Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e415af74-fd31-4d95-80a8-a5835ff1d237.roa
File:                     e415af74-fd31-4d95-80a8-a5835ff1d237.roa (raw, json)
Hash identifier:          LoeVy3LujQl275j5Hjal2nwS0tnJ9N1R5WSElyS9FOY=
Subject key identifier:   F4:64:2E:EC:12:78:29:37:D8:65:0D:82:EA:03:77:A3:72:8C:CB:BF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       387351738A70F431E474E0E757F7B0090510209E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e415af74-fd31-4d95-80a8-a5835ff1d237.roa
Signing time:             Fri 26 Sep 2025 00:45:13 +0000
ROA not before:           Fri 26 Sep 2025 00:45:13 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.171.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:73:51:73:8a:70:f4:31:e4:74:e0:e7:57:f7:b0:09:05:10:20:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:45:13 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=08191658b6a49da8d1584d45d0faf75caaf41ddb60581ee49a8c7ea273e56385, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e2:a6:b8:67:45:f7:25:7a:07:04:13:c9:3a:
                    1d:53:54:b5:7e:62:13:d9:6f:77:aa:9a:91:b9:19:
                    c2:9d:b3:a7:b5:6b:ab:61:28:d5:02:2d:e7:a2:d6:
                    b3:43:df:e8:ef:52:e9:f2:8b:a9:62:ca:4e:a4:9f:
                    06:84:23:62:78:31:95:c6:89:cf:b1:e9:b5:e1:0a:
                    f5:3e:1b:f8:9b:81:fd:13:c0:78:27:72:33:9a:09:
                    ee:83:db:e3:b4:34:58:e8:62:aa:4f:72:e5:25:b3:
                    1e:6d:25:df:b5:97:a4:88:3c:2e:42:e1:d3:82:52:
                    a3:88:22:a1:c8:ac:a5:5e:ca:95:9b:b5:8d:56:e5:
                    c3:f2:42:2b:f0:80:80:da:03:59:ca:1f:99:2f:e2:
                    cf:f3:d3:73:30:57:db:e1:74:75:d7:f4:6b:bf:9e:
                    4c:b0:8d:35:d2:6b:43:54:4f:58:c1:41:0b:2e:75:
                    31:36:0d:a9:1d:b6:30:56:bc:dd:56:55:48:be:0e:
                    2d:d0:3d:70:65:cc:a1:d8:5f:69:8f:de:82:3c:f1:
                    5c:58:3f:f0:39:74:9b:88:24:aa:d2:8a:a2:52:16:
                    e1:86:18:29:fe:39:f3:09:93:0b:27:aa:88:60:42:
                    a1:6c:25:6d:6d:0f:35:65:f9:5f:99:8a:be:be:cc:
                    c8:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:64:2E:EC:12:78:29:37:D8:65:0D:82:EA:03:77:A3:72:8C:CB:BF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e415af74-fd31-4d95-80a8-a5835ff1d237.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.171.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:19:9c:b4:89:54:8b:29:1d:fa:57:f7:6d:70:5e:9b:df:95:
         6b:7d:fb:7b:83:4c:95:76:8a:2f:95:af:db:ad:6a:c1:7a:56:
         da:cc:3c:c6:0e:3e:6e:6a:d5:cc:82:06:1d:17:43:23:11:25:
         04:e6:f3:ba:ee:26:4e:70:4e:50:50:19:46:f6:cf:ee:be:91:
         5f:d2:ba:7f:74:d9:c5:e5:90:3b:6c:18:02:64:ba:dc:6b:0f:
         f7:c6:7a:f6:ad:59:88:6c:1e:dd:e8:6e:4b:89:b5:14:e3:ab:
         67:da:84:2f:d5:ef:4b:14:7f:4d:ab:01:ad:85:53:6c:11:48:
         c3:d3:f4:6d:2c:fc:a6:64:41:ea:01:36:09:87:a3:3b:4f:f6:
         fe:89:37:ca:da:af:77:38:f1:da:1b:b1:b7:86:ca:ea:3d:ac:
         aa:86:93:3a:8c:b8:ba:d8:b6:49:3a:69:0c:f4:c6:89:5a:2b:
         47:3e:82:81:3f:c2:35:36:e7:41:ca:1e:5a:8a:93:85:8d:4d:
         f7:aa:84:c4:9a:9b:b3:95:74:87:2c:12:ee:bf:59:db:81:b6:
         8d:be:2b:0e:fe:35:37:03:49:e1:55:2f:75:b4:77:d6:e1:9a:
         d8:0d:5f:7e:4b:07:ea:7b:0e:73:d1:03:4f:a8:84:e1:ba:27:
         37:7b:64:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOHNRc4pw9DHkdODnV/ewCQUQIJ4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDA0NTEzWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwODE5MTY1OGI2YTQ5ZGE4ZDE1ODRkNDVkMGZhZjc1Y2Fh
ZjQxZGRiNjA1ODFlZTQ5YThjN2VhMjczZTU2Mzg1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCn4qa4Z0X3JXoHBBPJOh1TVLV+YhPZb3eqmpG5GcKds6e1
a6thKNUCLeei1rND3+jvUunyi6liyk6knwaEI2J4MZXGic+x6bXhCvU+G/ibgf0T
wHgncjOaCe6D2+O0NFjoYqpPcuUlsx5tJd+1l6SIPC5C4dOCUqOIIqHIrKVeypWb
tY1W5cPyQivwgIDaA1nKH5kv4s/z03MwV9vhdHXX9Gu/nkywjTXSa0NUT1jBQQsu
dTE2DakdtjBWvN1WVUi+Di3QPXBlzKHYX2mP3oI88VxYP/A5dJuIJKrSiqJSFuGG
GCn+OfMJkwsnqohgQqFsJW1tDzVl+V+Zir6+zMiRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9GQu7BJ4KTfYZQ2C6gN3o3KMy78wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2U0MTVhZjc0LWZkMzEtNGQ5NS04MGE4LWE1ODM1ZmYxZDIzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDq3gwDQYJKoZIhvcNAQELBQADggEBAJkZnLSJVIspHfpX921wXpvflWt9
+3uDTJV2ii+Vr9utasF6VtrMPMYOPm5q1cyCBh0XQyMRJQTm87ruJk5wTlBQGUb2
z+6+kV/Sun902cXlkDtsGAJkutxrD/fGevatWYhsHt3obkuJtRTjq2fahC/V70sU
f02rAa2FU2wRSMPT9G0s/KZkQeoBNgmHoztP9v6JN8rar3c48dobsbeGyuo9rKqG
kzqMuLrYtkk6aQz0xolaK0c+goE/wjU250HKHlqKk4WNTfeqhMSam7OVdIcsEu6/
WduBto2+Kw7+NTcDSeFVL3W0d9bhmtgNX35LB+p7DnPRA0+ohOG6Jzd7ZJA=
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:17:42 2025 by rpki-client