Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9ab9b2ff-6ee7-44e1-ab9a-9afd89242e4b.roa
File:                     9ab9b2ff-6ee7-44e1-ab9a-9afd89242e4b.roa (raw, json)
Hash identifier:          zwWfpI3PAOmb6zMz6qiVmiRlWFqx5EXg2paKxgSVItY=
Subject key identifier:   7C:58:74:4D:F2:56:D0:13:E8:CC:59:34:31:58:CC:DA:E3:12:EE:DE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1D6F4F2EAE73B9E4601B268861F71768777C3CB4
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9ab9b2ff-6ee7-44e1-ab9a-9afd89242e4b.roa
Signing time:             Mon 20 Oct 2025 09:13:49 +0000
ROA not before:           Mon 20 Oct 2025 09:13:49 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.170.68.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:6f:4f:2e:ae:73:b9:e4:60:1b:26:88:61:f7:17:68:77:7c:3c:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 20 09:13:49 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=517ac2e3fbf127a24bcacf8b57bd29b352d1171c6dd86a5de45a22cfac90ff6f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7e:5c:0f:5c:56:49:42:18:94:36:89:02:4f:
                    8c:63:11:53:4f:05:a1:13:d1:46:c1:21:5d:38:73:
                    b5:b1:02:1e:28:65:65:ee:d1:b7:74:35:87:2c:10:
                    97:c9:d8:81:db:de:e5:d8:b5:e9:8d:4c:62:aa:7f:
                    2e:aa:b0:5b:68:54:25:81:52:7e:fc:3f:69:5f:15:
                    b6:70:32:a8:c6:cd:c0:b3:f2:5b:41:bf:08:92:a6:
                    7f:be:43:95:f6:a4:4a:42:2c:f8:84:91:be:03:44:
                    be:b4:57:28:4f:56:39:fa:19:be:54:72:42:06:c2:
                    a1:5a:03:2f:01:24:cc:7a:5c:e6:e2:87:19:a2:7b:
                    40:57:dd:85:37:2d:ad:15:42:04:e3:38:a9:e3:0c:
                    8d:12:2c:36:e7:89:96:cb:9f:70:c7:d4:20:48:c0:
                    bd:a7:f8:5a:2d:18:1f:55:56:44:16:47:dd:11:c3:
                    d7:2d:e0:92:b5:12:b2:ba:cd:06:9c:d2:d6:4b:d2:
                    14:43:73:52:5a:1f:77:41:af:bd:f5:55:ca:df:12:
                    9b:a2:15:16:45:de:12:d7:c7:4d:bd:64:eb:f7:fb:
                    1f:af:6c:da:f5:7d:f3:2c:5e:77:8e:db:3a:a6:f5:
                    50:e0:0e:d5:4d:c6:ae:1a:94:5e:28:ec:58:51:5b:
                    f1:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:58:74:4D:F2:56:D0:13:E8:CC:59:34:31:58:CC:DA:E3:12:EE:DE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9ab9b2ff-6ee7-44e1-ab9a-9afd89242e4b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.170.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:b7:70:c8:35:45:7b:ec:ad:c7:29:b8:e1:8e:51:f3:f8:cb:
         da:b3:dd:c8:93:91:43:57:4c:51:48:68:1a:e9:d8:6e:c3:39:
         61:eb:e6:66:fe:49:7c:74:cd:d8:93:09:03:da:53:95:af:f5:
         3a:32:be:f5:28:b4:f0:10:25:81:d2:a2:ac:08:91:9e:3d:53:
         9a:fd:2e:d9:bc:01:92:89:97:37:a7:fb:5a:c5:e1:4b:36:52:
         e3:49:1c:53:16:ba:a5:c6:f6:d4:95:8a:1d:f4:e8:e7:39:ee:
         95:3f:f3:46:07:c4:bb:2f:cc:a8:7b:23:f0:bc:db:0f:49:d9:
         44:d9:59:e5:f7:92:b7:76:b3:e9:80:ef:a0:1b:be:b6:68:bd:
         c9:02:bf:53:3c:3c:55:74:ca:37:9e:2e:c8:c2:24:b5:16:e6:
         b1:01:c5:2d:bc:9d:64:df:c7:6e:62:fd:19:89:41:e2:2a:8a:
         b3:44:0b:42:e3:ac:d9:c6:54:3d:1d:b8:18:e4:11:39:8f:71:
         d3:9f:24:c8:9b:33:ce:0b:8d:b7:63:e1:2a:55:49:7d:fb:03:
         30:bd:03:a7:cc:dc:65:83:e5:6a:a7:2c:75:a4:08:81:20:6e:
         d7:4a:34:26:5a:d0:7f:f1:bf:bc:21:62:87:d1:67:bd:4c:1c:
         d8:b3:9c:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHW9PLq5zueRgGyaIYfcXaHd8PLQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIwMDkxMzQ5WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MTdhYzJlM2ZiZjEyN2EyNGJjYWNmOGI1N2JkMjliMzUy
ZDExNzFjNmRkODZhNWRlNDVhMjJjZmFjOTBmZjZmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/flwPXFZJQhiUNokCT4xjEVNPBaET0UbBIV04c7WxAh4o
ZWXu0bd0NYcsEJfJ2IHb3uXYtemNTGKqfy6qsFtoVCWBUn78P2lfFbZwMqjGzcCz
8ltBvwiSpn++Q5X2pEpCLPiEkb4DRL60VyhPVjn6Gb5UckIGwqFaAy8BJMx6XObi
hxmie0BX3YU3La0VQgTjOKnjDI0SLDbniZbLn3DH1CBIwL2n+FotGB9VVkQWR90R
w9ct4JK1ErK6zQac0tZL0hRDc1JaH3dBr731VcrfEpuiFRZF3hLXx029ZOv3+x+v
bNr1ffMsXneO2zqm9VDgDtVNxq4alF4o7FhRW/G/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfFh0TfJW0BPozFk0MVjM2uMS7t4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzlhYjliMmZmLTZlZTctNDRlMS1hYjlhLTlhZmQ4OTI0MmU0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDqkQwDQYJKoZIhvcNAQELBQADggEBAHe3cMg1RXvsrccpuOGOUfP4y9qz
3ciTkUNXTFFIaBrp2G7DOWHr5mb+SXx0zdiTCQPaU5Wv9ToyvvUotPAQJYHSoqwI
kZ49U5r9Ltm8AZKJlzen+1rF4Us2UuNJHFMWuqXG9tSVih306Oc57pU/80YHxLsv
zKh7I/C82w9J2UTZWeX3krd2s+mA76AbvrZovckCv1M8PFV0yjeeLsjCJLUW5rEB
xS28nWTfx25i/RmJQeIqirNEC0LjrNnGVD0duBjkETmPcdOfJMibM84Ljbdj4SpV
SX37AzC9A6fM3GWD5WqnLHWkCIEgbtdKNCZa0H/xv7whYofRZ71MHNiznNg=
-----END CERTIFICATE-----