Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a9e6f25f-444c-41e8-87a6-53d07c479f35.roa
File:                     a9e6f25f-444c-41e8-87a6-53d07c479f35.roa (raw, json)
Hash identifier:          blmBlNwe6KcPm+uxGoz354FHneplzaZhQqlQRpI3Yl8=
Subject key identifier:   F3:49:5B:9A:E0:C9:01:C3:BD:67:C7:92:23:38:9B:F2:8E:8C:A2:77
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7D302D520D52EF1C89329E45B61BB8B453E0A1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a9e6f25f-444c-41e8-87a6-53d07c479f35.roa
Signing time:             Thu 25 Sep 2025 22:27:31 +0000
ROA not before:           Thu 25 Sep 2025 22:27:31 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.166.56.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:30:2d:52:0d:52:ef:1c:89:32:9e:45:b6:1b:b8:b4:53:e0:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 22:27:31 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=d0218388898a8b222536f8dbcac979d02771d39ef8d32930a22b19e4fd766bba, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:73:58:49:37:f8:37:c5:19:90:db:a0:42:ff:
                    23:81:6c:44:cf:55:09:d3:42:b5:3e:54:29:11:e7:
                    ca:c8:3e:c7:a1:3e:28:87:5f:e7:c5:92:4d:a8:ed:
                    54:34:cf:dd:a9:69:02:b8:41:47:d4:34:a6:09:d8:
                    ec:ac:9e:33:09:b7:35:45:57:93:48:ef:e1:c5:1c:
                    35:50:d0:20:7d:ce:c3:63:e8:20:7c:87:62:d6:d6:
                    15:69:7e:ef:7a:45:a7:37:c3:6c:a0:cc:87:58:b2:
                    c2:51:bf:e2:e0:1d:68:e8:10:8c:db:a5:b5:df:a7:
                    55:19:d0:7e:93:e0:30:99:bb:a7:fa:c0:2a:c3:ee:
                    79:fc:e0:c7:cb:1f:54:86:33:e2:28:17:26:50:ea:
                    0a:b9:13:4a:46:9c:7c:0f:dc:a1:1f:40:d7:d4:78:
                    76:61:38:6d:ba:39:82:6f:eb:b1:f7:02:5e:97:e4:
                    eb:65:e7:aa:d1:7a:99:b3:8b:90:c2:b0:69:af:9d:
                    48:a1:7f:a2:bf:5c:24:41:9b:1e:3f:f2:70:8f:11:
                    6e:a5:00:c5:f2:5d:cd:34:96:63:a8:a0:6c:13:1b:
                    8b:8c:75:7b:e5:e0:ba:34:a2:b0:16:2e:db:39:e4:
                    79:68:a4:34:07:8d:74:32:c2:4f:48:2f:f8:8f:e7:
                    0e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:49:5B:9A:E0:C9:01:C3:BD:67:C7:92:23:38:9B:F2:8E:8C:A2:77
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a9e6f25f-444c-41e8-87a6-53d07c479f35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.166.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:0d:e6:b8:45:03:a6:aa:49:10:61:b8:24:09:35:6a:fe:90:
         46:fe:cb:07:66:de:da:0a:85:69:e3:ef:60:f2:16:fb:85:50:
