Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/acd73aff-9872-4fd9-9794-27bdb1fd0163.roa
File:                     acd73aff-9872-4fd9-9794-27bdb1fd0163.roa (raw, json)
Hash identifier:          LGDMdRGKy+NJMj2gfVLls4zf3870I3W3suIft7s8F1o=
Subject key identifier:   E2:0F:FE:89:6E:B5:BD:D4:BA:6C:D6:E1:2C:99:14:14:A1:0B:B1:9E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5ADE89668F6407A91C4133FE5758A3DB5C5DEE1A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/acd73aff-9872-4fd9-9794-27bdb1fd0163.roa
Signing time:             Thu 25 Sep 2025 19:22:18 +0000
ROA not before:           Thu 25 Sep 2025 19:22:18 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.168.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:de:89:66:8f:64:07:a9:1c:41:33:fe:57:58:a3:db:5c:5d:ee:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 19:22:18 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=4ae84443240c61f50b4db1828a5505148b154da29c8af05ad9696883a69cce77, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:43:1c:a0:19:ee:a3:4a:2f:e3:3b:8c:83:ba:
                    10:63:1b:03:5b:a3:a4:69:85:0b:c1:d5:64:50:59:
                    65:94:4d:cb:58:d1:17:2f:90:a5:2d:e1:42:7a:4a:
                    c7:0b:e5:50:0c:56:b7:00:f5:19:22:c9:f3:a6:db:
                    17:0f:0c:d6:80:f1:96:6d:47:56:64:47:f4:34:44:
                    05:ee:68:86:1a:fc:8c:a3:3b:f6:22:9d:41:0f:81:
                    d7:60:71:04:97:e9:da:2f:37:4a:66:c4:cd:bf:ac:
                    ef:c3:54:8c:c4:bc:a4:90:7e:9d:5a:1f:13:fb:5b:
                    f6:12:4f:fb:f9:c5:44:1d:52:c2:ee:b8:bb:d1:ce:
                    a8:ed:c1:47:f4:b0:e6:64:04:9a:90:53:fd:97:69:
                    fc:1a:b6:5d:9a:33:f5:b5:c4:98:15:8a:73:53:2a:
                    f1:a0:4f:d4:f7:e0:46:d7:ba:c1:4e:1d:42:ae:87:
                    b7:bb:19:30:3f:85:d7:f1:dc:99:15:1c:99:f2:a8:
                    80:ba:5b:ed:8b:aa:df:8f:90:23:cc:96:02:9b:a7:
                    9c:6c:a9:6a:ca:73:e8:b1:9d:53:9b:55:7b:2f:2b:
                    11:d7:80:3c:07:42:79:32:3d:d1:33:f8:45:6b:ab:
                    13:0a:b1:51:ff:07:3b:b2:cf:81:43:ae:f2:b4:79:
                    09:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:0F:FE:89:6E:B5:BD:D4:BA:6C:D6:E1:2C:99:14:14:A1:0B:B1:9E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/acd73aff-9872-4fd9-9794-27bdb1fd0163.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.168.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:4c:3c:02:92:e3:ff:13:bd:31:13:b6:f5:25:83:f8:cc:41:
         e7:dd:40:00:bf:8b:04:14:11:12:53:b7:f6:cf:c1:83:b3:44:
         78:26:ff:25:05:af:94:9f:84:39:77:a5:b1:11:1a:d5:8a:0e:
         d2:17:55:33:ca:4f:d9:0b:4b:30:9f:54:c2:8e:9a:52:55:07:
         c7:52:1d:92:26:8c:7b:83:cc:58:da:df:2a:10:e2:65:8b:44:
         42:77:f8:ef:b3:9f:a8:09:b9:12:e7:96:52:79:d0:9d:83:0c:
         6f:b4:0a:88:96:8a:de:0e:1d:09:8f:33:70:3b:ff:7c:47:5e:
         ce:ff:07:be:df:2f:e8:28:91:9b:64:77:64:ae:66:31:77:77:
         eb:ee:9b:d4:0b:e6:5d:05:55:97:c7:dd:e5:66:89:b8:89:22:
         4f:71:50:18:0b:b8:b7:0c:ef:0b:17:cb:70:d0:9a:87:cc:59:
         51:01:11:1b:36:3c:8b:7c:fa:08:21:75:77:f3:73:c2:db:15:
         23:fb:13:36:32:ae:99:c4:76:47:b3:c7:b5:5e:ac:41:9b:2b:
         c4:e1:b0:c6:11:b9:48:6b:5b:41:b4:9f:09:09:d6:5e:38:8d:
         10:2e:9e:70:21:97:5d:b6:d7:18:75:7f:1a:24:ce:6a:05:c7:
         ff:dd:67:93
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWt6JZo9kB6kcQTP+V1ij21xd7howDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTkyMjE4WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YWU4NDQ0MzI0MGM2MWY1MGI0ZGIxODI4YTU1MDUxNDhi
MTU0ZGEyOWM4YWYwNWFkOTY5Njg4M2E2OWNjZTc3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSQxygGe6jSi/jO4yDuhBjGwNbo6RphQvB1WRQWWWUTctY
0RcvkKUt4UJ6SscL5VAMVrcA9RkiyfOm2xcPDNaA8ZZtR1ZkR/Q0RAXuaIYa/Iyj
O/YinUEPgddgcQSX6dovN0pmxM2/rO/DVIzEvKSQfp1aHxP7W/YST/v5xUQdUsLu
uLvRzqjtwUf0sOZkBJqQU/2Xafwatl2aM/W1xJgVinNTKvGgT9T34EbXusFOHUKu
h7e7GTA/hdfx3JkVHJnyqIC6W+2Lqt+PkCPMlgKbp5xsqWrKc+ixnVObVXsvKxHX
gDwHQnkyPdEz+EVrqxMKsVH/Bzuyz4FDrvK0eQnvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4g/+iW61vdS6bNbhLJkUFKELsZ4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FjZDczYWZmLTk4NzItNGZkOS05Nzk0LTI3YmRiMWZkMDE2My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADqDUwDQYJKoZIhvcNAQELBQADggEBAFlMPAKS4/8TvTETtvUlg/jMQefd
QAC/iwQUERJTt/bPwYOzRHgm/yUFr5SfhDl3pbERGtWKDtIXVTPKT9kLSzCfVMKO
mlJVB8dSHZImjHuDzFja3yoQ4mWLREJ3+O+zn6gJuRLnllJ50J2DDG+0CoiWit4O
HQmPM3A7/3xHXs7/B77fL+gokZtkd2SuZjF3d+vum9QL5l0FVZfH3eVmibiJIk9x
UBgLuLcM7wsXy3DQmofMWVEBERs2PIt8+gghdXfzc8LbFSP7EzYyrpnEdkezx7Ve
rEGbK8ThsMYRuUhrW0G0nwkJ1l44jRAunnAhl1221xh1fxokzmoFx//dZ5M=
-----END CERTIFICATE-----