Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9043e919-a83a-4704-ba81-bd9c71b78ff8.roa
File:                     9043e919-a83a-4704-ba81-bd9c71b78ff8.roa (raw, json)
Hash identifier:          R11XysYYzw5+QuifGV/ARwVZoLvuaNrJhhve2FhVEsQ=
Subject key identifier:   4E:5A:DC:A0:CD:DB:A9:B0:D4:FE:10:E0:33:49:0C:72:7F:E2:7F:1A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7DCAF52CF1112D904FB487586008CD10DBE3AFE8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9043e919-a83a-4704-ba81-bd9c71b78ff8.roa
Signing time:             Mon 20 Oct 2025 13:22:28 +0000
ROA not before:           Mon 20 Oct 2025 13:22:28 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.167.145.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:ca:f5:2c:f1:11:2d:90:4f:b4:87:58:60:08:cd:10:db:e3:af:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 20 13:22:28 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=998e2df84b62710614065db2bcbce2680f118f30b5731e6df1784e1a3eba1c74, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6d:05:38:04:93:ec:91:82:75:a4:a0:f8:70:
                    e8:ee:82:74:1d:6b:96:5c:c7:9d:31:b8:31:0d:1b:
                    7f:c5:15:5d:93:ee:c7:be:6f:1f:57:8a:29:b6:09:
                    66:66:21:57:7e:71:b6:86:ae:a3:78:32:9a:04:98:
                    dd:c0:40:25:b1:b1:71:ec:f5:83:8f:97:77:92:fd:
                    6c:bf:92:50:45:fa:9f:a6:2f:e7:2c:81:5f:12:b6:
                    6f:d8:96:5a:d9:be:b9:82:81:5c:e1:29:b3:f5:87:
                    ff:fc:9d:65:b5:f1:5c:e1:a9:7e:69:25:0a:ce:28:
                    63:4b:c9:70:d4:9e:ca:c7:f1:e1:e2:3b:66:b2:1d:
                    7c:f3:19:8a:68:1f:f1:f1:bf:08:ec:71:da:a9:8a:
                    52:98:81:00:e0:15:d1:94:79:f0:3a:15:e6:1c:17:
                    38:61:27:4b:e4:7e:c1:ba:bf:6c:be:7d:4d:3a:00:
                    2a:e7:ca:71:4e:6e:4a:8b:d8:91:d5:5b:74:8d:dd:
                    e3:e7:2b:cd:a9:f5:0a:5f:02:b1:7e:e6:8d:b9:cc:
                    0b:a4:15:49:dd:4e:fe:28:2e:72:f7:6d:76:20:a0:
                    99:ee:e4:58:4d:b9:ff:63:34:d3:58:dd:96:5a:ae:
                    de:73:14:cc:24:1b:cb:33:07:f4:08:d8:25:51:fa:
                    56:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:5A:DC:A0:CD:DB:A9:B0:D4:FE:10:E0:33:49:0C:72:7F:E2:7F:1A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9043e919-a83a-4704-ba81-bd9c71b78ff8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.167.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:ec:34:c6:bf:4f:96:44:2c:c6:b8:53:ad:6e:2a:41:5c:a6:
         9f:bd:da:2c:1c:ab:d6:f2:11:47:b1:ae:04:84:dd:e8:46:c5:
         f9:f6:0f:d2:0c:c7:ec:2d:1e:39:95:2d:87:66:35:c9:5a:57:
         72:f5:a2:93:82:76:f9:58:b8:9c:0f:60:d7:ae:09:8c:84:aa:
         7b:16:80:5d:a4:b2:a4:52:1b:7c:51:4d:e7:58:68:5d:df:e3:
         95:a9:07:4e:f2:70:cf:b0:d7:88:53:48:71:cb:d9:8a:4e:f1:
         4e:ea:21:62:2a:8e:b5:ff:6d:9f:76:46:ad:b8:3b:ec:65:53:
         a7:ec:03:93:eb:30:3d:c8:32:89:fa:64:0c:d9:9a:e9:f4:7d:
         8a:64:22:2a:bf:5c:7d:8e:60:1a:29:81:4f:0b:7a:aa:08:c2:
         48:8c:87:e9:7c:6f:5c:04:c5:5d:37:63:24:9b:77:8a:3e:ef:
         18:e2:15:22:95:3c:20:e0:70:98:b3:dc:28:2f:e5:8a:c3:3d:
         e6:db:4d:6e:5f:85:51:18:43:be:a9:d8:7e:66:35:50:79:3e:
         39:e6:d7:38:c0:17:76:d3:30:f3:ee:4c:0f:7f:a9:6a:51:49:
         c0:bc:bb:e9:04:02:9a:97:0b:c5:24:e4:d9:4a:d8:51:26:4c:
         94:e5:ca:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfcr1LPERLZBPtIdYYAjNENvjr+gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIwMTMyMjI4WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OThlMmRmODRiNjI3MTA2MTQwNjVkYjJiY2JjZTI2ODBm
MTE4ZjMwYjU3MzFlNmRmMTc4NGUxYTNlYmExYzc0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGbQU4BJPskYJ1pKD4cOjugnQda5Zcx50xuDENG3/FFV2T
7se+bx9Xiim2CWZmIVd+cbaGrqN4MpoEmN3AQCWxsXHs9YOPl3eS/Wy/klBF+p+m
L+csgV8Stm/YllrZvrmCgVzhKbP1h//8nWW18VzhqX5pJQrOKGNLyXDUnsrH8eHi
O2ayHXzzGYpoH/HxvwjscdqpilKYgQDgFdGUefA6FeYcFzhhJ0vkfsG6v2y+fU06
ACrnynFObkqL2JHVW3SN3ePnK82p9QpfArF+5o25zAukFUndTv4oLnL3bXYgoJnu
5FhNuf9jNNNY3ZZart5zFMwkG8szB/QI2CVR+lb9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTlrcoM3bqbDU/hDgM0kMcn/ifxowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzkwNDNlOTE5LWE4M2EtNDcwNC1iYTgxLWJkOWM3MWI3OGZmOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADp5EwDQYJKoZIhvcNAQELBQADggEBAJnsNMa/T5ZELMa4U61uKkFcpp+9
2iwcq9byEUexrgSE3ehGxfn2D9IMx+wtHjmVLYdmNclaV3L1opOCdvlYuJwPYNeu
CYyEqnsWgF2ksqRSG3xRTedYaF3f45WpB07ycM+w14hTSHHL2YpO8U7qIWIqjrX/
bZ92Rq24O+xlU6fsA5PrMD3IMon6ZAzZmun0fYpkIiq/XH2OYBopgU8LeqoIwkiM
h+l8b1wExV03YySbd4o+7xjiFSKVPCDgcJiz3Cgv5YrDPebbTW5fhVEYQ76p2H5m
NVB5Pjnm1zjAF3bTMPPuTA9/qWpRScC8u+kEApqXC8Uk5NlK2FEmTJTlyoM=
-----END CERTIFICATE-----