Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d064dd6c-f200-4a0d-a044-38e0bfdac2b9.roa
File:                     d064dd6c-f200-4a0d-a044-38e0bfdac2b9.roa (raw, json)
Hash identifier:          MVJbMRXFcgTus9ZYrqN2kn0HIy6hrdJu8X8vcHObXzg=
Subject key identifier:   1D:D7:3D:C4:E5:59:5C:62:06:92:44:33:BF:62:79:A5:04:9E:04:0E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1AF76F4EE82E6B6F039FAA10C54BCC617BCC95F7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d064dd6c-f200-4a0d-a044-38e0bfdac2b9.roa
Signing time:             Fri 15 Aug 2025 21:08:37 +0000
ROA not before:           Fri 15 Aug 2025 21:08:37 +0000
ROA not after:            Fri 19 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.2.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:f7:6f:4e:e8:2e:6b:6f:03:9f:aa:10:c5:4b:cc:61:7b:cc:95:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 15 21:08:37 2025 GMT
            Not After : Sep 19 23:59:59 2025 GMT
        Subject: serialNumber=7602240180b2a7f745f8beff8401a1e64037df86a8973fa530382f83472da964, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bf:4b:65:ef:89:bf:72:35:89:93:20:79:ea:
                    14:41:06:8d:0b:28:f1:52:35:50:22:69:88:27:ec:
                    95:27:27:44:20:43:1f:01:00:70:68:d7:d9:39:82:
                    6c:98:53:16:69:84:c2:b6:df:33:80:99:64:56:3a:
                    57:83:0f:49:57:cb:40:1d:9f:43:17:94:f8:f9:95:
                    77:c2:e0:9d:d5:60:ed:43:6c:2e:fb:7c:e9:b3:37:
                    fe:95:d6:fb:00:3e:4d:07:94:7b:3b:7c:61:e9:50:
                    00:a9:c4:7f:c0:22:51:c7:56:70:73:e2:8e:e9:73:
                    f5:0f:ca:c3:17:96:4a:60:ed:2e:88:c3:e9:6c:08:
                    cb:b2:0d:83:99:fc:05:03:32:65:0d:2e:23:51:2f:
                    63:c0:8e:8d:ed:61:06:29:49:fd:3c:b5:60:8b:62:
                    c7:8e:09:c4:c0:3c:3a:95:29:44:15:75:53:89:dd:
                    7b:05:c0:69:5f:4e:ab:11:86:0c:c0:bb:60:f9:92:
                    39:2d:e4:3d:44:a9:4e:68:3a:4e:69:34:ea:78:12:
                    a0:96:ff:87:78:21:29:28:98:dc:38:c2:fe:3f:a1:
                    76:ce:93:29:29:f3:50:cd:3e:73:a3:f2:ec:e8:ea:
                    e6:e0:3b:17:9f:4f:f2:89:24:a6:f7:ec:62:79:5f:
                    b1:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D7:3D:C4:E5:59:5C:62:06:92:44:33:BF:62:79:A5:04:9E:04:0E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d064dd6c-f200-4a0d-a044-38e0bfdac2b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:e2:68:9a:30:f2:a3:59:3c:6b:39:69:79:a8:17:48:5b:3b:
         f7:92:ac:a1:13:79:4c:96:e9:0b:2f:73:c6:e9:a2:53:5f:99:
         9a:0f:b3:d2:0a:a9:d7:70:84:d2:8a:cf:ca:b9:65:32:53:77:
         a7:b7:15:bc:39:cf:5e:c4:27:a7:1e:47:29:70:77:ba:ce:7d:
         f3:54:bc:52:0c:dd:51:40:14:f4:c1:07:c8:1e:56:11:12:4b:
         92:c2:93:93:51:53:06:04:df:65:a6:7a:ed:55:66:41:d7:e5:
         fc:95:59:4f:64:81:73:c1:ba:41:a3:13:55:9d:83:bc:e8:33:
         53:51:09:1b:40:2e:ca:42:a0:cd:ac:31:3a:df:3c:2f:86:7a:
         df:7d:cc:de:29:2d:cf:58:6e:bb:ab:6f:bd:de:dc:8b:0a:ce:
         6f:d9:7e:8d:23:c4:ca:ae:8f:c6:0b:49:5d:d1:e0:d7:42:90:
         79:64:5a:a6:40:a9:72:77:12:4d:67:f1:6d:34:cf:c3:4e:44:
         17:75:c6:ea:0e:4a:a3:bc:0f:c2:14:19:f7:cc:c7:0b:c3:dc:
         6d:f3:b6:bf:9d:4f:06:0a:bc:bd:02:b6:fb:20:cb:f9:2f:82:
         0d:d2:d4:ec:72:f4:83:19:80:d4:df:f8:d8:8d:4d:3e:80:a1:
         88:8b:5a:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGvdvTugua28Dn6oQxUvMYXvMlfcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE1MjEwODM3WhcNMjUwOTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NjAyMjQwMTgwYjJhN2Y3NDVmOGJlZmY4NDAxYTFlNjQw
MzdkZjg2YTg5NzNmYTUzMDM4MmY4MzQ3MmRhOTY0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0v0tl74m/cjWJkyB56hRBBo0LKPFSNVAiaYgn7JUnJ0Qg
Qx8BAHBo19k5gmyYUxZphMK23zOAmWRWOleDD0lXy0Adn0MXlPj5lXfC4J3VYO1D
bC77fOmzN/6V1vsAPk0HlHs7fGHpUACpxH/AIlHHVnBz4o7pc/UPysMXlkpg7S6I
w+lsCMuyDYOZ/AUDMmUNLiNRL2PAjo3tYQYpSf08tWCLYseOCcTAPDqVKUQVdVOJ
3XsFwGlfTqsRhgzAu2D5kjkt5D1EqU5oOk5pNOp4EqCW/4d4ISkomNw4wv4/oXbO
kykp81DNPnOj8uzo6ubgOxefT/KJJKb37GJ5X7GlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHdc9xOVZXGIGkkQzv2J5pQSeBA4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QwNjRkZDZjLWYyMDAtNGEwZC1hMDQ0LTM4ZTBiZmRhYzJiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAl0wDQYJKoZIhvcNAQELBQADggEBAEPiaJow8qNZPGs5aXmoF0hbO/eS
rKETeUyW6Qsvc8bpolNfmZoPs9IKqddwhNKKz8q5ZTJTd6e3Fbw5z17EJ6ceRylw
d7rOffNUvFIM3VFAFPTBB8geVhESS5LCk5NRUwYE32Wmeu1VZkHX5fyVWU9kgXPB
ukGjE1Wdg7zoM1NRCRtALspCoM2sMTrfPC+Get99zN4pLc9Ybrurb73e3IsKzm/Z
fo0jxMquj8YLSV3R4NdCkHlkWqZAqXJ3Ek1n8W00z8NORBd1xuoOSqO8D8IUGffM
xwvD3G3ztr+dTwYKvL0Ctvsgy/kvgg3S1Oxy9IMZgNTf+NiNTT6AoYiLWmY=
-----END CERTIFICATE-----