         08:54:10:bc:90:cc:85:32:51:d7:89:26:8b:3d:c9:b2:15:d8:
         ed:59:cd:40:5e:5f:e5:1f:29:c1:b9:48:9a:44:d1:84:a6:8c:
         e2:62:c7:d6:cb:63:bf:20:08:db:73:36:67:86:96:7d:be:bc:
         40:14:47:f8:71:99:45:a9:e4:9a:d9:32:52:57:7b:5b:19:47:
         68:2c:2b:3b:df:38:3e:6a:2c:92:31:71:3f:68:26:60:46:a9:
         2f:fa:c2:2b:ec:33:f7:9a:85:02:8e:67:f6:d0:83:90:b3:71:
         62:2b:4d:bc:a8:1e:df:7d:8c:fc:b4:65:2e:b5:68:e7:a7:67:
         97:e4:48:68:22:c6:f2:ce:6d:a7:46:62:bc:36:96:cf:75:d8:
         15:09:c9:0c:76:0f:f0:8d:72:a0:c1:1b:7d:da:22:5f:ee:d6:
         a4:3f:e4:a3:25:ba:cf:fb:51:6b:eb:7c:f4:71:07:c4:00:da:
         51:a0:89:16:d9:c8:66:87:e3:f2:6e:f4:93:08:12:3e:8a:e0:
         d1:aa:2a:f1:86:07:57:5f:05:aa:0d:64:3a:b8:1b:95:89:bb:
         cf:3f:02:11
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITfTAtUg1S7xyJMp5Fthu4tFPgoTANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzJkZjZmM2IzYTM0YjYzODZkMWEzMmQ4ZjRmYTMxNzhlZjMx
ODg3ZDhiNDI4ZGZhYTQ3NjAeFw0yNTA5MjUyMjI3MzFaFw0yNTEwMzAyMzU5NTla
MHoxSTBHBgNVBAUTQGQwMjE4Mzg4ODk4YThiMjIyNTM2ZjhkYmNhYzk3OWQwMjc3
MWQzOWVmOGQzMjkzMGEyMmIxOWU0ZmQ3NjZiYmExLTArBgNVBAMTJDVmMjc2MDQ1
LTViOWYtNDVlZi05MjNkLWYzZmNlMjRhNjIyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALRzWEk3+DfFGZDboEL/I4FsRM9VCdNCtT5UKRHnysg+x6E+
KIdf58WSTajtVDTP3alpArhBR9Q0pgnY7KyeMwm3NUVXk0jv4cUcNVDQIH3Ow2Po
IHyHYtbWFWl+73pFpzfDbKDMh1iywlG/4uAdaOgQjNultd+nVRnQfpPgMJm7p/rA
KsPuefzgx8sfVIYz4igXJlDqCrkTSkacfA/coR9A19R4dmE4bbo5gm/rsfcCXpfk
62XnqtF6mbOLkMKwaa+dSKF/or9cJEGbHj/ycI8RbqUAxfJdzTSWY6igbBMbi4x1
e+XgujSisBYu2znkeWikNAeNdDLCT0gv+I/nDvMCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBTzSVua4MkBw71nx5IjOJvyjoyidzAfBgNVHSMEGDAWgBQlrdNCsB63pY6t
GZAmiLVLP4H0uDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzg1MWNlZjE3LTEz
MmEtNDMzNy1iN2QxLWJmMTZhNTJmZmQwMy9kZjZmM2IzYTM0YjYzODZkMWEzMmQ4
ZjRmYTMxNzhlZjMxODg3ZDhiNDI4ZGZhYTQ3Ni5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9mNzAzNjk2ZS1lNDdiLTRjMjAtYmQ5My02Zjgw
OTA0ZTQyZDIvYTllNmYyNWYtNDQ0Yy00MWU4LTg3YTYtNTNkMDdjNDc5ZjM1LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMt
NmY4MDkwNGU0MmQyL3RqaHRHakxZOVBveGVPOHhpSDJMUW8zNnBIWS5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAQOmODANBgkqhkiG9w0BAQsFAAOCAQEAmw3muEUDpqpJEGG4JAk1av6QRv7L
B2be2gqFaePvYPIW+4VQCFQQvJDMhTJR14kmiz3JshXY7VnNQF5f5R8pwblImkTR
hKaM4mLH1stjvyAI23M2Z4aWfb68QBRH+HGZRankmtkyUld7WxlHaCwrO984Pmos
kjFxP2gmYEapL/rCK+wz95qFAo5n9tCDkLNxYitNvKge332M/LRlLrVo56dnl+RI
aCLG8s5tp0ZivDaWz3XYFQnJDHYP8I1yoMEbfdoiX+7WpD/koyW6z/tRa+t89HEH
xADaUaCJFtnIZofj8m70kwgSPorg0aoq8YYHV18Fqg1kOrgblYm7zz8CEQ==
-----END CERTIFICATE-----