Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7abaf267-aa46-4897-a2a9-47ad31468b70.roa
File:                     7abaf267-aa46-4897-a2a9-47ad31468b70.roa (raw, json)
Hash identifier:          JFh1zN/TURGCOAilRPtTInExaF448n8ZLE0LXY9uG9I=
Subject key identifier:   62:F3:12:F0:EF:FE:0C:90:BF:51:24:90:8B:9A:14:0B:1F:A9:F2:1E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       252D0A19BD5044DFD223EED638A31135A44789AA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7abaf267-aa46-4897-a2a9-47ad31468b70.roa
Signing time:             Mon 20 Oct 2025 15:23:45 +0000
ROA not before:           Mon 20 Oct 2025 15:23:45 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.168.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:2d:0a:19:bd:50:44:df:d2:23:ee:d6:38:a3:11:35:a4:47:89:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 20 15:23:45 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=0afc9e04bd787f5ac8c48568f80bf624981c9b62289118a6cd775844dd11faa6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d6:32:ef:42:7a:bb:2b:87:a3:8f:6b:a7:44:
                    d5:28:a4:06:48:28:bc:e2:ff:eb:98:f8:c7:43:1a:
                    87:63:d2:9a:cd:7a:9d:ee:e2:13:26:6a:09:22:74:
                    6d:df:c0:cf:d4:fa:30:8d:15:4f:16:56:ea:47:22:
                    bc:6f:0f:53:34:4a:1c:96:91:f4:8e:9b:a0:e0:57:
                    98:1e:3c:be:66:60:cd:1f:f4:1c:c6:d5:b6:44:40:
                    37:a8:d4:e6:71:d1:63:49:52:cd:bf:70:c5:8e:58:
                    3b:80:92:3a:c0:ae:f2:74:00:68:d3:d1:ac:21:f8:
                    fd:c4:49:c4:e4:06:08:36:05:2a:7f:dd:b8:76:03:
                    47:c9:5a:72:a9:6b:da:3d:22:52:7f:83:78:2f:c8:
                    0d:2f:5a:fe:2f:63:0a:72:c6:ea:1b:4b:4a:5f:4a:
                    d6:63:36:a9:9a:77:68:e0:41:c4:c0:cf:25:50:ef:
                    11:c4:19:a1:c7:bb:31:ab:fd:ef:53:ea:89:01:bd:
                    75:e8:06:b2:8b:f3:28:93:31:b5:3e:3e:71:05:ce:
                    e9:9e:af:48:4c:dd:89:3f:f6:3b:3d:e7:c9:75:1f:
                    c8:26:12:7a:96:35:bb:e2:9a:1f:2b:6f:3a:60:2a:
                    d5:ed:b4:53:d9:a9:96:a1:e1:83:af:77:ba:84:95:
                    fd:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:F3:12:F0:EF:FE:0C:90:BF:51:24:90:8B:9A:14:0B:1F:A9:F2:1E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7abaf267-aa46-4897-a2a9-47ad31468b70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.168.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:9b:be:ae:ed:5e:be:c1:86:4c:17:50:f2:a5:b4:a9:82:69:
         09:8d:1a:0d:f0:3e:9d:23:50:39:fd:13:1b:f2:a4:a9:89:5c:
         67:ee:b5:c4:cb:03:35:6f:5f:98:19:00:be:f4:f6:a3:8d:67:
         f9:32:81:09:f4:e7:41:64:62:ca:0e:14:e9:f8:a3:f3:6f:ae:
         ef:c6:a3:eb:d7:6b:df:e6:7f:cd:5b:42:d6:2b:a9:34:11:fa:
         a6:8b:66:3d:31:a1:b3:8e:33:77:8d:b9:fc:a0:30:1d:bc:96:
         8c:2d:fd:e2:ec:be:a2:db:4e:85:67:4e:43:3a:35:ed:f3:99:
         9c:1f:f9:3a:b5:b0:02:1b:d8:ac:b1:cc:ca:fd:0f:be:47:35:
         f7:fe:4c:8a:1b:fe:71:97:03:5c:e0:70:eb:20:68:4d:2f:05:
         79:a0:f4:45:95:48:b4:3b:39:be:52:f9:e1:2b:cf:44:b9:ca:
         90:98:36:ee:7f:e2:ca:96:65:2c:7e:d6:71:15:ec:3f:8a:1d:
         e1:c5:84:94:95:85:9b:cf:43:a8:bc:31:23:b2:cc:74:a1:1d:
         03:51:77:a6:7a:81:65:5e:a6:f9:5e:15:f2:d2:cf:4d:20:ce:
         95:96:d6:35:3e:f7:f2:66:09:4e:96:7f:ae:72:26:bb:f1:ed:
         4e:35:9c:b1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJS0KGb1QRN/SI+7WOKMRNaRHiaowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIwMTUyMzQ1WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYWZjOWUwNGJkNzg3ZjVhYzhjNDg1NjhmODBiZjYyNDk4
MWM5YjYyMjg5MTE4YTZjZDc3NTg0NGRkMTFmYWE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ1jLvQnq7K4ejj2unRNUopAZIKLzi/+uY+MdDGodj0prN
ep3u4hMmagkidG3fwM/U+jCNFU8WVupHIrxvD1M0ShyWkfSOm6DgV5gePL5mYM0f
9BzG1bZEQDeo1OZx0WNJUs2/cMWOWDuAkjrArvJ0AGjT0awh+P3EScTkBgg2BSp/
3bh2A0fJWnKpa9o9IlJ/g3gvyA0vWv4vYwpyxuobS0pfStZjNqmad2jgQcTAzyVQ
7xHEGaHHuzGr/e9T6okBvXXoBrKL8yiTMbU+PnEFzumer0hM3Yk/9js958l1H8gm
EnqWNbvimh8rbzpgKtXttFPZqZah4YOvd7qElf1zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYvMS8O/+DJC/USSQi5oUCx+p8h4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdhYmFmMjY3LWFhNDYtNDg5Ny1hMmE5LTQ3YWQzMTQ2OGI3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADqGAwDQYJKoZIhvcNAQELBQADggEBAJGbvq7tXr7BhkwXUPKltKmCaQmN
Gg3wPp0jUDn9ExvypKmJXGfutcTLAzVvX5gZAL709qONZ/kygQn050FkYsoOFOn4
o/Nvru/Go+vXa9/mf81bQtYrqTQR+qaLZj0xobOOM3eNufygMB28lowt/eLsvqLb
ToVnTkM6Ne3zmZwf+Tq1sAIb2KyxzMr9D75HNff+TIob/nGXA1zgcOsgaE0vBXmg
9EWVSLQ7Ob5S+eErz0S5ypCYNu5/4sqWZSx+1nEV7D+KHeHFhJSVhZvPQ6i8MSOy
zHShHQNRd6Z6gWVepvleFfLSz00gzpWW1jU+9/JmCU6Wf65yJrvx7U41nLE=
-----END CERTIFICATE-----