Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b477a963-e623-4e6d-bb32-77e34ffa018a.roa
File:                     b477a963-e623-4e6d-bb32-77e34ffa018a.roa (raw, json)
Hash identifier:          Frf4iHcTjqDcod93uyWxs0yScFwAYxYwZpTUZCxlphU=
Subject key identifier:   5C:0B:FC:7D:2E:DF:B5:30:4B:3B:1E:2C:A9:7E:26:E7:71:07:9B:94
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       529C5D60B52B26884DBE60683F9D9A457A6FEB40
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b477a963-e623-4e6d-bb32-77e34ffa018a.roa
Signing time:             Thu 25 Sep 2025 16:54:29 +0000
ROA not before:           Thu 25 Sep 2025 16:54:29 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.160.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:9c:5d:60:b5:2b:26:88:4d:be:60:68:3f:9d:9a:45:7a:6f:eb:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 16:54:29 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=d7454e65d239ae07924b9d53df1546525003ee301ae3c2d56510241741e01416, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:96:43:45:57:8b:50:db:2c:a1:d5:f9:ec:40:
                    d2:4b:08:c3:ac:a0:9f:39:3d:2a:b5:f8:f8:79:43:
                    fa:bc:20:17:8c:f7:cd:14:de:ff:fb:01:eb:d0:4d:
                    d6:3b:3e:dc:31:c5:2e:2e:63:14:55:3b:f6:b7:2f:
                    f2:43:41:61:a9:ec:5d:0f:c3:f3:47:de:fd:12:8b:
                    00:2c:c4:b4:4f:f4:e3:d9:30:c3:85:72:bf:d2:54:
                    23:1e:cf:e9:a7:c1:95:20:fa:fa:8b:89:13:2a:c1:
                    10:97:98:a0:9e:1c:42:d3:c0:63:8b:94:29:3a:e9:
                    9f:f4:08:6b:2a:fd:a1:d6:c3:07:f4:d0:0f:cb:33:
                    0f:39:a4:6d:1c:ef:61:6c:6f:ad:c1:59:cc:de:f9:
                    13:b7:93:7d:66:75:8a:00:b2:a5:b5:74:44:52:06:
                    27:11:9a:62:88:f5:40:9d:a1:fe:a4:49:78:a7:ac:
                    2f:df:09:a3:d4:9a:54:a0:f7:38:3e:ef:6d:dc:00:
                    16:df:2b:13:98:ab:81:52:8e:e1:b8:77:c0:2e:00:
                    cd:70:c5:ee:74:19:95:4f:5e:03:82:94:e3:6b:a7:
                    f7:25:2d:d9:93:31:d8:c4:1d:26:d6:04:67:24:29:
                    18:f4:c5:cb:7c:a6:10:32:f5:27:a1:8c:c4:0c:02:
                    ea:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:0B:FC:7D:2E:DF:B5:30:4B:3B:1E:2C:A9:7E:26:E7:71:07:9B:94
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b477a963-e623-4e6d-bb32-77e34ffa018a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.160.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:72:1e:d4:95:89:8c:ad:71:e6:d8:5c:0a:93:56:0d:bb:fd:
         8f:f6:25:eb:55:40:f3:df:68:12:cf:a9:d3:81:96:ff:ea:0a:
         a2:de:07:13:f1:13:8c:12:c0:d6:5a:e3:a5:6f:b0:79:a7:10:
         de:a1:f3:bb:80:0b:dc:73:0c:61:33:4d:17:17:af:5b:d6:d3:
         c9:26:62:bb:12:09:ec:2d:29:0b:8e:84:48:5c:be:2a:aa:54:
         47:93:59:7d:5b:e1:6f:a8:3b:27:5b:df:42:82:e2:e5:f4:0c:
         f8:ba:8e:61:a5:e8:cb:7f:58:32:d7:99:d5:8f:b4:f9:4e:6c:
         28:81:78:29:f8:8b:93:75:9c:c2:6e:91:9b:9c:c9:1f:c8:43:
         96:85:6c:b1:e2:20:06:66:90:12:d5:92:e1:24:51:34:b4:64:
         61:cd:28:be:15:8a:d2:04:2a:97:73:01:5a:1d:13:74:2e:e1:
         3b:09:b5:20:ed:f5:77:90:60:55:17:2f:bf:7b:80:5c:57:89:
         2b:c2:dd:9d:64:17:77:08:ae:bc:9d:38:ea:c6:2b:18:96:43:
         90:7d:d8:52:2b:28:f0:31:56:74:5c:86:56:6e:35:8e:72:82:
         57:44:28:86:81:39:47:71:bf:98:7b:13:22:9c:f4:52:1f:7c:
         0f:03:93:cd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUpxdYLUrJohNvmBoP52aRXpv60AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTY1NDI5WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzQ1NGU2NWQyMzlhZTA3OTI0YjlkNTNkZjE1NDY1MjUw
MDNlZTMwMWFlM2MyZDU2NTEwMjQxNzQxZTAxNDE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCDlkNFV4tQ2yyh1fnsQNJLCMOsoJ85PSq1+Ph5Q/q8IBeM
980U3v/7AevQTdY7PtwxxS4uYxRVO/a3L/JDQWGp7F0Pw/NH3v0SiwAsxLRP9OPZ
MMOFcr/SVCMez+mnwZUg+vqLiRMqwRCXmKCeHELTwGOLlCk66Z/0CGsq/aHWwwf0
0A/LMw85pG0c72Fsb63BWcze+RO3k31mdYoAsqW1dERSBicRmmKI9UCdof6kSXin
rC/fCaPUmlSg9zg+723cABbfKxOYq4FSjuG4d8AuAM1wxe50GZVPXgOClONrp/cl
LdmTMdjEHSbWBGckKRj0xct8phAy9SehjMQMAupDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXAv8fS7ftTBLOx4sqX4m53EHm5QwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I0NzdhOTYzLWU2MjMtNGU2ZC1iYjMyLTc3ZTM0ZmZhMDE4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADoAkwDQYJKoZIhvcNAQELBQADggEBAItyHtSViYytcebYXAqTVg27/Y/2
JetVQPPfaBLPqdOBlv/qCqLeBxPxE4wSwNZa46VvsHmnEN6h87uAC9xzDGEzTRcX
r1vW08kmYrsSCewtKQuOhEhcviqqVEeTWX1b4W+oOydb30KC4uX0DPi6jmGl6Mt/
WDLXmdWPtPlObCiBeCn4i5N1nMJukZucyR/IQ5aFbLHiIAZmkBLVkuEkUTS0ZGHN
KL4VitIEKpdzAVodE3Qu4TsJtSDt9XeQYFUXL797gFxXiSvC3Z1kF3cIrrydOOrG
KxiWQ5B92FIrKPAxVnRchlZuNY5ygldEKIaBOUdxv5h7EyKc9FIffA8Dk80=
-----END CERTIFICATE-----