Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9984d5f3-e041-4d4a-8bd7-21f2b4f4a4f6.roa
File:                     9984d5f3-e041-4d4a-8bd7-21f2b4f4a4f6.roa (raw, json)
Hash identifier:          5ag+Pr5y0Wp6hSlLEsmmJXf2SOt80XeERIjMKaj5yBc=
Subject key identifier:   83:AB:DC:6A:08:24:6B:90:B5:4D:6D:A9:AE:CF:B0:E1:DE:C1:B3:60
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       17B341FB00CCF54E09983F32A82F2E5E98C1E1B1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9984d5f3-e041-4d4a-8bd7-21f2b4f4a4f6.roa
Signing time:             Thu 25 Sep 2025 22:02:26 +0000
ROA not before:           Thu 25 Sep 2025 22:02:26 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.164.138.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:b3:41:fb:00:cc:f5:4e:09:98:3f:32:a8:2f:2e:5e:98:c1:e1:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 22:02:26 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=05a5d0629acc80b96e1d9fdcac8de92b56bf8cab4c1fe66b339f90c3b5679196, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9c:a2:0f:1d:e0:8c:62:bc:42:64:62:10:f1:
                    1a:3e:c7:f8:cf:ea:da:38:c5:b8:24:d9:ff:9c:59:
                    0e:47:24:b0:91:ab:9a:be:03:1a:de:4b:98:47:57:
                    22:b7:56:e3:5b:6f:bc:62:80:be:e1:ef:ba:17:fb:
                    91:fa:2b:a6:53:da:6f:e9:d0:a3:84:7f:db:72:1b:
                    63:3d:68:f4:af:5c:1f:dc:56:ff:61:27:a7:72:75:
                    9d:1d:20:af:4c:ea:10:0a:bd:cd:7c:ba:52:5b:41:
                    52:e1:df:48:22:42:58:71:ee:0c:d0:5a:e8:8e:46:
                    45:f8:aa:df:b6:00:85:f7:6d:87:6b:37:9b:d1:68:
                    56:ce:55:b8:46:a2:35:a2:43:bf:18:2a:4b:0e:91:
                    e1:3b:13:6e:3d:50:42:83:37:e9:27:41:ae:9c:23:
                    68:72:ef:a5:02:ef:2e:9c:90:ff:fc:bb:b6:be:4e:
                    22:f9:6c:b7:6f:31:b7:42:3c:86:2d:a5:73:55:8f:
                    b1:89:d1:2b:f1:3b:4f:58:a8:20:4a:03:6a:2a:f5:
                    bc:37:f3:2f:a3:e5:ae:03:5b:a6:68:29:9d:c0:3a:
                    6c:f1:b9:b1:77:ed:cb:38:87:3f:ff:d2:a7:b2:f2:
                    08:bc:a4:99:eb:db:68:c7:39:ce:20:bf:71:5e:2e:
                    60:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:AB:DC:6A:08:24:6B:90:B5:4D:6D:A9:AE:CF:B0:E1:DE:C1:B3:60
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9984d5f3-e041-4d4a-8bd7-21f2b4f4a4f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.164.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:f3:b0:31:a2:1c:fd:3e:2a:f3:bc:b7:0b:d7:ab:ed:79:87:
         b0:c1:45:03:cb:89:2b:b5:49:73:fb:08:be:15:8b:1c:3d:e5:
         38:c3:60:f1:ca:6c:6b:0a:0b:68:f8:b2:33:4c:62:97:90:c5:
         3a:88:b6:a4:77:10:1f:95:23:60:43:74:70:58:b7:8e:82:15:
         d7:d5:dc:14:4a:58:9a:0b:30:42:7f:d3:18:cf:69:13:cd:3d:
         9e:f5:1c:10:dd:0e:61:0c:fa:e8:66:57:14:b7:be:85:0e:34:
         29:b6:f9:fa:c3:67:81:1c:55:92:46:d0:6b:51:6a:53:49:60:
         91:ef:b0:96:07:8f:f6:2d:95:d9:85:d4:ea:f9:4d:f9:f4:9d:
         d7:4e:3c:eb:59:d6:05:d1:89:74:ee:76:1b:57:4b:3f:5c:36:
         0a:55:15:2f:fe:e7:0f:3e:0c:1a:f4:b2:e5:a3:a6:52:d3:8b:
         59:2b:06:bd:2c:bc:11:60:a6:3f:d1:2d:6b:c5:ed:1d:5f:b2:
         86:d9:f6:07:e2:ad:b7:1b:2e:af:b5:2e:1b:7f:e2:26:5a:f9:
         a3:e1:63:c0:bb:e3:ec:5e:38:c6:2f:81:6b:6f:7c:17:bb:6e:
         b5:ae:07:d0:84:f5:67:d6:a1:3d:8c:8a:64:a5:bc:c2:42:4f:
         19:2e:5d:52
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF7NB+wDM9U4JmD8yqC8uXpjB4bEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjIwMjI2WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNWE1ZDA2MjlhY2M4MGI5NmUxZDlmZGNhYzhkZTkyYjU2
YmY4Y2FiNGMxZmU2NmIzMzlmOTBjM2I1Njc5MTk2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5nKIPHeCMYrxCZGIQ8Ro+x/jP6to4xbgk2f+cWQ5HJLCR
q5q+AxreS5hHVyK3VuNbb7xigL7h77oX+5H6K6ZT2m/p0KOEf9tyG2M9aPSvXB/c
Vv9hJ6dydZ0dIK9M6hAKvc18ulJbQVLh30giQlhx7gzQWuiORkX4qt+2AIX3bYdr
N5vRaFbOVbhGojWiQ78YKksOkeE7E249UEKDN+knQa6cI2hy76UC7y6ckP/8u7a+
TiL5bLdvMbdCPIYtpXNVj7GJ0SvxO09YqCBKA2oq9bw38y+j5a4DW6ZoKZ3AOmzx
ubF37cs4hz//0qey8gi8pJnr22jHOc4gv3FeLmCpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUg6vcaggka5C1TW2prs+w4d7Bs2AwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk5ODRkNWYzLWUwNDEtNGQ0YS04YmQ3LTIxZjJiNGY0YTRmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDpIowDQYJKoZIhvcNAQELBQADggEBAInzsDGiHP0+KvO8twvXq+15h7DB
RQPLiSu1SXP7CL4Vixw95TjDYPHKbGsKC2j4sjNMYpeQxTqItqR3EB+VI2BDdHBY
t46CFdfV3BRKWJoLMEJ/0xjPaRPNPZ71HBDdDmEM+uhmVxS3voUONCm2+frDZ4Ec
VZJG0GtRalNJYJHvsJYHj/YtldmF1Or5Tfn0nddOPOtZ1gXRiXTudhtXSz9cNgpV
FS/+5w8+DBr0suWjplLTi1krBr0svBFgpj/RLWvF7R1fsobZ9gfirbcbLq+1Lht/
4iZa+aPhY8C74+xeOMYvgWtvfBe7brWuB9CE9WfWoT2MimSlvMJCTxkuXVI=
-----END CERTIFICATE-----