Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/93aff7e4-ed3e-4b49-8170-dc54436392ba.roa
File:                     93aff7e4-ed3e-4b49-8170-dc54436392ba.roa (raw, json)
Hash identifier:          7uxnautuoGJV5kIP5EHEap5ynahHH+nUG9jJcsoSlVs=
Subject key identifier:   0C:58:08:A9:B4:80:19:91:66:03:62:DB:3B:D8:AA:20:89:E1:9D:64
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       40A7FFB41854D5FF3E60904CDA38C41FC08D523F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/93aff7e4-ed3e-4b49-8170-dc54436392ba.roa
Signing time:             Thu 25 Sep 2025 23:47:40 +0000
ROA not before:           Thu 25 Sep 2025 23:47:40 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.175.214.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:a7:ff:b4:18:54:d5:ff:3e:60:90:4c:da:38:c4:1f:c0:8d:52:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 23:47:40 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=3a5b614ef603250992365b72348624d56fa94611a0d878aac5fc8452feb82e31, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:58:a0:46:61:0f:79:72:e4:b1:fe:92:d2:53:
                    6f:97:46:00:8b:af:ec:6e:df:c6:6a:e2:d0:39:2c:
                    63:e4:70:0e:53:45:3f:d5:ae:5f:7f:b8:ca:bb:3e:
                    0c:b4:96:81:a2:3c:18:2f:6d:bd:6a:9b:17:78:20:
                    5f:92:18:6b:8d:b2:5c:96:33:c6:b1:40:4e:3d:46:
                    30:3d:3d:09:92:fb:dc:14:56:5b:be:a6:f6:3b:c2:
                    2e:d2:4b:7e:ab:59:d4:34:98:7e:b7:1c:74:cf:4c:
                    e1:5a:1c:5a:19:ea:da:54:f4:bf:fd:44:6a:6b:a6:
                    5f:b1:0b:0a:d9:24:c9:2d:df:9e:34:44:66:9c:9b:
                    83:d7:2d:f3:26:79:91:46:4b:69:cd:ba:5d:8b:16:
                    0b:fb:16:8c:31:0f:8d:83:01:13:71:7a:77:3b:ff:
                    c0:7a:3b:89:18:65:3c:e8:09:57:87:7d:06:77:11:
                    02:bd:67:05:17:39:ec:e8:ef:9f:37:62:27:dc:39:
                    5e:6b:65:49:e4:4b:ce:7a:c4:e7:45:0b:78:06:be:
                    d3:3e:96:34:14:f6:da:6d:a6:67:f3:1a:a0:b0:41:
                    02:3f:83:10:72:42:fd:b5:bd:aa:98:6e:ab:6e:be:
                    95:85:22:13:84:2f:ba:72:6f:d4:c9:1f:5e:a1:b2:
                    37:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:58:08:A9:B4:80:19:91:66:03:62:DB:3B:D8:AA:20:89:E1:9D:64
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/93aff7e4-ed3e-4b49-8170-dc54436392ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.175.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:e7:b7:c1:ca:fe:74:86:33:ae:1b:ec:46:a6:01:c8:78:35:
         11:7a:67:4e:de:0c:09:44:a5:9b:97:73:7c:19:37:81:f4:c6:
         26:a0:27:87:3d:79:0a:15:50:7b:14:a0:27:af:2e:59:15:99:
         7b:c1:ce:05:95:5d:61:cf:f8:38:27:94:2b:54:85:d4:05:a5:
         e9:e3:f6:42:94:4e:6a:3c:72:a9:4d:6e:b3:4f:b8:2f:ea:bc:
         52:20:4a:f8:9a:d3:39:53:62:af:38:3c:5b:58:bd:2b:04:1c:
         9c:09:8e:95:5e:28:0c:d7:98:f4:b6:c6:c1:76:94:92:f7:16:
         66:9e:c9:74:5f:67:d7:22:2f:53:4f:98:ef:22:0a:7c:42:a6:
         24:68:ab:24:06:bc:dc:b3:2e:b0:f4:3c:25:97:ae:a6:d7:40:
         b6:8e:22:61:e2:7a:40:71:0b:f9:1c:29:9a:dd:48:81:ab:ea:
         86:8e:91:50:bd:cf:9d:ca:a9:bc:8f:04:d0:29:15:57:7b:c7:
         f5:a0:64:2e:f8:44:96:bb:b6:d9:7e:b2:17:f9:5e:18:bd:f6:
         32:ce:1a:2c:e8:6f:d4:88:94:22:df:87:3e:20:f7:29:b2:1d:
         37:ec:69:1b:5f:8e:58:d6:e9:6c:73:a7:d3:bd:ce:e0:19:b5:
         44:32:4f:6d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQKf/tBhU1f8+YJBM2jjEH8CNUj8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjM0NzQwWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTViNjE0ZWY2MDMyNTA5OTIzNjViNzIzNDg2MjRkNTZm
YTk0NjExYTBkODc4YWFjNWZjODQ1MmZlYjgyZTMxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClWKBGYQ95cuSx/pLSU2+XRgCLr+xu38Zq4tA5LGPkcA5T
RT/Vrl9/uMq7Pgy0loGiPBgvbb1qmxd4IF+SGGuNslyWM8axQE49RjA9PQmS+9wU
Vlu+pvY7wi7SS36rWdQ0mH63HHTPTOFaHFoZ6tpU9L/9RGprpl+xCwrZJMkt3540
RGacm4PXLfMmeZFGS2nNul2LFgv7FowxD42DARNxenc7/8B6O4kYZTzoCVeHfQZ3
EQK9ZwUXOezo7583YifcOV5rZUnkS856xOdFC3gGvtM+ljQU9tptpmfzGqCwQQI/
gxByQv21vaqYbqtuvpWFIhOEL7pyb9TJH16hsjevAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDFgIqbSAGZFmA2LbO9iqIInhnWQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzkzYWZmN2U0LWVkM2UtNGI0OS04MTcwLWRjNTQ0MzYzOTJiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDr9YwDQYJKoZIhvcNAQELBQADggEBAKLnt8HK/nSGM64b7EamAch4NRF6
Z07eDAlEpZuXc3wZN4H0xiagJ4c9eQoVUHsUoCevLlkVmXvBzgWVXWHP+DgnlCtU
hdQFpenj9kKUTmo8cqlNbrNPuC/qvFIgSvia0zlTYq84PFtYvSsEHJwJjpVeKAzX
mPS2xsF2lJL3FmaeyXRfZ9ciL1NPmO8iCnxCpiRoqyQGvNyzLrD0PCWXrqbXQLaO
ImHiekBxC/kcKZrdSIGr6oaOkVC9z53KqbyPBNApFVd7x/WgZC74RJa7ttl+shf5
Xhi99jLOGizob9SIlCLfhz4g9ymyHTfsaRtfjljW6Wxzp9O9zuAZtUQyT20=
-----END CERTIFICATE-----