Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e6b100b4-e742-4926-9da1-eb6c2f037b65.roa
File:                     e6b100b4-e742-4926-9da1-eb6c2f037b65.roa (raw, json)
Hash identifier:          bhxYR0+FwwPht7t6lEgSDkcJWeGTQ/OQKKL8lgUyQkI=
Subject key identifier:   61:08:9C:44:BC:AC:FE:2A:6C:D8:61:0D:D3:C5:8E:AB:28:0C:B4:52
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       74028E8704BE8657D4BBF34E4ED2A5CDDE0F9F90
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e6b100b4-e742-4926-9da1-eb6c2f037b65.roa
Signing time:             Thu 25 Sep 2025 20:18:01 +0000
ROA not before:           Thu 25 Sep 2025 20:18:01 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.171.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:02:8e:87:04:be:86:57:d4:bb:f3:4e:4e:d2:a5:cd:de:0f:9f:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 20:18:01 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=0e4d7edb8a4940294410dabaa390741ed8466307280442f525d40fc8fb4de606, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e7:33:b0:d4:56:88:5c:f1:e3:c0:eb:1f:49:
                    bc:d1:d6:c0:15:d8:e8:f5:59:7d:3c:2c:a0:6a:ed:
                    6f:83:08:16:a1:98:56:03:a8:6c:97:bd:d3:dd:c7:
                    bb:9c:1a:3e:aa:69:a1:34:b6:52:24:27:64:9f:07:
                    f0:cb:70:4e:23:a4:9c:03:7d:23:f7:6e:22:4c:86:
                    bf:ff:c9:d0:f8:49:1a:26:3f:7e:fb:bf:0b:54:98:
                    fa:46:54:06:90:53:95:08:6c:3d:10:d3:bf:7c:aa:
                    a4:2a:51:3b:d4:2b:6c:de:a2:ce:8a:ec:28:aa:b1:
                    70:7a:33:ca:c0:7d:6c:58:d5:e2:7a:78:e9:d6:4b:
                    8c:6c:39:92:37:64:b1:80:bd:e7:62:d8:4e:b0:f7:
                    91:4e:64:a4:7e:17:d2:32:75:f4:d1:a9:7d:6f:0a:
                    d0:42:9c:c8:d5:dc:36:cb:ba:fe:07:fd:6f:6d:bc:
                    e0:f8:50:1e:0d:91:37:57:c7:78:c4:8b:fb:d9:ce:
                    9b:2e:cc:00:47:89:5e:15:3c:0a:69:e6:44:11:64:
                    ec:b0:48:88:51:41:3c:f1:eb:bb:63:83:9d:58:7b:
                    e5:9a:3a:98:66:5e:7d:8d:95:12:e7:0b:4f:cf:cc:
                    84:99:ec:bc:90:55:1b:31:f9:14:51:4d:86:ee:a2:
                    bc:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:08:9C:44:BC:AC:FE:2A:6C:D8:61:0D:D3:C5:8E:AB:28:0C:B4:52
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e6b100b4-e742-4926-9da1-eb6c2f037b65.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.171.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:3e:0f:89:12:08:e7:ba:73:6d:ee:74:3a:19:48:04:b1:9d:
         84:ec:bb:de:af:73:4a:47:fd:2d:0f:c4:76:b0:8a:35:29:75:
         09:68:b9:99:d8:6b:cc:3a:27:98:f4:38:98:5f:63:96:9e:06:
         32:53:80:f7:4f:41:bf:9a:13:61:e0:35:d2:42:44:93:5b:5b:
         32:c5:c1:4d:a5:f3:16:d7:27:95:33:18:5d:cd:f8:79:71:8b:
         dd:83:8b:71:2f:eb:28:21:5a:15:7c:43:c5:6e:64:48:d1:19:
         c3:e0:2e:0c:a1:b2:09:9e:00:61:a6:f7:ed:8e:0f:81:b7:e8:
         74:93:74:fb:f7:7e:4b:4c:fd:57:3e:a7:5e:8b:9d:da:bc:b0:
         c0:5e:4d:c9:12:53:60:0a:c5:58:c4:a0:bf:1e:32:6a:2c:4b:
         00:92:dd:0c:14:f2:af:27:10:6a:d8:25:4d:2b:48:86:76:cf:
         ca:0c:28:db:f6:0e:76:85:97:fd:3b:45:35:6b:df:a3:14:9f:
         0c:b5:02:dc:ca:98:48:83:75:1a:20:51:a6:fd:54:03:65:ea:
         95:50:a0:26:aa:a4:61:55:d0:e8:7b:db:17:8e:eb:72:be:0f:
         0f:4e:60:3e:d3:34:c1:8c:29:aa:75:fc:3d:1b:09:03:19:5d:
         bc:d4:96:5c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdAKOhwS+hlfUu/NOTtKlzd4Pn5AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjAxODAxWhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZTRkN2VkYjhhNDk0MDI5NDQxMGRhYmFhMzkwNzQxZWQ4
NDY2MzA3MjgwNDQyZjUyNWQ0MGZjOGZiNGRlNjA2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCr5zOw1FaIXPHjwOsfSbzR1sAV2Oj1WX08LKBq7W+DCBah
mFYDqGyXvdPdx7ucGj6qaaE0tlIkJ2SfB/DLcE4jpJwDfSP3biJMhr//ydD4SRom
P377vwtUmPpGVAaQU5UIbD0Q0798qqQqUTvUK2zeos6K7CiqsXB6M8rAfWxY1eJ6
eOnWS4xsOZI3ZLGAvedi2E6w95FOZKR+F9IydfTRqX1vCtBCnMjV3DbLuv4H/W9t
vOD4UB4NkTdXx3jEi/vZzpsuzABHiV4VPApp5kQRZOywSIhRQTzx67tjg51Ye+Wa
OphmXn2NlRLnC0/PzISZ7LyQVRsx+RRRTYbuorxlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYQicRLys/ips2GEN08WOqygMtFIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2U2YjEwMGI0LWU3NDItNDkyNi05ZGExLWViNmMyZjAzN2I2NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADq1AwDQYJKoZIhvcNAQELBQADggEBADE+D4kSCOe6c23udDoZSASxnYTs
u96vc0pH/S0PxHawijUpdQlouZnYa8w6J5j0OJhfY5aeBjJTgPdPQb+aE2HgNdJC
RJNbWzLFwU2l8xbXJ5UzGF3N+Hlxi92Di3Ev6yghWhV8Q8VuZEjRGcPgLgyhsgme
AGGm9+2OD4G36HSTdPv3fktM/Vc+p16Lndq8sMBeTckSU2AKxVjEoL8eMmosSwCS
3QwU8q8nEGrYJU0rSIZ2z8oMKNv2DnaFl/07RTVr36MUnwy1AtzKmEiDdRogUab9
VANl6pVQoCaqpGFV0Oh72xeO63K+Dw9OYD7TNMGMKap1/D0bCQMZXbzUllw=
-----END CERTIFICATE-----