Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b5b41f71-73d6-4db3-80af-65cef0f6417b.roa
File:                     b5b41f71-73d6-4db3-80af-65cef0f6417b.roa (raw, json)
Hash identifier:          /dRyzRLvN2MwOddV8g5kvvPl4kI/qZhhXPEA+BorUpI=
Subject key identifier:   8A:9E:31:03:EB:F2:D2:A3:84:F6:5A:DC:34:FA:E0:9F:90:7A:DD:2A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4896183211743D3C80899D50AAFA04A112F5A688
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b5b41f71-73d6-4db3-80af-65cef0f6417b.roa
Signing time:             Thu 25 Sep 2025 22:56:45 +0000
ROA not before:           Thu 25 Sep 2025 22:56:45 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.169.28.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:96:18:32:11:74:3d:3c:80:89:9d:50:aa:fa:04:a1:12:f5:a6:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 22:56:45 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=21ceb4f45dae3956749b9d1842d57c73d573cc2ff3cc9a24fbde5e9feec0cd1f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b3:76:f3:2d:5b:0c:aa:c6:f7:d8:e2:7a:6e:
                    b1:39:5e:a2:f4:67:2b:b3:79:6d:53:a5:ac:f6:1f:
                    f6:09:29:90:a5:66:5a:bf:0e:28:d2:91:c8:45:92:
                    4e:73:48:b0:12:e7:c3:4b:d7:d5:1e:f7:3c:8f:e5:
                    1e:02:ce:cf:93:89:51:fb:02:9d:7b:d4:b4:f1:b2:
                    b4:cb:04:d7:ee:24:11:34:d6:5b:f8:b7:ae:5e:94:
                    70:15:a9:37:99:00:30:80:ca:96:49:52:40:cc:6c:
                    e9:22:bf:ce:d0:76:df:1f:48:dc:67:5e:cc:72:be:
                    69:ff:98:72:ff:03:2f:95:f3:d9:21:6b:db:5d:16:
                    a3:a9:a8:02:51:1d:4d:c4:55:dd:34:5e:ee:be:68:
                    be:28:7a:85:fe:b1:a4:d2:6f:10:d3:f0:2f:2b:03:
                    cf:e5:03:8f:b3:85:bd:f2:68:fb:7c:f0:0c:8a:b3:
                    95:75:eb:e6:6c:4f:b2:e9:b1:d6:92:36:ff:e5:d4:
                    d9:cb:87:b8:b5:98:18:72:85:ef:61:4b:03:ff:68:
                    83:ae:1b:21:7a:0c:cf:60:77:98:12:38:b2:0f:5d:
                    cf:92:ec:e6:b6:8b:63:fc:31:ff:73:fe:88:43:5b:
                    9d:20:46:bf:15:17:69:7b:0c:ef:79:f9:e8:de:ed:
                    ca:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:9E:31:03:EB:F2:D2:A3:84:F6:5A:DC:34:FA:E0:9F:90:7A:DD:2A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b5b41f71-73d6-4db3-80af-65cef0f6417b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.169.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:76:fc:a6:cd:19:b9:47:b6:6c:75:64:df:af:5d:e0:ed:e1:
         17:de:d3:79:63:87:5b:b1:31:f2:9c:c5:d6:0d:13:57:37:93:
         9e:20:fa:fc:2e:50:a8:60:52:39:5d:29:e4:70:29:b1:d5:c7:
         35:ac:83:6f:47:4e:9a:e4:66:26:50:95:ac:ae:ef:c9:39:01:
         79:c8:96:19:97:96:ba:e0:5f:eb:d2:89:0d:f3:78:f3:b1:40:
         e0:5d:53:14:93:c8:83:b4:36:a3:fc:3f:f2:cb:48:ae:17:73:
         9b:e2:a6:9b:65:3e:e4:a3:87:6b:a8:d0:f5:4a:51:65:22:54:
         07:4f:cd:01:67:56:7b:46:85:d0:13:7f:73:23:20:b8:df:5c:
         44:d3:04:18:55:ac:0b:54:3a:73:b9:29:1b:9d:95:7c:fd:f0:
         65:9e:96:d2:7a:da:88:3e:ba:29:45:7b:8b:3f:c2:2e:72:71:
         91:2c:9c:c6:8d:e6:de:af:d7:a0:09:5d:56:39:31:46:08:ad:
         00:96:47:50:1b:bc:1e:7f:83:ec:e9:77:98:5e:f4:e0:07:e4:
         fc:03:a6:1e:f4:55:55:a9:e1:23:a5:0f:d3:fa:2d:95:ae:a9:
         86:c4:3a:d8:8b:b7:00:9b:f2:43:2b:8d:82:bd:c8:35:53:d9:
         ef:38:4c:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSJYYMhF0PTyAiZ1QqvoEoRL1pogwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjI1NjQ1WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMWNlYjRmNDVkYWUzOTU2NzQ5YjlkMTg0MmQ1N2M3M2Q1
NzNjYzJmZjNjYzlhMjRmYmRlNWU5ZmVlYzBjZDFmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUs3bzLVsMqsb32OJ6brE5XqL0ZyuzeW1Tpaz2H/YJKZCl
Zlq/DijSkchFkk5zSLAS58NL19Ue9zyP5R4Czs+TiVH7Ap171LTxsrTLBNfuJBE0
1lv4t65elHAVqTeZADCAypZJUkDMbOkiv87Qdt8fSNxnXsxyvmn/mHL/Ay+V89kh
a9tdFqOpqAJRHU3EVd00Xu6+aL4oeoX+saTSbxDT8C8rA8/lA4+zhb3yaPt88AyK
s5V16+ZsT7LpsdaSNv/l1NnLh7i1mBhyhe9hSwP/aIOuGyF6DM9gd5gSOLIPXc+S
7Oa2i2P8Mf9z/ohDW50gRr8VF2l7DO95+eje7co9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUip4xA+vy0qOE9lrcNPrgn5B63SowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I1YjQxZjcxLTczZDYtNGRiMy04MGFmLTY1Y2VmMGY2NDE3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDqRwwDQYJKoZIhvcNAQELBQADggEBAB92/KbNGblHtmx1ZN+vXeDt4Rfe
03ljh1uxMfKcxdYNE1c3k54g+vwuUKhgUjldKeRwKbHVxzWsg29HTprkZiZQlayu
78k5AXnIlhmXlrrgX+vSiQ3zePOxQOBdUxSTyIO0NqP8P/LLSK4Xc5vipptlPuSj
h2uo0PVKUWUiVAdPzQFnVntGhdATf3MjILjfXETTBBhVrAtUOnO5KRudlXz98GWe
ltJ62og+uilFe4s/wi5ycZEsnMaN5t6v16AJXVY5MUYIrQCWR1AbvB5/g+zpd5he
9OAH5PwDph70VVWp4SOlD9P6LZWuqYbEOtiLtwCb8kMrjYK9yDVT2e84TEY=
-----END CERTIFICATE-----