Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b84696fb-d542-4212-a820-555168898183.roa
File:                     b84696fb-d542-4212-a820-555168898183.roa (raw, json)
Hash identifier:          GpYgd9vMZseiOhB8viYte9HVJrLfAGtNBckD0kAzZXc=
Subject key identifier:   3C:09:48:78:EF:4E:FE:CF:73:F3:78:37:1A:E5:B7:DC:59:7D:49:83
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0704F7D241CAE5F2688DE72D0B8E5B8EBEF8C727
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b84696fb-d542-4212-a820-555168898183.roa
Signing time:             Fri 26 Sep 2025 01:42:20 +0000
ROA not before:           Fri 26 Sep 2025 01:42:20 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.160.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:04:f7:d2:41:ca:e5:f2:68:8d:e7:2d:0b:8e:5b:8e:be:f8:c7:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 01:42:20 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=1b8b6f7d5b90a0e71862c314c10902a8d5d1f4d337ea8f300d890f5076ef6565, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f6:e9:ad:cc:a4:18:ad:3c:8f:05:76:dd:31:
                    05:7a:f6:e8:22:1f:04:e7:d2:48:42:96:15:c7:df:
                    c8:73:fb:8d:14:8a:db:65:cf:65:04:9e:44:a6:e7:
                    40:04:f1:24:a7:38:67:15:2f:c9:ec:9e:3c:4f:58:
                    9a:d7:31:80:24:19:8a:ce:1d:32:85:94:12:58:cc:
                    d4:10:1a:a1:94:86:a8:d6:b3:6b:f7:b4:78:ef:25:
                    0b:71:d6:62:20:d8:64:06:ee:32:c7:78:bb:0b:63:
                    ce:03:67:2f:e1:a0:b3:15:a9:75:9a:c9:af:70:7f:
                    54:de:85:2b:12:39:a3:7e:78:c8:94:7a:ab:b5:0a:
                    e3:61:f3:94:ff:28:84:4d:9f:a2:3f:cc:37:af:b1:
                    3c:98:d5:bd:80:63:b6:be:f5:77:6a:43:0e:a3:4e:
                    13:29:45:bf:bf:03:25:df:97:d7:e7:72:c7:84:1f:
                    52:3d:5e:ae:2e:5e:f9:fa:1b:71:8b:2e:7f:ef:1c:
                    13:6b:82:1f:1a:4a:2c:f9:be:0b:53:aa:28:d8:ef:
                    28:81:65:b0:34:16:c7:a5:b7:05:5d:fc:f6:c6:03:
                    14:1d:ba:34:42:91:0b:1b:79:c0:16:93:53:22:54:
                    7e:eb:3c:0a:55:7e:e9:3f:2b:87:fb:d8:e2:c3:a5:
                    f8:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:09:48:78:EF:4E:FE:CF:73:F3:78:37:1A:E5:B7:DC:59:7D:49:83
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b84696fb-d542-4212-a820-555168898183.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.160.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         67:19:30:58:5f:46:f3:73:df:fc:91:19:18:ff:ed:39:a5:19:
         4c:b2:3b:2a:14:b6:28:05:11:41:ce:3f:fb:68:fd:99:2d:29:
         64:35:36:28:40:35:52:33:e6:49:58:45:b6:49:41:f0:d1:41:
         dc:a6:04:45:69:2b:94:45:8e:79:d4:36:14:35:8a:76:aa:51:
         9d:02:5a:4f:e0:e6:77:8b:6f:c6:71:ba:b3:4f:45:81:bd:40:
         c8:d9:bf:69:e1:8d:43:21:9d:c8:d3:ac:e3:14:a5:5f:d6:fd:
         29:5a:e3:40:7d:b3:9c:30:57:1d:2f:ac:d3:a8:34:bf:81:73:
         b3:eb:81:40:54:28:48:67:d4:7b:94:ca:49:6c:4e:37:a6:7b:
         c0:16:53:05:85:11:f9:2c:73:d3:a6:53:44:45:ae:c4:df:7a:
         29:01:78:c0:70:8a:e8:b3:db:5c:4a:1c:a3:e9:90:4c:76:1b:
         bd:91:4f:aa:f2:e0:bd:fe:20:00:02:42:e8:11:26:8f:d3:3b:
         97:4c:24:1b:65:2f:a1:24:ba:4d:17:a9:7b:e4:d1:8a:f6:f3:
         7d:d7:e5:d7:c9:06:79:c4:0a:79:a3:0c:c9:16:a8:7b:79:9c:
         b6:01:d2:b1:2a:ec:16:3b:8f:d8:75:a0:87:85:f0:34:cc:b7:
         c9:c5:89:0c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBwT30kHK5fJojectC45bjr74xycwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDE0MjIwWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYjhiNmY3ZDViOTBhMGU3MTg2MmMzMTRjMTA5MDJhOGQ1
ZDFmNGQzMzdlYThmMzAwZDg5MGY1MDc2ZWY2NTY1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCh9umtzKQYrTyPBXbdMQV69ugiHwTn0khClhXH38hz+40U
ittlz2UEnkSm50AE8SSnOGcVL8nsnjxPWJrXMYAkGYrOHTKFlBJYzNQQGqGUhqjW
s2v3tHjvJQtx1mIg2GQG7jLHeLsLY84DZy/hoLMVqXWaya9wf1TehSsSOaN+eMiU
equ1CuNh85T/KIRNn6I/zDevsTyY1b2AY7a+9XdqQw6jThMpRb+/AyXfl9fncseE
H1I9Xq4uXvn6G3GLLn/vHBNrgh8aSiz5vgtTqijY7yiBZbA0FseltwVd/PbGAxQd
ujRCkQsbecAWk1MiVH7rPApVfuk/K4f72OLDpfhtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPAlIeO9O/s9z83g3GuW33Fl9SYMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I4NDY5NmZiLWQ1NDItNDIxMi1hODIwLTU1NTE2ODg5ODE4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQDoAAwDQYJKoZIhvcNAQELBQADggEBAGcZMFhfRvNz3/yRGRj/7TmlGUyy
OyoUtigFEUHOP/to/ZktKWQ1NihANVIz5klYRbZJQfDRQdymBEVpK5RFjnnUNhQ1
inaqUZ0CWk/g5neLb8ZxurNPRYG9QMjZv2nhjUMhncjTrOMUpV/W/Sla40B9s5ww
Vx0vrNOoNL+Bc7PrgUBUKEhn1HuUyklsTjeme8AWUwWFEfksc9OmU0RFrsTfeikB
eMBwiuiz21xKHKPpkEx2G72RT6ry4L3+IAACQugRJo/TO5dMJBtlL6Ekuk0XqXvk
0Yr2833X5dfJBnnECnmjDMkWqHt5nLYB0rEq7BY7j9h1oIeF8DTMt8nFiQw=
-----END CERTIFICATE-----