Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b574e618-4a80-4870-9370-ed8f92f6dfa4.roa
File:                     b574e618-4a80-4870-9370-ed8f92f6dfa4.roa (raw, json)
Hash identifier:          jraIcOI5D8x1owLtSarlRPnZu5jiMD4vgEH4GPvKluQ=
Subject key identifier:   66:3D:0E:81:3E:81:60:76:67:0F:F6:3F:AF:75:2B:6A:39:65:D8:0E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       76B244DE61AD54D054042BC2DAA31BE7D5422BDB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b574e618-4a80-4870-9370-ed8f92f6dfa4.roa
Signing time:             Thu 25 Sep 2025 21:59:53 +0000
ROA not before:           Thu 25 Sep 2025 21:59:53 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.163.88.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:b2:44:de:61:ad:54:d0:54:04:2b:c2:da:a3:1b:e7:d5:42:2b:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 21:59:53 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=7be51c433d6110bfc18d51e66eb99415a132cfbd1a77194ef52fe42c660000b2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:08:2b:0a:57:37:65:85:c3:1d:2f:a1:ba:c1:
                    e9:16:28:3e:32:0c:b7:4d:6a:23:d4:dc:49:79:b1:
                    fb:ad:87:de:3c:bc:73:b3:19:76:4d:30:af:34:0a:
                    78:fb:57:0c:64:77:e1:95:a6:81:c4:54:d1:0d:9f:
                    c5:68:ea:1a:72:c0:d7:46:97:08:76:69:88:ae:51:
                    10:b7:15:37:c3:d3:df:f3:6e:60:8d:99:1a:e1:ab:
                    d4:ef:d0:32:92:1e:05:df:b2:5c:ba:84:95:b9:8f:
                    50:11:fd:87:b9:62:a7:94:da:cf:a3:1e:d0:92:cc:
                    79:2d:e3:70:cc:a8:4e:d9:48:57:03:e7:e8:a2:09:
                    18:30:c9:d2:da:d7:19:96:b5:16:d6:18:c0:08:dc:
                    63:70:e6:2c:c4:b7:29:0f:08:53:4e:f0:d5:9a:5f:
                    d7:bd:85:3c:5b:b8:66:7a:5d:c6:e5:0b:b7:7e:3e:
                    72:c0:48:86:3e:7a:d0:c1:8e:cc:24:8f:22:8b:d1:
                    53:aa:1a:a1:0f:0d:23:4c:97:f2:e4:f8:e9:ea:c2:
                    63:26:4c:77:12:33:13:e4:d4:51:b4:45:dd:83:53:
                    d7:bb:f0:22:0a:28:9e:8e:e4:9d:f4:60:ed:4a:23:
                    bc:1a:e1:da:cc:e6:44:96:5e:61:b5:76:67:1e:3f:
                    dc:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:3D:0E:81:3E:81:60:76:67:0F:F6:3F:AF:75:2B:6A:39:65:D8:0E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b574e618-4a80-4870-9370-ed8f92f6dfa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.163.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:73:cb:88:dc:d2:56:00:0a:61:6b:02:05:3e:be:88:78:c3:
         c2:75:0d:09:2c:62:b9:95:be:aa:84:40:3e:d0:88:4e:c7:57:
         13:52:cc:7d:6a:8a:43:63:84:3c:56:45:e4:84:af:f1:bd:c4:
         7b:28:29:fe:fc:50:98:ed:c4:bf:60:1c:38:c9:bc:11:06:a7:
         18:64:56:c8:e4:47:ef:6f:f1:a7:29:dc:bc:05:5b:d6:bc:5a:
         fe:c1:6a:2b:01:4e:47:bf:60:9d:65:bb:bf:a5:3f:0a:50:4c:
         aa:4f:f2:17:4d:50:23:4f:bf:c8:cf:0f:b7:92:24:45:6b:3c:
         54:db:63:9c:14:16:ae:4b:aa:e3:8b:69:ef:b7:50:7e:6b:f4:
         cb:3f:fe:da:8e:2c:fe:1d:32:0a:c0:e2:6d:e8:ba:b8:b5:d9:
         64:ca:9d:85:47:31:9b:7d:c0:87:65:ad:4a:8f:bc:37:ee:e0:
         61:d4:04:77:82:34:fd:a9:95:9e:a0:a8:ef:f7:94:d1:81:ae:
         48:da:0d:da:b7:26:2b:1a:1b:5c:f4:80:4a:fa:8c:2f:1f:38:
         51:82:df:32:a0:26:a0:71:ad:80:78:42:bb:6c:0f:73:1a:74:
         92:6b:04:a0:2d:4e:99:3a:de:8f:fd:bd:e3:e4:72:b5:15:0d:
         e8:47:5b:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdrJE3mGtVNBUBCvC2qMb59VCK9swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjE1OTUzWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YmU1MWM0MzNkNjExMGJmYzE4ZDUxZTY2ZWI5OTQxNWEx
MzJjZmJkMWE3NzE5NGVmNTJmZTQyYzY2MDAwMGIyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/CCsKVzdlhcMdL6G6wekWKD4yDLdNaiPU3El5sfuth948
vHOzGXZNMK80Cnj7Vwxkd+GVpoHEVNENn8Vo6hpywNdGlwh2aYiuURC3FTfD09/z
bmCNmRrhq9Tv0DKSHgXfsly6hJW5j1AR/Ye5YqeU2s+jHtCSzHkt43DMqE7ZSFcD
5+iiCRgwydLa1xmWtRbWGMAI3GNw5izEtykPCFNO8NWaX9e9hTxbuGZ6XcblC7d+
PnLASIY+etDBjswkjyKL0VOqGqEPDSNMl/Lk+OnqwmMmTHcSMxPk1FG0Rd2DU9e7
8CIKKJ6O5J30YO1KI7wa4drM5kSWXmG1dmceP9xnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZj0OgT6BYHZnD/Y/r3Urajll2A4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I1NzRlNjE4LTRhODAtNDg3MC05MzcwLWVkOGY5MmY2ZGZhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDo1gwDQYJKoZIhvcNAQELBQADggEBAFRzy4jc0lYACmFrAgU+voh4w8J1
DQksYrmVvqqEQD7QiE7HVxNSzH1qikNjhDxWReSEr/G9xHsoKf78UJjtxL9gHDjJ
vBEGpxhkVsjkR+9v8acp3LwFW9a8Wv7BaisBTke/YJ1lu7+lPwpQTKpP8hdNUCNP
v8jPD7eSJEVrPFTbY5wUFq5LquOLae+3UH5r9Ms//tqOLP4dMgrA4m3ouri12WTK
nYVHMZt9wIdlrUqPvDfu4GHUBHeCNP2plZ6gqO/3lNGBrkjaDdq3JisaG1z0gEr6
jC8fOFGC3zKgJqBxrYB4QrtsD3MadJJrBKAtTpk63o/9vePkcrUVDehHW3k=
-----END CERTIFICATE-----
Generated at Mon Oct 20 06:03:06 2025 by rpki-client