Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/997b22ee-c406-4efa-b24f-e632658f2534.roa
File:                     997b22ee-c406-4efa-b24f-e632658f2534.roa (raw, json)
Hash identifier:          njiy6+APjIu/saJ9D0oE+l3O8jho56VygqmmV+mmaM8=
Subject key identifier:   D9:5C:9F:8A:0F:9E:BB:8D:72:21:95:1D:70:DD:23:05:ED:B0:84:DB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       75C3F447ECCAA3380C26C3D06CE4F516CA1C5A68
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/997b22ee-c406-4efa-b24f-e632658f2534.roa
Signing time:             Thu 25 Sep 2025 21:15:06 +0000
ROA not before:           Thu 25 Sep 2025 21:15:06 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.175.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:c3:f4:47:ec:ca:a3:38:0c:26:c3:d0:6c:e4:f5:16:ca:1c:5a:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 21:15:06 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=b7d61da6d565e114902e07133c761052b87024c766233b3cbf0e6df606eb16f4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:74:2a:3b:de:1c:b0:9c:e9:b0:f5:6a:e2:ec:
                    c0:88:e8:73:20:93:fc:cc:df:24:f6:f4:60:6a:24:
                    95:8f:14:02:11:51:e7:63:25:09:bd:77:f5:50:1a:
                    a7:ae:7c:f5:48:07:39:f5:a3:4f:e4:57:bc:b5:b7:
                    5e:3d:09:dd:c0:6a:af:d0:f1:6f:e3:6f:d6:47:30:
                    28:f2:3e:0e:d4:a1:0a:44:01:fa:ea:29:b6:af:72:
                    89:3d:85:2a:fe:b7:52:4a:7a:60:59:01:b0:b2:aa:
                    a2:b5:a6:65:0c:07:29:c2:fa:70:f0:37:7b:2f:fd:
                    0d:60:a4:21:2f:5d:78:a5:d4:0f:bd:f7:33:71:dc:
                    98:d4:7c:b1:b9:7d:cc:9d:d2:10:fb:1c:45:dc:f4:
                    51:5b:fa:06:e6:72:10:08:59:e7:6e:a5:af:29:8a:
                    d6:ec:44:5e:39:58:36:bd:42:1c:b6:b4:31:d6:ad:
                    96:f7:f9:b4:bf:ab:d2:63:8f:48:df:83:30:9e:a5:
                    74:14:4d:3a:f4:4c:f3:b8:5a:7e:18:a7:19:37:48:
                    ad:06:13:c5:01:a5:31:3b:f7:76:19:26:58:fa:fc:
                    82:17:a7:5f:82:44:58:9d:e2:4a:a7:0a:6e:00:0e:
                    db:78:10:a3:30:f5:9c:19:b8:61:9d:23:cf:c2:05:
                    ab:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:5C:9F:8A:0F:9E:BB:8D:72:21:95:1D:70:DD:23:05:ED:B0:84:DB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/997b22ee-c406-4efa-b24f-e632658f2534.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.175.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:1b:5e:4d:8a:ef:33:42:c5:95:85:88:9a:c9:25:da:6e:80:
         47:f5:13:1d:02:2c:31:d1:9f:c6:8d:62:b3:8c:42:d3:df:34:
         02:5c:c5:97:31:70:4d:24:a7:a0:be:84:3e:c8:d4:dc:9a:c7:
         5a:e4:1c:d8:64:d4:5f:10:87:1d:32:52:5f:1d:57:83:23:86:
         a6:2d:0d:d3:ca:78:93:fa:bd:80:2a:50:81:27:0f:27:f7:90:
         55:09:22:6c:04:99:62:da:af:8a:09:4e:ca:46:04:ca:df:19:
         9a:46:12:92:02:74:a1:b9:3d:ab:d7:0e:96:4a:94:bb:6a:ab:
         a5:b8:82:e7:e3:5c:05:87:9f:ca:bf:fe:d6:14:e7:ec:ee:4c:
         bc:f0:25:d8:41:0c:e1:d6:be:91:85:44:49:88:a5:ba:d0:34:
         1d:f5:ba:32:ad:70:4e:b8:66:aa:40:f9:35:f6:a3:83:6f:16:
         a8:6e:8b:a2:f8:67:01:ef:0b:64:2e:84:2f:f1:91:8e:d7:b4:
         b8:ee:d3:26:88:90:30:26:1e:e0:56:85:74:f9:7f:0b:7a:0d:
         f8:af:ec:3c:0e:e9:09:ec:19:42:97:4b:a6:5d:0f:67:64:7f:
         28:9b:4e:ee:48:f4:41:6e:35:3b:7e:ad:73:45:b9:e4:c2:a0:
         50:7b:3d:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdcP0R+zKozgMJsPQbOT1FsocWmgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjExNTA2WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiN2Q2MWRhNmQ1NjVlMTE0OTAyZTA3MTMzYzc2MTA1MmI4
NzAyNGM3NjYyMzNiM2NiZjBlNmRmNjA2ZWIxNmY0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqdCo73hywnOmw9Wri7MCI6HMgk/zM3yT29GBqJJWPFAIR
UedjJQm9d/VQGqeufPVIBzn1o0/kV7y1t149Cd3Aaq/Q8W/jb9ZHMCjyPg7UoQpE
AfrqKbavcok9hSr+t1JKemBZAbCyqqK1pmUMBynC+nDwN3sv/Q1gpCEvXXil1A+9
9zNx3JjUfLG5fcyd0hD7HEXc9FFb+gbmchAIWedupa8pitbsRF45WDa9Qhy2tDHW
rZb3+bS/q9Jjj0jfgzCepXQUTTr0TPO4Wn4Ypxk3SK0GE8UBpTE793YZJlj6/IIX
p1+CRFid4kqnCm4ADtt4EKMw9ZwZuGGdI8/CBavfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2Vyfig+eu41yIZUdcN0jBe2whNswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk5N2IyMmVlLWM0MDYtNGVmYS1iMjRmLWU2MzI2NThmMjUzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADr/UwDQYJKoZIhvcNAQELBQADggEBAIAbXk2K7zNCxZWFiJrJJdpugEf1
Ex0CLDHRn8aNYrOMQtPfNAJcxZcxcE0kp6C+hD7I1Nyax1rkHNhk1F8Qhx0yUl8d
V4MjhqYtDdPKeJP6vYAqUIEnDyf3kFUJImwEmWLar4oJTspGBMrfGZpGEpICdKG5
PavXDpZKlLtqq6W4gufjXAWHn8q//tYU5+zuTLzwJdhBDOHWvpGFREmIpbrQNB31
ujKtcE64ZqpA+TX2o4NvFqhui6L4ZwHvC2QuhC/xkY7XtLju0yaIkDAmHuBWhXT5
fwt6Dfiv7DwO6QnsGUKXS6ZdD2dkfyibTu5I9EFuNTt+rXNFueTCoFB7PVY=
-----END CERTIFICATE-----