Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3aa51579-c1c7-498e-9312-1ca8e8606c51.roa
File:                     3aa51579-c1c7-498e-9312-1ca8e8606c51.roa (raw, json)
Hash identifier:          FdIhW5pUEDDspsAgH5M8oUAwj5CqaPEmeR6v3MB/KOY=
Subject key identifier:   E0:05:C1:31:5D:C7:82:BB:17:45:77:78:77:4A:C5:D2:FA:E7:E3:06
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6A6070C1C1BD04C2738DF76E7CA708139D01A2BB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3aa51579-c1c7-498e-9312-1ca8e8606c51.roa
Signing time:             Mon 20 Oct 2025 10:50:12 +0000
ROA not before:           Mon 20 Oct 2025 10:50:12 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.169.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:60:70:c1:c1:bd:04:c2:73:8d:f7:6e:7c:a7:08:13:9d:01:a2:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 20 10:50:12 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=dd0e8b7f18f7abb50e0f21b82b69aac9228d1c322635321870e8b44f626cba64, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:10:f0:7a:1e:63:c1:52:19:62:47:ba:2d:a5:
                    11:4f:10:dd:ca:be:0f:05:ad:e5:ac:88:a4:2f:c6:
                    8c:75:99:eb:1c:80:75:eb:d3:0a:2a:16:96:03:e6:
                    b3:4b:e0:83:ef:1d:a6:ab:b6:8a:28:8a:20:ec:fc:
                    2e:e5:55:73:7f:06:67:6b:f7:f3:1a:28:2b:fc:b8:
                    d3:ad:fe:0b:5c:d5:b8:19:29:ad:66:04:02:e3:f4:
                    12:24:79:11:80:c6:8a:f4:65:f6:f6:67:74:cd:c6:
                    a5:5b:14:c0:d3:67:bf:aa:34:a2:92:bf:e9:14:2a:
                    39:42:32:64:fd:37:3a:bf:46:03:2e:1e:31:b2:5b:
                    d8:70:75:5e:60:e6:02:6d:d6:ef:c0:f2:ea:9a:50:
                    04:75:3f:93:d0:4f:66:1d:dc:4d:9e:49:e2:b2:2d:
                    bf:b7:66:49:91:36:80:8c:51:55:f3:ea:0b:9d:5c:
                    45:07:38:55:ff:a7:23:3c:a6:60:ae:34:cf:bf:04:
                    73:be:40:a1:6f:74:df:45:a0:bd:8f:ee:6f:a4:7b:
                    bc:84:d9:fe:6b:25:ce:ce:e0:58:dc:9d:81:e7:ab:
                    d6:b8:4d:5e:82:77:1c:03:58:dc:0e:4c:59:86:80:
                    04:e4:4e:20:27:2e:86:18:3a:61:44:3e:d4:b5:6e:
                    16:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:05:C1:31:5D:C7:82:BB:17:45:77:78:77:4A:C5:D2:FA:E7:E3:06
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3aa51579-c1c7-498e-9312-1ca8e8606c51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.169.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:e1:36:2e:3e:b8:60:cf:09:86:2d:70:3c:d1:c5:1b:3f:b6:
         48:73:85:da:e4:a4:42:b1:c0:8a:35:02:7f:04:40:be:36:19:
         ab:db:83:27:a4:4c:20:27:01:37:d6:61:97:44:5c:9b:a7:98:
         a5:dc:8a:be:6e:9b:e1:95:4e:a3:86:58:a7:9f:59:4e:cb:0a:
         8f:90:0d:a0:12:5f:fc:f5:55:3b:3b:de:44:e6:e9:b6:95:cf:
         19:31:34:bd:06:bd:7e:de:b7:66:5b:12:0e:13:72:f4:87:2d:
         af:a6:52:00:df:13:50:2b:98:7d:3f:a0:8a:8f:da:31:b9:a9:
         eb:19:c1:99:43:06:65:db:13:6f:13:d3:be:39:53:a5:a5:6e:
         4e:7b:3a:86:97:4f:6f:2b:75:86:bc:65:18:91:53:86:38:53:
         03:23:d1:11:e7:11:2e:bf:88:77:88:f3:f1:ce:2e:a3:06:3a:
         48:af:61:d4:49:f7:32:ea:37:06:86:d0:81:d5:66:c3:0a:80:
         c0:15:de:19:d4:51:aa:30:64:24:1b:86:76:b9:f2:50:8a:d4:
         27:ea:db:21:55:9b:57:02:29:b8:87:d0:90:57:d0:ba:ba:c3:
         83:5d:c5:57:03:e6:47:7e:1e:35:59:8a:bb:29:c7:e6:41:99:
         2f:2b:fa:33
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUamBwwcG9BMJzjfdufKcIE50BorswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIwMTA1MDEyWhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZDBlOGI3ZjE4ZjdhYmI1MGUwZjIxYjgyYjY5YWFjOTIy
OGQxYzMyMjYzNTMyMTg3MGU4YjQ0ZjYyNmNiYTY0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEEPB6HmPBUhliR7otpRFPEN3Kvg8FreWsiKQvxox1mesc
gHXr0woqFpYD5rNL4IPvHaartoooiiDs/C7lVXN/Bmdr9/MaKCv8uNOt/gtc1bgZ
Ka1mBALj9BIkeRGAxor0Zfb2Z3TNxqVbFMDTZ7+qNKKSv+kUKjlCMmT9Nzq/RgMu
HjGyW9hwdV5g5gJt1u/A8uqaUAR1P5PQT2Yd3E2eSeKyLb+3ZkmRNoCMUVXz6gud
XEUHOFX/pyM8pmCuNM+/BHO+QKFvdN9FoL2P7m+ke7yE2f5rJc7O4FjcnYHnq9a4
TV6CdxwDWNwOTFmGgATkTiAnLoYYOmFEPtS1bhbbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4AXBMV3HgrsXRXd4d0rF0vrn4wYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNhYTUxNTc5LWMxYzctNDk4ZS05MzEyLTFjYThlODYwNmM1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADqTIwDQYJKoZIhvcNAQELBQADggEBAFzhNi4+uGDPCYYtcDzRxRs/tkhz
hdrkpEKxwIo1An8EQL42GavbgyekTCAnATfWYZdEXJunmKXcir5um+GVTqOGWKef
WU7LCo+QDaASX/z1VTs73kTm6baVzxkxNL0GvX7et2ZbEg4TcvSHLa+mUgDfE1Ar
mH0/oIqP2jG5qesZwZlDBmXbE28T0745U6Wlbk57OoaXT28rdYa8ZRiRU4Y4UwMj
0RHnES6/iHeI8/HOLqMGOkivYdRJ9zLqNwaG0IHVZsMKgMAV3hnUUaowZCQbhna5
8lCK1Cfq2yFVm1cCKbiH0JBX0Lq6w4NdxVcD5kd+HjVZirspx+ZBmS8r+jM=
-----END CERTIFICATE-----