Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c8fd7f36-d755-4aa4-b1ad-00219bb5e618.roa
File:                     c8fd7f36-d755-4aa4-b1ad-00219bb5e618.roa (raw, json)
Hash identifier:          FE/iAga9yFv4bY+jiRChgQA+eE1e8bqsSeGr6SAoAXk=
Subject key identifier:   78:B8:D5:DC:AF:C6:00:3D:03:0A:0B:A9:95:12:66:BC:EE:40:CD:BB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7425F2725D348DEC39458CB705C2D1D7FA12B135
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c8fd7f36-d755-4aa4-b1ad-00219bb5e618.roa
Signing time:             Fri 26 Sep 2025 00:15:38 +0000
ROA not before:           Fri 26 Sep 2025 00:15:38 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.164.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:25:f2:72:5d:34:8d:ec:39:45:8c:b7:05:c2:d1:d7:fa:12:b1:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:15:38 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=37cfb271abc7c143ccae02e149c11ac7ca9024ca17e8744ddd190d2a47e32f42, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d0:db:26:2b:f4:a5:4d:b6:60:29:04:d9:e8:
                    ee:0e:02:b6:ae:ce:01:ca:20:3b:df:c0:9e:0c:9c:
                    b7:d7:c9:00:80:c9:c2:08:b4:e6:93:ef:54:1a:12:
                    65:7c:07:65:69:3f:e9:d8:04:58:64:a7:13:56:dd:
                    e4:18:65:84:33:6a:6a:43:1f:b7:92:6a:da:25:a7:
                    c0:65:63:68:4c:ee:12:ec:f3:1e:71:ca:97:8a:06:
                    62:56:27:20:c8:f5:c9:d2:52:2a:c1:b8:98:f6:7c:
                    0b:76:f4:1e:4e:07:c1:83:b5:be:76:8a:1d:7e:fd:
                    ff:60:c2:63:61:b1:a6:69:4a:27:a0:5d:e2:2e:5b:
                    f0:b7:13:f4:9a:f4:bd:31:43:33:f6:2f:88:fc:3d:
                    bf:72:8f:45:12:1d:90:ae:5c:51:2d:53:8e:38:bb:
                    b8:f8:0c:01:74:f9:ea:6d:45:cd:1f:d7:ce:61:11:
                    d9:39:2b:14:1e:b0:5c:8d:a8:35:dc:f1:de:45:67:
                    93:ea:5f:3f:c0:c1:78:d9:5b:37:aa:c5:36:82:31:
                    7a:40:2c:49:66:98:19:ff:77:c4:aa:76:07:0f:7e:
                    de:36:5d:0c:a9:64:4c:cf:5d:ee:db:4a:61:c2:5c:
                    0e:13:01:ec:37:fa:05:f7:9c:06:df:d9:68:0c:03:
                    b8:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:B8:D5:DC:AF:C6:00:3D:03:0A:0B:A9:95:12:66:BC:EE:40:CD:BB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c8fd7f36-d755-4aa4-b1ad-00219bb5e618.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.164.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:96:f0:b3:86:c4:4b:92:f4:6a:fd:2a:f4:49:e2:c6:dd:3e:
         35:2b:1f:36:92:a7:b6:d7:8f:9f:23:ba:85:40:7e:e7:6f:f1:
         3d:d3:9f:4e:4d:e7:25:ef:cf:a7:05:0e:3b:42:d3:6f:ac:86:
         2b:e2:d0:3a:39:f4:53:21:01:40:05:f3:79:b2:cd:94:66:87:
         af:16:9c:7b:f5:29:63:1b:27:58:19:9f:18:e8:e0:41:6c:5e:
         ff:7f:58:66:92:17:8d:bb:4a:30:0b:f1:ea:64:9b:51:d3:61:
         ca:26:ac:67:55:2c:79:ba:54:09:fe:5d:6c:33:9c:0d:0a:fd:
         bd:90:4a:e9:a4:59:c0:1e:bb:24:92:1b:0a:52:66:03:84:f5:
         2a:9a:2b:bb:1b:b3:30:d9:9e:be:05:72:51:42:c0:64:3f:86:
         5e:60:fa:fe:71:57:f6:00:48:02:b9:67:c9:cb:db:c3:3b:1e:
         b2:28:92:72:c7:77:74:64:92:48:a8:5e:52:31:1c:56:e4:26:
         f4:5e:08:45:22:56:6d:2b:4e:e4:ff:08:bf:e3:3b:80:af:d2:
         3a:4f:17:f7:c5:2c:2a:00:fc:02:f1:ee:55:54:d7:fc:8d:2e:
         19:a5:b7:fa:4a:93:e9:72:f2:fc:c6:da:db:07:15:22:f7:f6:
         c8:fa:de:75
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdCXycl00jew5RYy3BcLR1/oSsTUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAxNTM4WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2NmYjI3MWFiYzdjMTQzY2NhZTAyZTE0OWMxMWFjN2Nh
OTAyNGNhMTdlODc0NGRkZDE5MGQyYTQ3ZTMyZjQyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs0NsmK/SlTbZgKQTZ6O4OArauzgHKIDvfwJ4MnLfXyQCA
ycIItOaT71QaEmV8B2VpP+nYBFhkpxNW3eQYZYQzampDH7eSatolp8BlY2hM7hLs
8x5xypeKBmJWJyDI9cnSUirBuJj2fAt29B5OB8GDtb52ih1+/f9gwmNhsaZpSieg
XeIuW/C3E/Sa9L0xQzP2L4j8Pb9yj0USHZCuXFEtU444u7j4DAF0+eptRc0f185h
Edk5KxQesFyNqDXc8d5FZ5PqXz/AwXjZWzeqxTaCMXpALElmmBn/d8SqdgcPft42
XQypZEzPXe7bSmHCXA4TAew3+gX3nAbf2WgMA7gdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeLjV3K/GAD0DCguplRJmvO5AzbswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2M4ZmQ3ZjM2LWQ3NTUtNGFhNC1iMWFkLTAwMjE5YmI1ZTYxOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDpAgwDQYJKoZIhvcNAQELBQADggEBAGOW8LOGxEuS9Gr9KvRJ4sbdPjUr
HzaSp7bXj58juoVAfudv8T3Tn05N5yXvz6cFDjtC02+shivi0Do59FMhAUAF83my
zZRmh68WnHv1KWMbJ1gZnxjo4EFsXv9/WGaSF427SjAL8epkm1HTYcomrGdVLHm6
VAn+XWwznA0K/b2QSumkWcAeuySSGwpSZgOE9SqaK7sbszDZnr4FclFCwGQ/hl5g
+v5xV/YASAK5Z8nL28M7HrIoknLHd3RkkkioXlIxHFbkJvReCEUiVm0rTuT/CL/j
O4Cv0jpPF/fFLCoA/ALx7lVU1/yNLhmlt/pKk+ly8vzG2tsHFSL39sj63nU=
-----END CERTIFICATE-----