Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ab15eef1-5a34-4d98-8fbd-32c71769c677.roa
File:                     ab15eef1-5a34-4d98-8fbd-32c71769c677.roa (raw, json)
Hash identifier:          4b+nJCChy6+BTuOIz3yLCLpgVgNVGRm38PW4/NyljXg=
Subject key identifier:   0D:D8:95:CD:61:33:12:FE:A0:77:F8:E8:02:C8:01:5F:4E:2D:1D:07
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       562A859CD06959DB584EC3F802860D7D11F0F1AC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ab15eef1-5a34-4d98-8fbd-32c71769c677.roa
Signing time:             Sat 27 Sep 2025 00:52:14 +0000
ROA not before:           Sat 27 Sep 2025 00:52:14 +0000
ROA not after:            Sat 01 Nov 2025 23:59:59 +0000
asID:                     398378
IP address blocks:        161.188.150.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:2a:85:9c:d0:69:59:db:58:4e:c3:f8:02:86:0d:7d:11:f0:f1:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 27 00:52:14 2025 GMT
            Not After : Nov  1 23:59:59 2025 GMT
        Subject: serialNumber=fa093933b8c6ee10999ad34f57d2e416597cef64c70773ba1d71d55d078139f1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:12:70:16:09:24:5d:d0:1f:e4:ac:94:c1:ea:
                    07:10:0e:30:cd:41:32:18:d8:aa:ad:24:e9:d6:21:
                    95:37:0f:2e:55:b3:49:26:d2:09:ce:1a:72:73:39:
                    9f:3f:90:26:73:d5:f6:d1:1d:7f:bc:d9:b0:2c:f4:
                    f1:d2:e9:ad:ad:57:18:52:62:36:21:7e:3a:d1:85:
                    61:7e:20:79:9b:23:79:30:61:84:e0:2e:c2:f5:de:
                    e7:bf:40:cf:aa:5d:a5:05:6a:0c:d3:ad:c7:05:97:
                    09:af:f3:ac:e1:c7:6b:72:94:49:5c:e2:f2:f1:d8:
                    1f:36:f6:51:e3:e4:a1:20:0a:2c:a4:52:a9:05:94:
                    63:33:fb:8f:b8:04:34:18:69:5a:43:40:e4:70:34:
                    33:82:7d:f3:1b:62:99:72:e8:ab:dd:49:8a:94:41:
                    35:ee:49:7b:63:d2:67:25:d2:43:ee:4f:ad:b5:d1:
                    db:81:a3:3c:f9:65:67:85:24:b7:b6:12:71:bf:97:
                    ad:96:2c:cd:65:0a:6e:94:1d:a2:8b:b4:dc:ac:87:
                    ed:f3:7b:b6:19:7a:88:92:6a:31:86:94:92:ab:6e:
                    8e:b2:c2:5f:11:f1:23:68:2a:02:12:b9:38:f3:d8:
                    99:af:4d:01:07:6b:83:ec:9a:6c:a0:4a:6f:b0:2f:
                    95:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:D8:95:CD:61:33:12:FE:A0:77:F8:E8:02:C8:01:5F:4E:2D:1D:07
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ab15eef1-5a34-4d98-8fbd-32c71769c677.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.188.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:7b:0c:c2:0a:12:93:8d:de:45:ca:c7:ba:a0:0b:c5:44:cc:
         16:21:63:49:67:77:67:92:79:25:c0:91:eb:70:2c:1f:32:de:
         fe:9e:54:ea:ab:56:ea:a5:82:9b:98:35:76:77:2d:d0:08:42:
         a6:a6:22:3a:dc:a8:4e:47:e8:04:ba:8d:98:5e:4c:79:f7:b3:
         82:89:e5:a4:2a:aa:26:3a:f1:1c:b6:de:8e:4a:a6:8e:00:39:
         c2:4a:53:02:26:5a:ee:b7:67:9a:0f:14:01:76:14:a3:7d:ff:
         16:1e:67:d3:6a:1c:a8:ce:af:5c:81:32:8c:7e:a0:19:2d:5a:
         89:f5:c8:49:e8:3b:30:61:34:1b:5b:f5:4a:fe:94:72:ff:58:
         b8:59:3b:96:2a:06:74:5f:94:85:90:bf:8f:a4:15:2f:50:da:
         b5:09:a9:59:32:7a:51:97:ca:60:3f:bc:fc:72:0e:87:52:9c:
         20:3e:6f:80:08:b3:17:f1:b5:0f:22:d2:65:ca:2f:ed:4f:10:
         5a:07:f5:83:59:32:3d:e2:27:71:84:0f:d4:eb:24:77:08:89:
         44:51:59:3f:44:ff:66:0c:d0:f1:c0:ee:f4:98:f3:dd:99:fb:
         48:0c:d3:1f:2d:d7:37:64:5f:c8:79:aa:f7:8e:93:33:76:55:
         4f:98:1b:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUViqFnNBpWdtYTsP4AoYNfRHw8awwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI3MDA1MjE0WhcNMjUxMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYTA5MzkzM2I4YzZlZTEwOTk5YWQzNGY1N2QyZTQxNjU5
N2NlZjY0YzcwNzczYmExZDcxZDU1ZDA3ODEzOWYxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5EnAWCSRd0B/krJTB6gcQDjDNQTIY2KqtJOnWIZU3Dy5V
s0km0gnOGnJzOZ8/kCZz1fbRHX+82bAs9PHS6a2tVxhSYjYhfjrRhWF+IHmbI3kw
YYTgLsL13ue/QM+qXaUFagzTrccFlwmv86zhx2tylElc4vLx2B829lHj5KEgCiyk
UqkFlGMz+4+4BDQYaVpDQORwNDOCffMbYply6KvdSYqUQTXuSXtj0mcl0kPuT621
0duBozz5ZWeFJLe2EnG/l62WLM1lCm6UHaKLtNysh+3ze7YZeoiSajGGlJKrbo6y
wl8R8SNoKgISuTjz2JmvTQEHa4PsmmygSm+wL5UzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDdiVzWEzEv6gd/joAsgBX04tHQcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FiMTVlZWYxLTVhMzQtNGQ5OC04ZmJkLTMyYzcxNzY5YzY3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGhvJYwDQYJKoZIhvcNAQELBQADggEBAAt7DMIKEpON3kXKx7qgC8VEzBYh
Y0lnd2eSeSXAketwLB8y3v6eVOqrVuqlgpuYNXZ3LdAIQqamIjrcqE5H6AS6jZhe
THn3s4KJ5aQqqiY68Ry23o5Kpo4AOcJKUwImWu63Z5oPFAF2FKN9/xYeZ9NqHKjO
r1yBMox+oBktWon1yEnoOzBhNBtb9Ur+lHL/WLhZO5YqBnRflIWQv4+kFS9Q2rUJ
qVkyelGXymA/vPxyDodSnCA+b4AIsxfxtQ8i0mXKL+1PEFoH9YNZMj3iJ3GED9Tr
JHcIiURRWT9E/2YM0PHA7vSY892Z+0gM0x8t1zdkX8h5qveOkzN2VU+YG2s=
-----END CERTIFICATE-----