Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d957ede7-93a8-493a-9dbc-c49d51638e83.roa
File:                     d957ede7-93a8-493a-9dbc-c49d51638e83.roa (raw, json)
Hash identifier:          tcIhs7agtM8FRGyh1XEjz9S4G/u8vuj4wcXaufbNLFc=
Subject key identifier:   2E:91:9F:4D:8F:29:B1:04:03:EB:AD:6D:49:A1:7B:BC:4B:86:6F:D5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       26C3E5D97A639356EE34BB7429CD3FFF4BD72174
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d957ede7-93a8-493a-9dbc-c49d51638e83.roa
Signing time:             Thu 25 Sep 2025 19:54:57 +0000
ROA not before:           Thu 25 Sep 2025 19:54:57 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.170.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:c3:e5:d9:7a:63:93:56:ee:34:bb:74:29:cd:3f:ff:4b:d7:21:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 19:54:57 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=03c28b20ee7bfb18c1f9e9e94e320ef40b9388b01eaf80ac2152dfcde727513d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:99:86:30:16:25:6d:04:a9:aa:70:08:0e:a5:
                    e6:ef:0d:84:60:c2:0d:e6:d2:76:bb:7e:4b:51:93:
                    82:9b:a7:55:ee:01:29:a4:42:46:95:c1:e5:51:a1:
                    1d:87:63:21:e4:97:6a:2b:c2:3b:f8:6a:55:fa:38:
                    8f:bf:f9:8b:ea:45:ae:5e:f3:75:03:40:4a:07:10:
                    5f:fe:07:b5:eb:ac:28:ca:d6:dd:56:b0:9e:d0:f0:
                    49:d8:c3:68:f1:23:2b:d6:99:eb:b3:70:8e:39:3d:
                    7d:46:6f:87:55:c3:a6:3b:fd:de:30:38:e5:cf:6d:
                    54:1e:58:d3:f4:f3:3e:64:98:1f:f0:58:4b:57:32:
                    c8:8c:3c:c2:55:79:94:0f:3b:c6:7e:70:40:34:b3:
                    ad:12:40:20:7d:7f:e5:3e:ff:e5:b3:24:56:88:7b:
                    c5:7c:74:49:7b:03:a8:a5:da:a0:a7:48:24:d4:a8:
                    d7:75:4f:84:44:fa:5d:e3:3f:b1:c4:ce:79:6b:1f:
                    bd:cd:d1:ed:cb:e4:cb:02:88:0d:be:8f:9f:0a:9a:
                    fe:83:22:cc:1a:cd:e3:fb:95:fe:12:18:74:62:69:
                    22:ae:bc:65:f6:52:88:8f:fe:70:77:1c:9d:cc:cb:
                    f2:6c:e2:d6:8c:f3:e8:17:73:e4:fa:8a:28:a0:54:
                    39:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:91:9F:4D:8F:29:B1:04:03:EB:AD:6D:49:A1:7B:BC:4B:86:6F:D5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d957ede7-93a8-493a-9dbc-c49d51638e83.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.170.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:4e:3f:28:18:5e:a4:5d:be:0f:db:46:e6:f0:57:17:01:97:
         59:7e:f8:74:3e:6a:48:00:91:e4:c5:08:7c:25:ff:a6:cc:4f:
         d6:93:5a:93:31:29:9a:19:a5:ce:5a:f1:4c:06:78:59:31:3d:
         72:49:9c:0e:d0:c6:4a:9f:94:a2:24:5e:b0:0a:ec:79:8d:68:
         c4:ec:4e:89:ea:53:f8:22:e4:ad:39:2e:46:40:f7:88:77:9b:
         4b:7e:87:ac:1e:ba:e3:01:ef:d0:d0:f2:47:75:74:15:47:15:
         2a:b5:ae:f8:12:f9:ad:f4:e8:ba:77:46:89:37:1f:2c:5c:1f:
         94:d3:8d:31:46:ca:66:52:46:41:05:95:77:b0:90:a7:d9:a0:
         90:11:70:9c:0b:7e:37:20:f0:64:4a:09:6e:e3:91:82:74:79:
         50:ef:c0:89:a2:d4:e1:6b:a1:36:71:ea:c3:43:16:e5:0f:4e:
         34:7f:70:2b:28:1a:4c:78:a4:80:3f:7a:9f:9d:b8:77:94:b9:
         09:5e:35:e6:bc:21:5a:db:25:72:f2:ab:44:ce:c8:c3:15:f5:
         35:8c:67:30:a8:3f:7b:c1:fa:0f:0e:02:8f:f9:4c:b5:b3:3e:
         b1:0c:a6:89:7c:40:db:91:d1:7a:32:54:da:3c:ba:4e:e7:7c:
         24:aa:3a:e6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJsPl2Xpjk1buNLt0Kc0//0vXIXQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTk1NDU3WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwM2MyOGIyMGVlN2JmYjE4YzFmOWU5ZTk0ZTMyMGVmNDBi
OTM4OGIwMWVhZjgwYWMyMTUyZGZjZGU3Mjc1MTNkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjmYYwFiVtBKmqcAgOpebvDYRgwg3m0na7fktRk4Kbp1Xu
ASmkQkaVweVRoR2HYyHkl2orwjv4alX6OI+/+YvqRa5e83UDQEoHEF/+B7XrrCjK
1t1WsJ7Q8EnYw2jxIyvWmeuzcI45PX1Gb4dVw6Y7/d4wOOXPbVQeWNP08z5kmB/w
WEtXMsiMPMJVeZQPO8Z+cEA0s60SQCB9f+U+/+WzJFaIe8V8dEl7A6il2qCnSCTU
qNd1T4RE+l3jP7HEznlrH73N0e3L5MsCiA2+j58Kmv6DIswazeP7lf4SGHRiaSKu
vGX2UoiP/nB3HJ3My/Js4taM8+gXc+T6iiigVDkrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULpGfTY8psQQD661tSaF7vEuGb9UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Q5NTdlZGU3LTkzYTgtNDkzYS05ZGJjLWM0OWQ1MTYzOGU4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADquwwDQYJKoZIhvcNAQELBQADggEBAHNOPygYXqRdvg/bRubwVxcBl1l+
+HQ+akgAkeTFCHwl/6bMT9aTWpMxKZoZpc5a8UwGeFkxPXJJnA7QxkqflKIkXrAK
7HmNaMTsTonqU/gi5K05LkZA94h3m0t+h6weuuMB79DQ8kd1dBVHFSq1rvgS+a30
6Lp3Rok3HyxcH5TTjTFGymZSRkEFlXewkKfZoJARcJwLfjcg8GRKCW7jkYJ0eVDv
wImi1OFroTZx6sNDFuUPTjR/cCsoGkx4pIA/ep+duHeUuQleNea8IVrbJXLyq0TO
yMMV9TWMZzCoP3vB+g8OAo/5TLWzPrEMpol8QNuR0XoyVNo8uk7nfCSqOuY=
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:57:27 2025 by rpki-client