Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a796bfe4-dc0e-4929-a9b8-06bf88066f3f.roa
File:                     a796bfe4-dc0e-4929-a9b8-06bf88066f3f.roa (raw, json)
Hash identifier:          w40sCHnLpmRI/sY3KxNQe6Z2n4w3gTmhFqU+ZJsHFIE=
Subject key identifier:   17:0B:D2:07:DD:37:1A:1C:FE:B7:49:E8:B1:28:AD:1D:62:C3:38:E1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2958C645CD0B43C5C23DC27A3F2A196F27026CA0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a796bfe4-dc0e-4929-a9b8-06bf88066f3f.roa
Signing time:             Thu 25 Sep 2025 17:41:33 +0000
ROA not before:           Thu 25 Sep 2025 17:41:33 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.163.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:58:c6:45:cd:0b:43:c5:c2:3d:c2:7a:3f:2a:19:6f:27:02:6c:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 17:41:33 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=3bef83c5972a15f212a2b1b0e1750bb1b60069f53fcb1aedebc216a31fc54ba3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:26:b6:84:fb:26:bc:6b:6d:f7:2f:9d:b2:61:
                    0e:33:99:a5:4e:bd:d6:55:40:0d:de:a9:1f:60:59:
                    e4:7f:e7:d7:47:cb:d2:5e:81:73:67:88:9a:75:41:
                    3d:55:47:46:3d:6e:63:2a:a6:57:bf:4a:31:55:ae:
                    b8:8c:dd:1c:c3:7e:79:16:91:0d:f2:81:bf:2d:7e:
                    2e:a1:0c:9a:6f:c6:67:b4:36:f0:75:22:e5:27:56:
                    f9:0e:68:e7:3e:b2:6c:98:b7:1d:69:15:21:e3:0b:
                    64:00:c7:91:1d:53:bb:0b:54:3c:e0:5e:73:66:9c:
                    30:67:95:19:97:d1:fa:2c:cc:51:ce:40:2f:a1:9b:
                    22:ad:2e:2c:38:b9:9e:97:eb:0f:c1:45:de:11:fb:
                    2c:ba:e1:b7:4b:cc:02:1c:1b:e7:48:b3:26:bd:0f:
                    30:20:88:34:35:52:8d:c4:d0:0f:59:56:e6:92:82:
                    81:81:a0:e7:e7:92:24:a0:98:b0:f9:bf:49:9b:a8:
                    68:28:e2:5d:0d:00:46:0e:02:9d:23:d8:49:fa:3e:
                    78:8a:27:9c:e2:f9:33:1b:e3:a2:13:70:af:02:d8:
                    c8:fc:83:3d:a4:63:38:e5:f0:4c:67:a4:31:75:bf:
                    c8:07:fa:13:76:99:b7:4f:66:03:19:a6:33:68:58:
                    94:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:0B:D2:07:DD:37:1A:1C:FE:B7:49:E8:B1:28:AD:1D:62:C3:38:E1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a796bfe4-dc0e-4929-a9b8-06bf88066f3f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.163.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:b6:aa:dd:71:f8:43:2a:d0:b5:a4:b2:6e:32:e9:88:7a:30:
         40:a7:95:d9:6a:97:fa:86:80:aa:99:78:24:b1:15:d7:2d:0c:
         4e:08:e2:8b:ee:76:20:4c:28:63:29:b8:62:80:b7:80:73:4d:
         02:fe:ee:15:5d:0d:e7:86:4a:bf:37:72:ad:e3:b6:78:92:8a:
         ca:f3:82:ec:f7:92:83:a0:2f:de:5a:99:8c:c9:1a:54:a5:37:
         c3:16:8f:b7:08:b4:ea:e8:86:83:0f:1b:bf:51:f0:3d:64:e9:
         d7:00:48:ae:29:df:aa:32:89:ef:ed:9b:4b:5a:70:d6:14:a7:
         a6:54:c2:b1:87:4d:d4:91:bb:ae:71:76:35:dc:86:3f:b6:cb:
         6f:b9:7e:9f:79:2c:9d:8c:74:b1:53:32:91:8b:8d:14:ff:86:
         75:c8:c0:e2:f2:f8:a8:c4:11:71:77:d8:37:ec:bc:2f:e6:3e:
         d4:86:54:26:41:9d:72:51:61:fc:b2:c1:60:d3:7b:02:f8:da:
         e3:7b:38:9f:d8:7c:a5:c1:ca:ec:90:ce:cf:78:9a:db:62:c8:
         b3:75:22:79:cb:02:48:d2:e8:0a:be:05:cb:6a:8e:d7:f6:47:
         a4:16:b3:f1:d7:fe:0e:e7:20:d3:29:2f:93:70:14:ee:41:52:
         5b:f1:e9:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKVjGRc0LQ8XCPcJ6PyoZbycCbKAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTc0MTMzWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmVmODNjNTk3MmExNWYyMTJhMmIxYjBlMTc1MGJiMWI2
MDA2OWY1M2ZjYjFhZWRlYmMyMTZhMzFmYzU0YmEzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaJraE+ya8a233L52yYQ4zmaVOvdZVQA3eqR9gWeR/59dH
y9JegXNniJp1QT1VR0Y9bmMqple/SjFVrriM3RzDfnkWkQ3ygb8tfi6hDJpvxme0
NvB1IuUnVvkOaOc+smyYtx1pFSHjC2QAx5EdU7sLVDzgXnNmnDBnlRmX0foszFHO
QC+hmyKtLiw4uZ6X6w/BRd4R+yy64bdLzAIcG+dIsya9DzAgiDQ1Uo3E0A9ZVuaS
goGBoOfnkiSgmLD5v0mbqGgo4l0NAEYOAp0j2En6PniKJ5zi+TMb46ITcK8C2Mj8
gz2kYzjl8ExnpDF1v8gH+hN2mbdPZgMZpjNoWJS3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFwvSB903Ghz+t0nosSitHWLDOOEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E3OTZiZmU0LWRjMGUtNDkyOS1hOWI4LTA2YmY4ODA2NmYzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADo9gwDQYJKoZIhvcNAQELBQADggEBAJ62qt1x+EMq0LWksm4y6Yh6MECn
ldlql/qGgKqZeCSxFdctDE4I4ovudiBMKGMpuGKAt4BzTQL+7hVdDeeGSr83cq3j
tniSisrzguz3koOgL95amYzJGlSlN8MWj7cItOrohoMPG79R8D1k6dcASK4p36oy
ie/tm0tacNYUp6ZUwrGHTdSRu65xdjXchj+2y2+5fp95LJ2MdLFTMpGLjRT/hnXI
wOLy+KjEEXF32DfsvC/mPtSGVCZBnXJRYfyywWDTewL42uN7OJ/YfKXByuyQzs94
mttiyLN1InnLAkjS6Aq+Bctqjtf2R6QWs/HX/g7nINMpL5NwFO5BUlvx6d0=
-----END CERTIFICATE-----