Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b1be532f-2777-4b63-9293-32e4c701ac54.roa
File:                     b1be532f-2777-4b63-9293-32e4c701ac54.roa (raw, json)
Hash identifier:          uLZnLaaHVfooQEtM+x9K3Ib+Bz2MKEa7WS9J7fWUqNM=
Subject key identifier:   D9:3B:7D:80:B6:FD:46:08:A7:30:D3:CA:F1:BC:F1:D9:68:89:95:C8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       371F286679451DE9475D19988C09394D6FF0050F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b1be532f-2777-4b63-9293-32e4c701ac54.roa
Signing time:             Thu 25 Sep 2025 22:54:38 +0000
ROA not before:           Thu 25 Sep 2025 22:54:38 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.169.240.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:1f:28:66:79:45:1d:e9:47:5d:19:98:8c:09:39:4d:6f:f0:05:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 22:54:38 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=19f9b2bfc048fe90ca27f647ee483bb9e5797a4ab50120a8a97c4d5c6498fcef, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f5:08:d9:3b:e9:f1:a2:15:ef:82:65:de:52:
                    b6:93:63:cb:c7:39:76:d0:4e:16:1e:18:7e:92:a0:
                    b9:ab:85:b7:3b:09:29:66:43:e1:c7:06:c5:9a:43:
                    22:e6:a7:6c:0c:9b:c5:44:7a:18:cc:1d:6c:6b:29:
                    e9:60:97:68:89:62:d0:e7:c4:33:ac:22:4c:b1:22:
                    b1:e3:2f:f2:50:1e:3b:7c:2e:a0:d4:71:b3:47:c2:
                    be:55:e3:a5:47:d1:66:63:4f:52:63:5e:b7:01:3f:
                    b8:0b:e1:14:1e:f3:9f:3e:2e:fb:03:f7:1f:bb:e3:
                    a2:4b:33:7a:f0:bb:96:da:24:8e:19:12:2f:26:03:
                    97:6e:08:12:75:2f:00:20:21:13:cf:19:00:ed:4d:
                    17:26:68:50:e9:28:2b:06:2f:97:3b:8d:66:17:2d:
                    5d:d4:cd:71:9f:a4:5d:77:01:e0:5e:7c:be:d3:84:
                    18:42:ed:46:06:d3:80:e1:43:ae:94:ff:e6:4a:60:
                    b1:df:5a:01:4e:0a:64:67:15:88:24:95:85:ae:e4:
                    6f:a5:5a:64:20:f3:f3:3b:34:d3:4e:aa:67:9e:67:
                    8a:25:48:89:f6:10:34:dd:d7:26:90:bb:e8:cd:1b:
                    ca:d3:29:55:72:37:01:4d:a0:be:ab:99:b0:86:3f:
                    c8:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:3B:7D:80:B6:FD:46:08:A7:30:D3:CA:F1:BC:F1:D9:68:89:95:C8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b1be532f-2777-4b63-9293-32e4c701ac54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.169.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:05:da:c6:c4:46:32:07:4c:c0:36:b8:58:d1:f7:32:d2:3c:
         46:4a:40:06:84:6e:10:a9:89:05:c7:ac:d3:b7:e1:68:cd:86:
         42:35:32:80:36:c4:67:f7:65:de:b0:22:d4:2c:72:a4:1d:13:
         6d:d2:a6:0e:a6:02:fd:80:d6:0f:b1:d5:63:6e:48:bd:32:c4:
         a5:02:ec:45:50:dc:50:db:30:17:11:96:b9:65:b1:63:26:5c:
         15:2d:65:67:ed:16:ce:4c:f0:0a:cd:56:89:d6:14:dd:f9:11:
         01:11:b4:8d:b4:a0:90:02:04:13:18:07:1b:e7:a1:a0:fb:e2:
         33:0f:5f:ef:ed:eb:90:f1:f1:cf:6b:50:15:55:ea:86:70:c2:
         ce:65:da:4f:4d:1f:bd:e4:43:11:a5:4c:d4:6b:51:e4:ba:39:
         50:c9:6f:fd:a4:23:b7:84:cc:15:c4:44:d9:01:93:6d:48:98:
         29:78:53:e8:18:ba:a9:1a:95:48:cd:64:eb:25:cd:bc:0d:c5:
         a6:ef:6b:ab:77:5b:0e:cd:2c:d7:52:ca:03:87:a9:f3:31:b8:
         63:f7:7d:be:c9:52:49:1f:4d:c0:28:72:af:d5:6a:b3:f8:85:
         c6:b9:a5:2c:ba:2f:8a:0d:30:02:72:26:25:be:d2:ba:f2:b1:
         69:b2:be:7c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNx8oZnlFHelHXRmYjAk5TW/wBQ8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjI1NDM4WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxOWY5YjJiZmMwNDhmZTkwY2EyN2Y2NDdlZTQ4M2JiOWU1
Nzk3YTRhYjUwMTIwYThhOTdjNGQ1YzY0OThmY2VmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD9QjZO+nxohXvgmXeUraTY8vHOXbQThYeGH6SoLmrhbc7
CSlmQ+HHBsWaQyLmp2wMm8VEehjMHWxrKelgl2iJYtDnxDOsIkyxIrHjL/JQHjt8
LqDUcbNHwr5V46VH0WZjT1JjXrcBP7gL4RQe858+LvsD9x+746JLM3rwu5baJI4Z
Ei8mA5duCBJ1LwAgIRPPGQDtTRcmaFDpKCsGL5c7jWYXLV3UzXGfpF13AeBefL7T
hBhC7UYG04DhQ66U/+ZKYLHfWgFOCmRnFYgklYWu5G+lWmQg8/M7NNNOqmeeZ4ol
SIn2EDTd1yaQu+jNG8rTKVVyNwFNoL6rmbCGP8gxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2Tt9gLb9RginMNPK8bzx2WiJlcgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IxYmU1MzJmLTI3NzctNGI2My05MjkzLTMyZTRjNzAxYWM1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDqfAwDQYJKoZIhvcNAQELBQADggEBAEoF2sbERjIHTMA2uFjR9zLSPEZK
QAaEbhCpiQXHrNO34WjNhkI1MoA2xGf3Zd6wItQscqQdE23Spg6mAv2A1g+x1WNu
SL0yxKUC7EVQ3FDbMBcRlrllsWMmXBUtZWftFs5M8ArNVonWFN35EQERtI20oJAC
BBMYBxvnoaD74jMPX+/t65Dx8c9rUBVV6oZwws5l2k9NH73kQxGlTNRrUeS6OVDJ
b/2kI7eEzBXERNkBk21ImCl4U+gYuqkalUjNZOslzbwNxabva6t3Ww7NLNdSygOH
qfMxuGP3fb7JUkkfTcAocq/VarP4hca5pSy6L4oNMAJyJiW+0rrysWmyvnw=
-----END CERTIFICATE-----