Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b31b7c02-1842-4517-8e26-3858dc20ba41.roa
File:                     b31b7c02-1842-4517-8e26-3858dc20ba41.roa (raw, json)
Hash identifier:          PYXukJP9V0T499o02YYd11i0wLrg/hIT8DNvqVm6plc=
Subject key identifier:   AB:FD:C1:9B:E0:92:4F:DF:71:B2:03:85:17:11:64:93:AA:43:EE:3B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       68772831504A62624FDA13E0870F4B7F85BB13C2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b31b7c02-1842-4517-8e26-3858dc20ba41.roa
Signing time:             Thu 25 Sep 2025 18:51:39 +0000
ROA not before:           Thu 25 Sep 2025 18:51:39 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.167.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:77:28:31:50:4a:62:62:4f:da:13:e0:87:0f:4b:7f:85:bb:13:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 18:51:39 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=ab2504047b05ce7122166c7d2d8dc1996ec431aa9ff9f0a32d74e6e6481c80ea, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:38:2c:0d:ee:72:e0:85:7c:7f:3a:b0:cc:d6:
                    59:d6:f3:5a:55:09:47:d6:84:00:4b:1c:e3:24:eb:
                    50:a3:57:a9:97:eb:ec:cb:10:9c:18:bd:33:05:d7:
                    7c:49:75:0e:7a:3f:1f:57:12:c2:7e:20:a2:9e:d0:
                    b1:a4:58:df:81:23:aa:00:70:88:20:ca:47:d3:79:
                    73:4a:62:90:39:09:ee:2b:d5:03:df:9f:fe:88:4a:
                    ba:f9:f5:47:9d:0e:1d:ed:d7:91:18:0e:59:f6:89:
                    0c:f1:5e:eb:e2:f4:c8:58:2e:8e:39:81:5d:a9:78:
                    42:32:c5:50:6e:98:4f:de:1b:7a:81:7e:21:dc:56:
                    ee:f2:c2:32:32:f3:43:4e:29:11:c3:04:f5:0c:da:
                    96:97:f2:99:a5:f2:e3:76:cf:4b:55:b2:73:ca:0b:
                    99:21:0d:5b:cf:f5:f9:05:44:bf:c3:85:74:5b:ab:
                    51:82:8c:6b:dd:fb:07:8e:1b:77:fd:49:f7:4a:84:
                    69:60:0d:bd:c1:c1:6a:bf:c7:e1:3d:11:62:2c:31:
                    ed:cb:42:a2:6e:04:12:65:bb:3f:6f:80:dd:bc:85:
                    e7:00:8c:89:93:e8:f2:9e:c1:ef:9e:a8:4b:4a:c1:
                    73:ee:62:9f:7f:f0:c7:e9:f8:db:15:d0:f4:d0:5e:
                    1f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:FD:C1:9B:E0:92:4F:DF:71:B2:03:85:17:11:64:93:AA:43:EE:3B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b31b7c02-1842-4517-8e26-3858dc20ba41.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.167.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:8d:00:02:c3:99:ee:30:81:9c:8f:cf:4c:7e:60:63:bb:74:
         b6:de:9c:eb:07:e4:1d:29:76:c4:1b:73:d8:a4:b2:bf:71:a0:
         31:56:21:30:e5:65:c4:43:58:25:61:83:76:a7:9f:ca:06:aa:
         15:4f:9f:ce:f8:91:00:f3:04:52:ba:1f:f8:6b:76:a5:3c:c0:
         3c:45:5b:8b:d8:73:3b:12:55:10:82:c5:b6:97:d4:a6:e5:b2:
         db:b9:b6:52:1b:9e:76:c9:7d:f0:9d:45:68:6b:b4:4e:ff:de:
         39:df:7c:7d:80:8e:99:7f:20:a7:ec:97:5f:6a:dd:1e:bf:d2:
         25:ad:fd:5b:92:59:80:a1:56:d8:10:69:50:99:40:8d:82:52:
         9e:c6:80:ba:a7:44:19:c8:94:d7:03:b7:1b:e9:57:d8:fc:af:
         10:3d:1b:9c:53:46:4f:06:74:02:16:4f:19:59:44:74:7b:5a:
         76:ae:35:47:51:b4:00:3b:4a:2b:ef:1b:93:39:dc:15:c9:7a:
         76:f4:3e:4c:9f:2d:88:58:14:8b:f2:75:97:4d:bc:42:83:a8:
         5c:68:f4:ba:74:d6:30:ff:3a:3c:c6:a5:12:83:6e:26:8e:32:
         2a:19:61:9f:12:8d:75:14:96:c5:93:6c:65:a8:fb:08:fc:6d:
         72:23:82:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaHcoMVBKYmJP2hPghw9Lf4W7E8IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTg1MTM5WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYjI1MDQwNDdiMDVjZTcxMjIxNjZjN2QyZDhkYzE5OTZl
YzQzMWFhOWZmOWYwYTMyZDc0ZTZlNjQ4MWM4MGVhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPOCwN7nLghXx/OrDM1lnW81pVCUfWhABLHOMk61CjV6mX
6+zLEJwYvTMF13xJdQ56Px9XEsJ+IKKe0LGkWN+BI6oAcIggykfTeXNKYpA5Ce4r
1QPfn/6ISrr59UedDh3t15EYDln2iQzxXuvi9MhYLo45gV2peEIyxVBumE/eG3qB
fiHcVu7ywjIy80NOKRHDBPUM2paX8pml8uN2z0tVsnPKC5khDVvP9fkFRL/DhXRb
q1GCjGvd+weOG3f9SfdKhGlgDb3BwWq/x+E9EWIsMe3LQqJuBBJluz9vgN28hecA
jImT6PKewe+eqEtKwXPuYp9/8Mfp+NsV0PTQXh8bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUq/3Bm+CST99xsgOFFxFkk6pD7jswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IzMWI3YzAyLTE4NDItNDUxNy04ZTI2LTM4NThkYzIwYmE0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADp2kwDQYJKoZIhvcNAQELBQADggEBADeNAALDme4wgZyPz0x+YGO7dLbe
nOsH5B0pdsQbc9iksr9xoDFWITDlZcRDWCVhg3ann8oGqhVPn874kQDzBFK6H/hr
dqU8wDxFW4vYczsSVRCCxbaX1Kblstu5tlIbnnbJffCdRWhrtE7/3jnffH2Ajpl/
IKfsl19q3R6/0iWt/VuSWYChVtgQaVCZQI2CUp7GgLqnRBnIlNcDtxvpV9j8rxA9
G5xTRk8GdAIWTxlZRHR7WnauNUdRtAA7SivvG5M53BXJenb0PkyfLYhYFIvydZdN
vEKDqFxo9Lp01jD/OjzGpRKDbiaOMioZYZ8SjXUUlsWTbGWo+wj8bXIjgmE=
-----END CERTIFICATE-----