Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dea94beb-58a8-4a6d-b36f-f5a2dbdd115d.roa
File:                     dea94beb-58a8-4a6d-b36f-f5a2dbdd115d.roa (raw, json)
Hash identifier:          nVAlH/f7bDSCIhSlihkIA3ThXJxUPyvp5aJ5gi8kCOA=
Subject key identifier:   AE:F7:C0:78:18:D0:55:DF:39:EC:40:CF:A7:37:C2:14:D9:AB:A1:7E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0431E3B2D5926ADF4562B4D47B45D4C68714C663
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dea94beb-58a8-4a6d-b36f-f5a2dbdd115d.roa
Signing time:             Thu 25 Sep 2025 17:32:23 +0000
ROA not before:           Thu 25 Sep 2025 17:32:23 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.163.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:31:e3:b2:d5:92:6a:df:45:62:b4:d4:7b:45:d4:c6:87:14:c6:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 17:32:23 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=057cac5e3dafa7a553b698cf84e71a2f6366f7920f296040e3785eed21d628b6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9e:17:00:46:23:96:79:e4:c9:d2:d6:8d:c9:
                    77:96:0d:bd:4e:ee:2e:e1:e4:f8:e9:06:bc:05:5f:
                    a5:d6:da:f5:ae:f3:89:d4:1d:9c:e0:55:b1:fb:11:
                    ef:c8:5a:20:e0:7c:11:51:79:e9:f4:18:3b:9b:b6:
                    f0:31:84:2b:1e:b3:74:f8:c4:6f:5e:ef:90:a3:70:
                    71:76:24:6a:18:a6:41:09:b8:a3:80:09:3d:57:7f:
                    50:00:1f:dd:bc:6c:14:5a:05:41:37:70:c1:29:c4:
                    fd:0e:5f:ec:b9:4b:46:0f:bf:ce:d3:a6:9f:e2:13:
                    d6:2b:a1:9b:e7:ae:98:18:fb:3e:51:96:d8:e7:64:
                    23:14:8e:66:a3:8c:a3:2c:d8:54:a1:f3:9d:a2:b4:
                    ef:3d:51:6f:b3:82:d5:08:0a:6a:fd:55:93:3c:f0:
                    66:2c:95:1b:67:bb:ec:93:72:0d:95:84:73:07:75:
                    66:f5:a3:8d:5b:8e:d0:00:9e:ea:3c:31:ad:12:9f:
                    ad:48:a4:f5:69:98:87:b7:17:c5:4b:89:bb:7c:a1:
                    df:c2:3b:49:29:4b:89:74:99:e7:ef:cb:78:7e:3a:
                    d0:8d:7b:d4:55:a7:bb:f5:49:0c:b2:fd:47:4b:d4:
                    9f:e4:ea:23:04:89:ee:38:9f:61:6b:25:53:77:89:
                    4e:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F7:C0:78:18:D0:55:DF:39:EC:40:CF:A7:37:C2:14:D9:AB:A1:7E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dea94beb-58a8-4a6d-b36f-f5a2dbdd115d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.163.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:7d:ba:f2:0f:e8:fd:60:7b:40:ea:2f:7e:1f:c3:7c:65:62:
         4d:30:9c:e2:54:6a:0a:f5:95:d1:a3:64:0d:b3:2b:fa:9c:cc:
         56:56:a9:eb:ec:ce:43:2d:f9:23:43:64:80:5d:35:39:d2:78:
         07:1b:95:23:d7:78:78:8c:e7:c7:24:75:88:65:a6:5d:e1:05:
         c5:59:dc:d8:aa:31:9b:ba:4a:81:18:46:78:e5:cd:a5:df:cd:
         b0:8b:79:1c:a7:69:7f:21:d1:57:0f:87:28:9f:36:1e:46:df:
         6a:9b:31:02:ee:6f:a2:15:83:ab:d8:4a:7c:93:05:8f:3f:a7:
         e5:9f:4d:a5:9e:03:9b:87:50:f2:48:7e:37:18:34:d2:25:a8:
         2b:97:57:f7:a0:53:da:bf:fa:99:c9:31:05:ae:ea:aa:57:b1:
         8e:32:a2:d2:2b:08:38:f1:95:a4:4d:f8:77:a9:63:bf:c8:6e:
         4a:6d:9e:4a:ff:57:3e:45:4a:58:44:e6:42:47:b4:1d:42:bb:
         32:ac:b9:fe:aa:a3:a7:3f:0a:5e:79:da:51:50:5d:b0:6e:18:
         b5:a8:d5:51:2f:93:c9:9e:f4:f9:c3:77:09:59:89:50:dd:95:
         bd:88:eb:f9:fe:e4:68:a0:4e:64:08:71:32:08:c1:7b:e1:c8:
         fb:17:2c:5d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBDHjstWSat9FYrTUe0XUxocUxmMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTczMjIzWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNTdjYWM1ZTNkYWZhN2E1NTNiNjk4Y2Y4NGU3MWEyZjYz
NjZmNzkyMGYyOTYwNDBlMzc4NWVlZDIxZDYyOGI2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBnhcARiOWeeTJ0taNyXeWDb1O7i7h5PjpBrwFX6XW2vWu
84nUHZzgVbH7Ee/IWiDgfBFReen0GDubtvAxhCses3T4xG9e75CjcHF2JGoYpkEJ
uKOACT1Xf1AAH928bBRaBUE3cMEpxP0OX+y5S0YPv87Tpp/iE9YroZvnrpgY+z5R
ltjnZCMUjmajjKMs2FSh852itO89UW+zgtUICmr9VZM88GYslRtnu+yTcg2VhHMH
dWb1o41bjtAAnuo8Ma0Sn61IpPVpmIe3F8VLibt8od/CO0kpS4l0mefvy3h+OtCN
e9RVp7v1SQyy/UdL1J/k6iMEie44n2FrJVN3iU5vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrvfAeBjQVd857EDPpzfCFNmroX4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RlYTk0YmViLTU4YTgtNGE2ZC1iMzZmLWY1YTJkYmRkMTE1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADo3AwDQYJKoZIhvcNAQELBQADggEBAGt9uvIP6P1ge0DqL34fw3xlYk0w
nOJUagr1ldGjZA2zK/qczFZWqevszkMt+SNDZIBdNTnSeAcblSPXeHiM58ckdYhl
pl3hBcVZ3NiqMZu6SoEYRnjlzaXfzbCLeRynaX8h0VcPhyifNh5G32qbMQLub6IV
g6vYSnyTBY8/p+WfTaWeA5uHUPJIfjcYNNIlqCuXV/egU9q/+pnJMQWu6qpXsY4y
otIrCDjxlaRN+HepY7/Ibkptnkr/Vz5FSlhE5kJHtB1CuzKsuf6qo6c/Cl552lFQ
XbBuGLWo1VEvk8me9PnDdwlZiVDdlb2I6/n+5GigTmQIcTIIwXvhyPsXLF0=
-----END CERTIFICATE-----