Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ed8813dc-122e-4d8a-8b50-c690cbd10784.roa
File:                     ed8813dc-122e-4d8a-8b50-c690cbd10784.roa (raw, json)
Hash identifier:          ZCgxSup2eX2Iu6v2bsdW47KnCyaqeDDcI2zzdD4iiRw=
Subject key identifier:   F1:74:15:2F:08:D3:DA:83:2A:A5:2D:3E:56:FB:91:8C:10:D7:81:6F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       115FECDAF8D62BC714F16DE2DB998595D2023047
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ed8813dc-122e-4d8a-8b50-c690cbd10784.roa
Signing time:             Thu 25 Sep 2025 23:54:35 +0000
ROA not before:           Thu 25 Sep 2025 23:54:35 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.160.200.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:5f:ec:da:f8:d6:2b:c7:14:f1:6d:e2:db:99:85:95:d2:02:30:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 23:54:35 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=f48101df62804e158a8195e1b47db8060db29b5eab5ae1725382dc3293bdd6d5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:f8:68:b8:ea:cf:88:97:75:de:76:29:84:fc:
                    64:af:6a:7c:e2:f7:2e:2e:3d:9e:98:ac:8d:00:86:
                    01:3c:2c:f1:bf:fd:a4:2d:a1:aa:8a:21:3a:3c:07:
                    93:78:cb:32:b0:b4:97:5f:45:54:88:37:f2:db:6a:
                    14:48:8c:fb:34:b3:a5:ab:6f:88:e3:8b:a2:c1:09:
                    98:68:a5:15:9a:dc:1e:19:e1:93:5a:6b:15:8b:30:
                    50:80:12:47:5c:5d:14:7f:71:01:f4:fc:7e:aa:af:
                    35:a9:24:85:a0:58:aa:46:23:44:7f:02:f2:3a:ed:
                    2a:ba:7d:fa:84:1d:a7:0a:6b:b6:4b:e6:53:74:2c:
                    cc:cc:5e:b8:35:a9:82:75:18:26:f7:36:30:c6:d8:
                    8b:91:57:ab:18:89:ff:96:f8:42:97:d2:1c:5e:ff:
                    ff:be:1a:2c:25:62:0d:e0:56:bc:b6:36:ff:22:8d:
                    4e:4e:75:18:f0:aa:80:47:c5:11:74:15:db:a6:54:
                    6f:c8:ae:34:ef:2e:76:d5:93:76:a8:90:0f:78:6f:
                    2a:77:55:8e:c2:48:49:95:67:73:a1:56:ef:bc:4e:
                    8d:05:5f:60:3f:8a:88:4b:7b:6f:5e:f8:93:5b:f9:
                    47:5c:7e:3d:73:ec:f5:8f:3d:86:ea:ca:73:47:ea:
                    fe:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:74:15:2F:08:D3:DA:83:2A:A5:2D:3E:56:FB:91:8C:10:D7:81:6F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ed8813dc-122e-4d8a-8b50-c690cbd10784.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.160.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:fc:39:06:6e:71:fe:78:96:73:96:ed:c2:63:4a:09:27:bf:
         e3:47:cf:eb:fc:57:3b:73:d2:ce:10:df:a4:35:02:98:fc:14:
         9c:61:c4:cf:3d:df:50:97:0c:48:69:1c:b8:12:89:3a:21:5d:
         98:64:bc:9e:8d:14:5f:36:c7:b8:9c:4f:2f:f0:09:14:9a:99:
         07:eb:19:86:2e:7f:21:d5:92:8a:4f:54:05:a4:67:69:33:6d:
         db:4a:01:e2:9b:f0:3d:4d:5c:18:1a:c3:23:35:29:a9:2d:b6:
         8d:3d:44:18:2a:b9:6e:53:db:73:ab:14:4a:76:83:9d:e1:a8:
         36:04:47:20:08:03:28:e4:23:fa:13:80:b0:1a:a9:a4:95:7e:
         ce:af:d6:21:b6:ed:48:e9:79:f0:a3:0c:42:9d:cd:8e:0c:06:
         27:87:d0:e2:b9:12:2c:ec:1c:e4:a4:d4:00:ef:a5:c3:9f:f3:
         42:fd:bc:61:b7:95:68:69:33:6e:ba:6d:88:30:e9:f4:ea:05:
         6c:98:41:ee:4a:58:6e:ca:c4:09:f5:24:b7:64:1c:c9:25:b7:
         d7:59:34:02:93:3a:a2:42:59:43:97:f6:2f:be:d0:04:ac:dd:
         ae:17:8e:20:b3:4d:25:9b:b9:4e:13:d4:76:57:95:c7:da:dd:
         bf:1f:cd:62
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEV/s2vjWK8cU8W3i25mFldICMEcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjM1NDM1WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNDgxMDFkZjYyODA0ZTE1OGE4MTk1ZTFiNDdkYjgwNjBk
YjI5YjVlYWI1YWUxNzI1MzgyZGMzMjkzYmRkNmQ1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDM+Gi46s+Il3XedimE/GSvanzi9y4uPZ6YrI0AhgE8LPG/
/aQtoaqKITo8B5N4yzKwtJdfRVSIN/LbahRIjPs0s6Wrb4jji6LBCZhopRWa3B4Z
4ZNaaxWLMFCAEkdcXRR/cQH0/H6qrzWpJIWgWKpGI0R/AvI67Sq6ffqEHacKa7ZL
5lN0LMzMXrg1qYJ1GCb3NjDG2IuRV6sYif+W+EKX0hxe//++GiwlYg3gVry2Nv8i
jU5OdRjwqoBHxRF0FdumVG/IrjTvLnbVk3aokA94byp3VY7CSEmVZ3OhVu+8To0F
X2A/iohLe29e+JNb+Udcfj1z7PWPPYbqynNH6v7RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8XQVLwjT2oMqpS0+VvuRjBDXgW8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VkODgxM2RjLTEyMmUtNGQ4YS04YjUwLWM2OTBjYmQxMDc4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDoMgwDQYJKoZIhvcNAQELBQADggEBAC38OQZucf54lnOW7cJjSgknv+NH
z+v8Vztz0s4Q36Q1Apj8FJxhxM8931CXDEhpHLgSiTohXZhkvJ6NFF82x7icTy/w
CRSamQfrGYYufyHVkopPVAWkZ2kzbdtKAeKb8D1NXBgawyM1Kaktto09RBgquW5T
23OrFEp2g53hqDYERyAIAyjkI/oTgLAaqaSVfs6v1iG27UjpefCjDEKdzY4MBieH
0OK5EizsHOSk1ADvpcOf80L9vGG3lWhpM266bYgw6fTqBWyYQe5KWG7KxAn1JLdk
HMklt9dZNAKTOqJCWUOX9i++0ASs3a4XjiCzTSWbuU4T1HZXlcfa3b8fzWI=
-----END CERTIFICATE-----