Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ac0bc8da-4139-4067-88f2-7092d26cbeb6.roa
File:                     ac0bc8da-4139-4067-88f2-7092d26cbeb6.roa (raw, json)
Hash identifier:          80RkRjoCyAB2YgnD215nrEThnfFC4Mwb/Z2O+kI4AP0=
Subject key identifier:   26:69:B5:38:83:21:C5:36:92:C7:41:50:8A:F9:CA:DC:F0:3C:CB:B2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       36F7D1ED53829F986C1E2F30EA2BE8D012FACBCE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ac0bc8da-4139-4067-88f2-7092d26cbeb6.roa
Signing time:             Fri 26 Sep 2025 00:15:40 +0000
ROA not before:           Fri 26 Sep 2025 00:15:40 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.164.84.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:f7:d1:ed:53:82:9f:98:6c:1e:2f:30:ea:2b:e8:d0:12:fa:cb:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:15:40 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=62bc3997c74788338adb2b74c75942c60eea98fd2d7389ef58971a7807e0fbb7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:38:99:18:e0:ac:1a:6f:4d:d0:ec:33:88:88:
                    f1:d7:e0:37:19:43:41:00:75:60:c6:34:6a:5b:32:
                    73:51:c9:12:ed:7c:72:14:b7:b6:19:f2:cb:8a:8e:
                    14:06:bc:4e:a7:6f:b7:bb:c4:47:62:77:f9:f3:33:
                    f1:a4:6d:06:54:cb:39:b3:b7:9c:b4:5a:0f:40:1f:
                    18:cd:c6:3a:9a:8d:a5:07:8f:64:a3:03:12:95:ca:
                    f3:60:41:7a:b9:7a:54:3c:00:bc:58:c6:40:e1:47:
                    28:1a:3e:b9:eb:09:e2:d7:3a:88:46:8c:a3:2c:b5:
                    3b:f9:e9:e9:44:d0:54:7e:00:f5:02:cd:a6:c8:eb:
                    3c:2b:ac:15:d9:a3:1f:ac:5d:56:a8:a5:30:8e:1c:
                    7d:30:0f:e0:8f:31:2f:f5:ea:95:58:14:06:0d:e6:
                    67:8f:30:e9:5b:c9:49:f5:34:b2:a3:6e:42:c7:4d:
                    8b:e7:0f:3d:07:73:52:f8:89:da:78:3c:dc:44:02:
                    0c:f2:2f:30:24:aa:7c:98:23:a4:4d:52:74:74:c8:
                    4b:cb:e8:d9:2d:be:ae:70:33:1d:eb:d4:a5:3c:03:
                    2d:20:49:d9:05:00:c7:7d:d1:b2:27:b6:cc:cc:05:
                    26:2c:b9:28:ff:1e:fc:e0:4b:17:7b:0a:9b:df:52:
                    92:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:69:B5:38:83:21:C5:36:92:C7:41:50:8A:F9:CA:DC:F0:3C:CB:B2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ac0bc8da-4139-4067-88f2-7092d26cbeb6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.164.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:07:69:66:9b:13:4c:31:ba:87:75:42:23:24:4d:23:a2:98:
         2b:ca:5b:76:cf:59:f7:88:50:d4:56:5a:c7:c8:b7:75:aa:09:
         66:17:7b:6b:3c:36:3d:5b:98:b5:07:f6:4b:8d:3f:b1:de:1e:
         27:5e:92:1d:60:35:0f:39:db:17:29:34:73:ba:ff:2f:10:cd:
         ef:28:e6:d0:26:52:70:fe:65:63:65:70:4d:54:d5:49:92:fd:
         cb:81:73:a2:fa:bd:51:4b:56:69:9c:72:ae:cb:75:0c:e8:d1:
         09:da:f1:b1:02:44:01:ec:d5:7a:ff:37:2c:ab:ba:55:b4:4b:
         ff:d8:45:45:12:e8:29:1a:41:9a:ef:fb:84:5c:93:bb:e4:73:
         ff:e1:03:fb:f1:6c:7b:03:fb:82:64:78:15:5e:64:2d:d2:cc:
         a0:24:f7:32:59:56:de:0d:ad:4a:2c:3c:d6:be:dd:af:97:1b:
         76:3a:81:69:71:25:19:32:60:ce:09:38:38:2d:f3:cd:1f:30:
         3f:76:7d:4b:6f:09:6e:b6:61:b3:b2:81:de:30:bb:76:ef:5b:
         85:93:6c:07:4b:34:4d:93:7f:97:7e:21:8a:5b:60:0e:c0:1b:
         c0:24:1e:6d:c8:37:5c:71:78:d4:2e:38:01:d8:40:c2:35:9f:
         fc:7d:2a:c5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNvfR7VOCn5hsHi8w6ivo0BL6y84wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAxNTQwWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MmJjMzk5N2M3NDc4ODMzOGFkYjJiNzRjNzU5NDJjNjBl
ZWE5OGZkMmQ3Mzg5ZWY1ODk3MWE3ODA3ZTBmYmI3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxOJkY4Kwab03Q7DOIiPHX4DcZQ0EAdWDGNGpbMnNRyRLt
fHIUt7YZ8suKjhQGvE6nb7e7xEdid/nzM/GkbQZUyzmzt5y0Wg9AHxjNxjqajaUH
j2SjAxKVyvNgQXq5elQ8ALxYxkDhRygaPrnrCeLXOohGjKMstTv56elE0FR+APUC
zabI6zwrrBXZox+sXVaopTCOHH0wD+CPMS/16pVYFAYN5mePMOlbyUn1NLKjbkLH
TYvnDz0Hc1L4idp4PNxEAgzyLzAkqnyYI6RNUnR0yEvL6Nktvq5wMx3r1KU8Ay0g
SdkFAMd90bIntszMBSYsuSj/HvzgSxd7CpvfUpK/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJmm1OIMhxTaSx0FQivnK3PA8y7IwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FjMGJjOGRhLTQxMzktNDA2Ny04OGYyLTcwOTJkMjZjYmViNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDpFQwDQYJKoZIhvcNAQELBQADggEBABwHaWabE0wxuod1QiMkTSOimCvK
W3bPWfeIUNRWWsfIt3WqCWYXe2s8Nj1bmLUH9kuNP7HeHidekh1gNQ852xcpNHO6
/y8Qze8o5tAmUnD+ZWNlcE1U1UmS/cuBc6L6vVFLVmmccq7LdQzo0Qna8bECRAHs
1Xr/NyyrulW0S//YRUUS6CkaQZrv+4Rck7vkc//hA/vxbHsD+4JkeBVeZC3SzKAk
9zJZVt4NrUosPNa+3a+XG3Y6gWlxJRkyYM4JODgt880fMD92fUtvCW62YbOygd4w
u3bvW4WTbAdLNE2Tf5d+IYpbYA7AG8AkHm3IN1xxeNQuOAHYQMI1n/x9KsU=
-----END CERTIFICATE-----