVdSwitZAnIOJflvN40ueiWj51kUiWDZpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsj76W0Gr5etXUnDs1qWtsPB74oIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg1MDNiZDhmLWU4ZTMtNDA5ZS04MTQ1LWQxNzJmY2MwODYyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDZc4wDQYJKoZIhvcNAQELBQADggEBAEt9vo6ye+POzz0lYXMjoVqakVID
70kYPMK8rxyZIhc5YnsXLQglCdj8+SVFN4PSNLrIeQ4azDFJHbMg4RPOVAcPAq2p
oC3Y1C0gwfDei23ITDItFaadSbu+2n11d9hOa+/duoxZmkq7iTz4mQOURLYybTuq
lJwtyip38FkpuZVAei+bYeSJor5Fv2C3YpPaG3pJtub4bps8etUCU4si6tL56wwE
Gdk6+RbUigReB8WV+NWL5qEybEgt+DDhgpFeFFDUPTvcRkew+zsxGHpd70YLYkc6
0DWbyAdkhCuRjqvrnCyR6NmccqU3XEdWHs8LZu82f8t09Wj/0Jb6UwG4zsM=
-----END CERTIFICATE-----