Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e70ce68b-31f7-4410-903e-daadfc494273.roa
File:                     e70ce68b-31f7-4410-903e-daadfc494273.roa (raw, json)
Hash identifier:          ZYnhD8s05hSUuP++WRRVAbIbmtdg7Q2BmTcOBVKKuqA=
Subject key identifier:   C1:98:76:99:74:B0:8A:C9:AD:6B:4E:B8:E2:2B:C2:10:6A:86:34:49
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       272F1636217280622245C2BED957CB8B48C1B519
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e70ce68b-31f7-4410-903e-daadfc494273.roa
Signing time:             Fri 10 Oct 2025 15:19:23 +0000
ROA not before:           Fri 10 Oct 2025 15:19:23 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.248.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:2f:16:36:21:72:80:62:22:45:c2:be:d9:57:cb:8b:48:c1:b5:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 15:19:23 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=5b5a43caaca3ee6cf623580ad4ff1823c7d158cb41dca0f02cad69e791947868, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2e:27:4c:3d:90:1e:bd:d8:e8:b2:1e:1b:ff:
                    be:b6:76:21:a3:d3:6a:5b:87:39:bc:d1:1c:87:c4:
                    71:43:9e:ad:42:bf:c4:e2:ee:a8:23:ec:ee:d8:f0:
                    c3:24:5e:da:cf:15:f1:2a:41:61:93:b9:0c:18:37:
                    96:94:8f:02:0d:e4:84:48:75:1d:8e:73:af:5f:48:
                    98:34:af:4c:58:b7:2b:87:7d:c9:3f:61:95:79:02:
                    1b:b5:0e:88:ff:47:19:b6:8b:b5:99:32:b0:d3:fa:
                    c4:db:c5:08:d0:3a:3d:84:ae:2c:86:b5:cb:c9:f0:
                    06:74:90:9c:76:ab:02:5f:f6:b0:b3:89:ee:4b:7c:
                    75:0c:ac:da:8e:5f:67:50:0d:c1:59:43:b1:5b:88:
                    4e:6e:94:9d:d9:2c:33:5b:ac:73:7f:21:27:56:e0:
                    df:85:64:4f:d1:fc:6c:ee:39:98:52:ff:50:6e:1d:
                    65:fe:ef:d7:a0:2d:2a:f7:81:64:c0:d2:46:cd:09:
                    c0:bd:22:8c:80:75:8d:0b:97:c9:9b:51:d9:fd:6e:
                    f7:bd:95:6f:1b:70:a6:3b:b2:7d:d7:39:20:29:f5:
                    de:72:96:e8:c9:6c:03:c1:1a:a5:0f:1f:3e:ee:e9:
                    54:c8:a6:fe:cf:bf:4a:17:68:46:a9:be:85:b8:6c:
                    1c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:98:76:99:74:B0:8A:C9:AD:6B:4E:B8:E2:2B:C2:10:6A:86:34:49
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e70ce68b-31f7-4410-903e-daadfc494273.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.248.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:fa:e2:72:d0:8f:66:9f:db:ef:ef:63:e4:be:b5:3b:6d:42:
         37:b0:74:f3:84:08:d1:09:22:4b:9a:d6:1e:1a:36:97:a0:3d:
         66:6d:72:bf:90:e7:da:78:ca:05:53:90:fb:94:27:32:57:f4:
         a9:34:08:94:ae:1e:e1:6b:9b:60:7c:75:4c:5b:67:e6:4b:70:
         03:0c:68:7b:ce:60:1f:95:4b:23:63:c8:1d:df:92:37:bd:a2:
         e8:72:59:96:ee:22:6f:95:20:81:fe:52:b6:2c:a6:64:df:bf:
         5c:b0:23:aa:8f:93:ec:7c:50:39:91:49:05:85:9f:84:a8:1b:
         2b:2c:00:7a:bb:68:7b:a9:04:77:dd:86:36:22:af:82:c4:3a:
         f6:d4:0a:57:22:03:0a:ca:b2:e7:4d:e2:65:7f:81:3e:16:80:
         42:ce:71:9e:37:bb:91:64:b1:5a:0f:cc:89:dc:f2:92:b8:f0:
         c9:85:ea:38:1d:4f:31:22:4b:cb:01:fc:0a:92:c8:66:3f:2e:
         51:33:b5:83:a0:b2:ad:c9:1d:40:79:eb:d9:92:32:ce:7a:b6:
         f7:71:b1:27:62:88:00:6d:f9:50:20:41:90:e7:a6:42:f5:c5:
         78:e0:3c:a1:3a:9b:da:32:05:32:94:26:51:7d:dd:a3:a2:51:
         32:20:e4:8b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJy8WNiFygGIiRcK+2VfLi0jBtRkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTUxOTIzWhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YjVhNDNjYWFjYTNlZTZjZjYyMzU4MGFkNGZmMTgyM2M3
ZDE1OGNiNDFkY2EwZjAyY2FkNjllNzkxOTQ3ODY4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrLidMPZAevdjosh4b/762diGj02pbhzm80RyHxHFDnq1C
v8Ti7qgj7O7Y8MMkXtrPFfEqQWGTuQwYN5aUjwIN5IRIdR2Oc69fSJg0r0xYtyuH
fck/YZV5Ahu1Doj/Rxm2i7WZMrDT+sTbxQjQOj2EriyGtcvJ8AZ0kJx2qwJf9rCz
ie5LfHUMrNqOX2dQDcFZQ7FbiE5ulJ3ZLDNbrHN/ISdW4N+FZE/R/GzuOZhS/1Bu
HWX+79egLSr3gWTA0kbNCcC9IoyAdY0Ll8mbUdn9bve9lW8bcKY7sn3XOSAp9d5y
lujJbAPBGqUPHz7u6VTIpv7Pv0oXaEapvoW4bBwnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwZh2mXSwismta0644ivCEGqGNEkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2U3MGNlNjhiLTMxZjctNDQxMC05MDNlLWRhYWRmYzQ5NDI3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAD+PAwDQYJKoZIhvcNAQELBQADggEBAKf64nLQj2af2+/vY+S+tTttQjew
dPOECNEJIkua1h4aNpegPWZtcr+Q59p4ygVTkPuUJzJX9Kk0CJSuHuFrm2B8dUxb
Z+ZLcAMMaHvOYB+VSyNjyB3fkje9ouhyWZbuIm+VIIH+UrYspmTfv1ywI6qPk+x8
UDmRSQWFn4SoGyssAHq7aHupBHfdhjYir4LEOvbUClciAwrKsudN4mV/gT4WgELO
cZ43u5FksVoPzInc8pK48MmF6jgdTzEiS8sB/AqSyGY/LlEztYOgsq3JHUB569mS
Ms56tvdxsSdiiABt+VAgQZDnpkL1xXjgPKE6m9oyBTKUJlF93aOiUTIg5Is=
-----END CERTIFICATE-----