Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/22bd752f-9aa7-4278-a62b-62582aa4b011.roa
File:                     22bd752f-9aa7-4278-a62b-62582aa4b011.roa (raw, json)
Hash identifier:          nc+e7yEHNHFEoc6RNuMATLynpRunx7gyIJuoIfd7JFY=
Subject key identifier:   AB:E2:4A:61:1E:AD:B8:55:C5:F0:C2:81:89:24:3D:5C:60:1D:DC:A2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       02C756AF4C3B31212CA2E9A8608AC8A14FC22637
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/22bd752f-9aa7-4278-a62b-62582aa4b011.roa
Signing time:             Mon 20 Oct 2025 14:22:35 +0000
ROA not before:           Mon 20 Oct 2025 14:22:35 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.165.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:c7:56:af:4c:3b:31:21:2c:a2:e9:a8:60:8a:c8:a1:4f:c2:26:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 20 14:22:35 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=357e044ed1d16a23585e1d536a673a552423e0f6e27974c820f9d89ea2e5fc2d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:1b:ea:c8:75:69:03:17:73:35:a9:2b:5c:02:
                    c4:d1:ba:db:6f:5f:48:5f:d0:5a:6b:21:fa:7e:1d:
                    4d:b7:f2:a0:96:aa:e8:08:9e:26:dc:ee:1d:71:e3:
                    bf:e2:8a:4a:65:6a:7a:f9:2d:bd:91:15:a9:49:35:
                    96:18:70:57:5d:ee:05:87:05:e7:0d:52:08:be:cc:
                    62:17:c8:80:4c:0c:72:72:24:bc:14:44:b6:98:7a:
                    12:ad:8a:44:6c:14:0a:7b:c0:2b:eb:8c:27:d0:d4:
                    19:a0:28:39:65:71:6c:bd:46:0e:ce:f6:c6:1a:80:
                    8a:18:5b:ac:95:50:83:f0:84:c0:c6:e1:b9:c8:0a:
                    79:13:33:8f:39:95:c4:b5:98:44:7e:9f:e2:ab:4d:
                    68:d8:d9:81:1c:f5:e4:29:36:0c:01:a0:2e:6a:d2:
                    33:43:93:51:e6:43:7d:7b:f3:78:f6:f5:69:db:af:
                    02:08:56:30:41:d5:80:42:fe:bd:20:f2:e8:11:0b:
                    a1:6e:cd:b4:e6:4c:c6:eb:5b:88:b3:c0:c6:9f:64:
                    cc:aa:ee:3b:60:de:a9:b0:7e:c0:f1:f0:3d:53:67:
                    2a:a6:e5:a8:ef:a0:03:a7:45:1d:06:bf:b1:94:8a:
                    bb:5b:88:f1:b6:d6:78:3e:9c:06:37:9e:32:f0:15:
                    51:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:E2:4A:61:1E:AD:B8:55:C5:F0:C2:81:89:24:3D:5C:60:1D:DC:A2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/22bd752f-9aa7-4278-a62b-62582aa4b011.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.165.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:dc:c9:cd:8a:b5:77:a9:43:9f:f8:3d:16:8d:c4:da:e3:5b:
         58:bc:fe:0f:32:ae:1e:39:4c:32:ee:c4:86:51:5d:e0:03:63:
         95:7b:ed:aa:38:f5:9e:fd:8b:95:2e:e3:79:d9:2d:2e:59:9c:
         41:68:71:21:0f:77:5d:5a:8d:85:82:55:c2:c5:c2:47:46:7c:
         55:5c:cf:43:ba:f5:f9:a4:2c:8c:81:fe:5a:cb:29:26:06:15:
         b3:87:c9:ae:4e:9c:f2:e1:57:d1:4d:d1:35:f0:d3:dd:40:f1:
         62:76:d4:bf:f2:52:ab:83:ba:1d:86:d7:57:69:04:01:c6:a1:
         7a:14:52:08:83:0d:a6:a3:a4:ea:8c:fd:93:7e:30:c1:b0:4d:
         e6:46:ed:ae:8c:d7:34:10:dc:2f:b0:17:f5:31:da:5a:02:97:
         00:8b:53:e4:48:3e:12:18:84:a9:16:ef:8e:1d:45:ec:87:e1:
         f7:83:3d:53:22:67:bd:1d:89:b8:66:6f:d8:c1:05:39:87:ce:
         be:df:be:c6:b0:f9:dd:7c:03:09:53:2b:1d:fc:9a:c1:5c:1c:
         02:76:4a:cd:78:60:c2:b1:55:cc:ed:11:2a:27:b3:d3:db:ca:
         6d:44:33:a2:ec:19:06:a4:83:88:30:2c:cb:72:0b:14:62:95:
         d7:2f:b9:88
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAsdWr0w7MSEsoumoYIrIoU/CJjcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIwMTQyMjM1WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNTdlMDQ0ZWQxZDE2YTIzNTg1ZTFkNTM2YTY3M2E1NTI0
MjNlMGY2ZTI3OTc0YzgyMGY5ZDg5ZWEyZTVmYzJkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpG+rIdWkDF3M1qStcAsTRuttvX0hf0FprIfp+HU238qCW
qugInibc7h1x47/iikplanr5Lb2RFalJNZYYcFdd7gWHBecNUgi+zGIXyIBMDHJy
JLwURLaYehKtikRsFAp7wCvrjCfQ1BmgKDllcWy9Rg7O9sYagIoYW6yVUIPwhMDG
4bnICnkTM485lcS1mER+n+KrTWjY2YEc9eQpNgwBoC5q0jNDk1HmQ31783j29Wnb
rwIIVjBB1YBC/r0g8ugRC6FuzbTmTMbrW4izwMafZMyq7jtg3qmwfsDx8D1TZyqm
5ajvoAOnRR0Gv7GUirtbiPG21ng+nAY3njLwFVG7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUq+JKYR6tuFXF8MKBiSQ9XGAd3KIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzIyYmQ3NTJmLTlhYTctNDI3OC1hNjJiLTYyNTgyYWE0YjAxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADpRwwDQYJKoZIhvcNAQELBQADggEBAKTcyc2KtXepQ5/4PRaNxNrjW1i8
/g8yrh45TDLuxIZRXeADY5V77ao49Z79i5Uu43nZLS5ZnEFocSEPd11ajYWCVcLF
wkdGfFVcz0O69fmkLIyB/lrLKSYGFbOHya5OnPLhV9FN0TXw091A8WJ21L/yUquD
uh2G11dpBAHGoXoUUgiDDaajpOqM/ZN+MMGwTeZG7a6M1zQQ3C+wF/Ux2loClwCL
U+RIPhIYhKkW744dReyH4feDPVMiZ70dibhmb9jBBTmHzr7fvsaw+d18AwlTKx38
msFcHAJ2Ss14YMKxVcztESons9Pbym1EM6LsGQakg4gwLMtyCxRildcvuYg=
-----END CERTIFICATE-----