Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a98916ca-c69f-4512-83b2-eda223fc4460.roa
File:                     a98916ca-c69f-4512-83b2-eda223fc4460.roa (raw, json)
Hash identifier:          GRfqsiZyBfv5yH7GVKhNwlbfl4Y7eGfrngNtxTF3XUg=
Subject key identifier:   DF:36:EE:BB:2F:BD:56:BD:D9:42:C9:CE:D0:EB:B2:BB:41:43:E9:ED
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5C5641A68C6175DE496212BB03FDF216499728D5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a98916ca-c69f-4512-83b2-eda223fc4460.roa
Signing time:             Thu 25 Sep 2025 23:17:41 +0000
ROA not before:           Thu 25 Sep 2025 23:17:41 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.171.78.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:56:41:a6:8c:61:75:de:49:62:12:bb:03:fd:f2:16:49:97:28:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 23:17:41 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=ae34d6b8141a8fbd9856f0f57de7f3ddc6e6ac9833406af5b3688cc811ca1533, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b7:04:73:79:b8:4c:9c:5a:8f:1c:7f:9c:81:
                    cf:55:82:1e:40:4a:7d:91:8e:d2:ba:2a:93:84:ce:
                    7a:21:88:f6:a0:07:20:72:d0:59:fa:7c:5b:5c:c1:
                    00:7e:5b:6c:74:5e:c6:cf:10:fc:5b:e7:aa:df:2b:
                    8d:ea:d2:41:4c:81:a2:69:25:d6:83:4a:46:13:6b:
                    03:a5:d6:e0:8f:db:79:10:48:12:4f:09:60:19:02:
                    ce:c8:23:38:2f:eb:ba:89:ba:3b:36:78:f2:67:f8:
                    4b:eb:36:69:27:70:28:b4:39:a9:98:ae:f7:5d:ef:
                    83:3e:c1:ce:bd:ea:52:91:13:d7:42:b1:92:b1:cf:
                    0d:67:d0:57:17:53:4f:d3:5e:38:97:c4:21:3d:95:
                    8a:06:8e:22:aa:6e:cf:8a:9c:50:a4:7f:67:c7:da:
                    0b:f6:80:8c:ba:83:53:7e:43:ba:6c:20:20:10:2c:
                    ba:53:5a:5e:c3:4e:e2:b8:23:65:5f:7e:fa:86:a8:
                    b1:6e:b5:45:62:59:44:4e:87:f5:a1:70:43:85:df:
                    95:d4:69:ef:63:d6:6e:45:13:66:be:2f:dd:be:1e:
                    d6:43:36:cc:12:3a:38:df:af:dc:6f:7d:d8:bb:5c:
                    48:0b:6f:36:e3:a8:41:fa:4b:6e:72:8b:aa:80:a2:
                    87:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:36:EE:BB:2F:BD:56:BD:D9:42:C9:CE:D0:EB:B2:BB:41:43:E9:ED
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a98916ca-c69f-4512-83b2-eda223fc4460.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.171.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:83:85:2a:58:b8:58:cb:40:96:9e:b9:e3:90:49:7a:54:41:
         71:e4:54:0e:84:f0:9f:f5:03:6b:85:96:a2:77:38:d9:28:10:
         6e:b4:72:c0:67:57:1d:05:a1:ae:ce:d3:fa:61:fb:26:03:0a:
         4e:41:c9:ba:68:10:00:48:93:25:74:72:11:60:55:a6:9d:fd:
         53:dc:13:9b:5d:b5:00:28:3a:40:48:fc:56:c5:e9:03:cf:37:
         e0:d9:88:47:f3:96:53:06:69:e4:80:b2:d9:65:87:92:56:1a:
         75:7f:f5:ed:ca:fd:14:30:89:17:d9:48:53:05:0a:51:f5:ec:
         3b:e4:1e:da:af:64:20:f8:bf:a7:50:78:88:3d:3f:a2:a0:a2:
         8e:4a:9c:43:bf:34:cf:3b:1e:da:f3:ac:35:9e:f1:67:1e:f8:
         7b:dc:7a:3e:17:46:fd:94:46:1b:65:84:cb:8f:f1:22:91:21:
         5d:be:95:e9:0f:e2:d9:fe:45:44:02:b9:8b:fe:f4:73:fc:22:
         49:75:26:ef:a1:0a:0e:4d:45:6d:bc:41:5f:f6:d6:41:d5:2a:
         bb:e5:ee:ab:96:b7:b3:3a:d2:f3:7b:9b:d8:c8:b4:6d:37:84:
         ae:e9:82:e9:95:dd:b9:51:68:ff:ac:d3:e6:88:d7:ff:56:f9:
         34:09:4f:3b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXFZBpoxhdd5JYhK7A/3yFkmXKNUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjMxNzQxWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZTM0ZDZiODE0MWE4ZmJkOTg1NmYwZjU3ZGU3ZjNkZGM2
ZTZhYzk4MzM0MDZhZjViMzY4OGNjODExY2ExNTMzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJtwRzebhMnFqPHH+cgc9Vgh5ASn2RjtK6KpOEznohiPag
ByBy0Fn6fFtcwQB+W2x0XsbPEPxb56rfK43q0kFMgaJpJdaDSkYTawOl1uCP23kQ
SBJPCWAZAs7IIzgv67qJujs2ePJn+EvrNmkncCi0OamYrvdd74M+wc696lKRE9dC
sZKxzw1n0FcXU0/TXjiXxCE9lYoGjiKqbs+KnFCkf2fH2gv2gIy6g1N+Q7psICAQ
LLpTWl7DTuK4I2VffvqGqLFutUViWUROh/WhcEOF35XUae9j1m5FE2a+L92+HtZD
NswSOjjfr9xvfdi7XEgLbzbjqEH6S25yi6qAooc3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3zbuuy+9Vr3ZQsnO0Ouyu0FD6e0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E5ODkxNmNhLWM2OWYtNDUxMi04M2IyLWVkYTIyM2ZjNDQ2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDq04wDQYJKoZIhvcNAQELBQADggEBAJaDhSpYuFjLQJaeueOQSXpUQXHk
VA6E8J/1A2uFlqJ3ONkoEG60csBnVx0Foa7O0/ph+yYDCk5BybpoEABIkyV0chFg
Vaad/VPcE5tdtQAoOkBI/FbF6QPPN+DZiEfzllMGaeSAstllh5JWGnV/9e3K/RQw
iRfZSFMFClH17DvkHtqvZCD4v6dQeIg9P6Kgoo5KnEO/NM87HtrzrDWe8Wce+Hvc
ej4XRv2URhtlhMuP8SKRIV2+lekP4tn+RUQCuYv+9HP8Ikl1Ju+hCg5NRW28QV/2
1kHVKrvl7quWt7M60vN7m9jItG03hK7pgumV3blRaP+s0+aI1/9W+TQJTzs=
-----END CERTIFICATE-----