Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9238e2c1-f3be-49ab-9474-4d577afe980c.roa
File:                     9238e2c1-f3be-49ab-9474-4d577afe980c.roa (raw, json)
Hash identifier:          BPEQa9/7JD9WB9DMhPbjJoGY74Y+TQZWdK5UJblK4TE=
Subject key identifier:   76:CC:FA:B1:4C:DF:9B:BF:10:F9:31:28:9F:7B:9D:F9:E1:A2:2C:95
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5C658EDACFEE7B5A07F70DC22764CF55FEC42BB5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9238e2c1-f3be-49ab-9474-4d577afe980c.roa
Signing time:             Fri 26 Sep 2025 00:07:39 +0000
ROA not before:           Fri 26 Sep 2025 00:07:39 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.163.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:65:8e:da:cf:ee:7b:5a:07:f7:0d:c2:27:64:cf:55:fe:c4:2b:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:07:39 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=ecab23f029e370d1fa1b9460dd466c445c8962b077f81c59e7d2be64dc6f6f38, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:00:fa:32:75:0c:cf:94:08:7a:21:0e:a5:8b:
                    ea:84:e4:5e:b8:d8:7f:75:a2:04:6e:40:ea:95:fe:
                    63:8b:35:2a:11:eb:26:b6:e8:74:2e:e5:03:cf:fd:
                    6e:b1:5a:8d:92:e2:3f:5c:c7:e8:80:7e:22:79:c3:
                    16:e9:3a:e5:39:ad:51:08:b8:66:f6:87:fc:32:58:
                    4d:e5:2d:a1:e2:d1:e5:c1:cc:d9:a0:03:a3:e3:fa:
                    2d:fa:01:e8:51:69:df:39:76:1d:a4:d8:4e:22:5f:
                    80:eb:fa:47:fd:5f:89:9b:f3:a6:d9:65:85:5d:80:
                    00:6e:14:8e:d9:b8:7b:6b:a9:90:81:c6:91:49:8e:
                    4e:e4:72:88:38:42:5e:ea:0c:68:9d:f0:15:0c:3e:
                    fa:f6:18:a3:46:54:90:bf:af:b8:cc:bc:03:11:e6:
                    cb:e1:7f:fe:24:85:73:38:f0:36:05:97:c6:75:f1:
                    75:09:e3:b4:0c:8b:d4:68:de:a0:29:36:7b:b4:72:
                    8f:2d:18:32:b9:f7:98:d8:1c:8b:6c:e7:28:e7:eb:
                    2d:9a:5b:a7:5d:20:91:4b:d8:b9:ab:a8:c6:00:d6:
                    77:be:8c:32:fb:b1:20:9d:9d:5d:27:3d:ae:c4:eb:
                    51:76:b2:ab:5b:15:e3:1c:27:f5:60:e0:5c:40:d4:
                    0f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:CC:FA:B1:4C:DF:9B:BF:10:F9:31:28:9F:7B:9D:F9:E1:A2:2C:95
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9238e2c1-f3be-49ab-9474-4d577afe980c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.163.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:99:0c:4d:5a:75:4c:38:29:2c:7f:d6:de:11:2c:76:e2:44:
         2b:5c:2d:a7:a0:fc:55:00:9d:07:a7:50:b6:e9:5d:ba:1a:db:
         49:13:e6:9c:35:5b:17:e5:68:42:03:5d:e0:c6:de:bd:28:8b:
         46:a9:0d:76:0d:cb:d6:4b:55:09:c0:a7:64:02:41:72:6d:ee:
         9a:08:a4:97:60:77:5b:05:cc:4d:89:e9:52:9f:d1:44:b8:f7:
         48:63:05:a0:44:50:f7:f6:25:cc:45:3f:3d:99:57:71:eb:0e:
         54:7f:27:b8:3a:f0:7e:02:06:6a:69:4f:37:27:0e:64:dd:a7:
         f6:3e:69:d3:63:2d:52:e6:8d:ae:13:c8:ed:8a:92:12:18:c6:
         45:a9:86:32:25:62:53:b7:4c:1c:78:ca:77:42:d2:d0:2c:9a:
         04:6b:3e:36:13:b2:74:7b:62:f4:11:79:a5:6d:89:de:bc:03:
         65:c6:33:c8:51:fe:5b:36:51:2b:cf:a4:9f:e3:77:f4:89:f3:
         5b:bf:63:e0:3e:bb:de:23:84:c2:71:3e:d6:4b:ad:bd:52:d3:
         a7:4b:3b:9a:75:4e:cb:26:21:c1:92:14:cf:89:d6:77:b0:90:
         7a:56:b2:02:ce:d2:bd:d3:85:50:45:08:b3:64:f9:4c:f8:5c:
         37:87:16:d4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXGWO2s/ue1oH9w3CJ2TPVf7EK7UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAwNzM5WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlY2FiMjNmMDI5ZTM3MGQxZmExYjk0NjBkZDQ2NmM0NDVj
ODk2MmIwNzdmODFjNTllN2QyYmU2NGRjNmY2ZjM4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJAPoydQzPlAh6IQ6li+qE5F642H91ogRuQOqV/mOLNSoR
6ya26HQu5QPP/W6xWo2S4j9cx+iAfiJ5wxbpOuU5rVEIuGb2h/wyWE3lLaHi0eXB
zNmgA6Pj+i36AehRad85dh2k2E4iX4Dr+kf9X4mb86bZZYVdgABuFI7ZuHtrqZCB
xpFJjk7kcog4Ql7qDGid8BUMPvr2GKNGVJC/r7jMvAMR5svhf/4khXM48DYFl8Z1
8XUJ47QMi9Ro3qApNnu0co8tGDK595jYHIts5yjn6y2aW6ddIJFL2LmrqMYA1ne+
jDL7sSCdnV0nPa7E61F2sqtbFeMcJ/Vg4FxA1A+hAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdsz6sUzfm78Q+TEon3ud+eGiLJUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzkyMzhlMmMxLWYzYmUtNDlhYi05NDc0LTRkNTc3YWZlOTgwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDo5wwDQYJKoZIhvcNAQELBQADggEBACeZDE1adUw4KSx/1t4RLHbiRCtc
Laeg/FUAnQenULbpXboa20kT5pw1WxflaEIDXeDG3r0oi0apDXYNy9ZLVQnAp2QC
QXJt7poIpJdgd1sFzE2J6VKf0US490hjBaBEUPf2JcxFPz2ZV3HrDlR/J7g68H4C
BmppTzcnDmTdp/Y+adNjLVLmja4TyO2KkhIYxkWphjIlYlO3TBx4yndC0tAsmgRr
PjYTsnR7YvQReaVtid68A2XGM8hR/ls2USvPpJ/jd/SJ81u/Y+A+u94jhMJxPtZL
rb1S06dLO5p1TssmIcGSFM+J1newkHpWsgLO0r3ThVBFCLNk+Uz4XDeHFtQ=
-----END CERTIFICATE-----