Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f027b38d-7573-4695-b9cf-063dd1990eb3.roa
File:                     f027b38d-7573-4695-b9cf-063dd1990eb3.roa (raw, json)
Hash identifier:          tJu5G5ZkkqXEje3CEW2I8GJ1Ny1ZeGyZR9vGQJDLJqw=
Subject key identifier:   FC:20:4F:8A:C1:BA:EF:86:3D:6F:73:1F:B1:66:8D:F1:E1:8C:D8:88
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7EDA1787C5B6ECEEC7557529179A4EF82B19B5B5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f027b38d-7573-4695-b9cf-063dd1990eb3.roa
Signing time:             Fri 26 Sep 2025 01:54:01 +0000
ROA not before:           Fri 26 Sep 2025 01:54:01 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.168.176.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:da:17:87:c5:b6:ec:ee:c7:55:75:29:17:9a:4e:f8:2b:19:b5:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 01:54:01 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=b9c3a91e754e55760bfcd30ace694c4a481b622a02f80183f263963f1d4c526b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:91:b9:23:4c:e2:0f:d9:bf:28:0f:da:72:f6:
                    ec:92:10:89:58:88:bb:e2:be:3f:49:c7:13:5a:03:
                    84:dc:19:42:30:0e:a5:d6:53:a6:9e:17:b6:12:0f:
                    a3:87:1b:70:09:f7:85:e1:5c:eb:60:d3:a8:37:83:
                    6f:6b:ee:5c:5a:ce:91:7a:7c:ba:da:8c:0d:71:f2:
                    df:44:5b:63:26:c0:c5:91:d7:31:8a:1b:d2:54:90:
                    90:dc:e6:04:a7:e7:82:4b:a8:02:f8:2c:4a:87:e8:
                    1e:50:06:b5:00:ac:bc:03:a5:30:ca:7b:c5:8b:0e:
                    60:0d:b6:dc:66:32:29:df:59:a7:ed:36:13:2e:58:
                    df:a9:60:e1:0b:7f:8c:8f:89:90:56:96:0d:4d:dc:
                    87:06:9b:9a:c5:f0:7e:5d:fc:b4:ee:57:e2:a1:ff:
                    83:60:fe:c5:50:27:72:fd:aa:95:2f:5f:08:8b:57:
                    bc:cf:1d:42:6b:d6:d6:f7:27:1f:26:cd:12:f4:da:
                    07:8c:ed:14:52:af:fa:23:3f:12:e2:d8:fe:73:e0:
                    65:00:90:9e:cd:6f:84:55:5b:a4:30:a1:c9:a3:c8:
                    39:54:58:b7:94:29:48:3b:80:f5:22:18:14:61:e1:
                    63:62:08:f6:79:4b:2d:a3:4e:4d:29:41:6f:c4:aa:
                    02:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:20:4F:8A:C1:BA:EF:86:3D:6F:73:1F:B1:66:8D:F1:E1:8C:D8:88
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f027b38d-7573-4695-b9cf-063dd1990eb3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.168.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         01:bf:7a:2e:3c:8e:eb:97:b2:8c:ae:3a:77:a7:51:15:5f:ba:
         8b:aa:cb:39:a1:ac:a5:c3:11:a2:97:0e:58:08:b7:c6:d6:7a:
         c6:cb:d1:52:06:15:d2:c5:e5:74:92:34:1a:9a:75:6c:c1:6b:
         94:c2:0f:c9:00:0d:db:ae:48:47:8a:52:da:8a:99:84:7b:7f:
         29:cb:e4:69:c2:9f:2b:e3:91:00:e3:c0:46:63:06:33:9d:66:
         87:f4:a7:f4:dc:94:1a:0e:77:f8:2b:72:fe:d3:ae:86:43:31:
         3e:76:a9:42:61:33:4c:86:00:6c:85:de:d6:bb:74:18:0f:4e:
         d1:bc:e1:2e:53:79:ed:68:e8:24:ed:6f:77:6b:de:2e:d0:72:
         66:3e:b3:13:68:79:3d:d0:e8:48:13:0a:d3:e9:ca:ac:f3:35:
         d0:4e:a7:23:44:5d:de:dd:f3:28:fd:35:5d:9f:21:c8:cf:10:
         91:5b:8d:f3:92:b7:de:f1:4c:78:64:3c:26:c3:03:9c:54:31:
         b1:0f:cd:5f:c3:9f:23:d7:32:e3:76:4a:d7:4e:de:72:10:e2:
         87:10:94:d7:41:69:e8:58:a6:bc:9f:fc:c0:72:df:ae:3c:82:
         33:02:29:e0:aa:ac:25:19:58:4e:d0:8f:1e:0a:20:5b:ea:c6:
         9b:25:99:23
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUftoXh8W27O7HVXUpF5pO+CsZtbUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDE1NDAxWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiOWMzYTkxZTc1NGU1NTc2MGJmY2QzMGFjZTY5NGM0YTQ4
MWI2MjJhMDJmODAxODNmMjYzOTYzZjFkNGM1MjZiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBkbkjTOIP2b8oD9py9uySEIlYiLvivj9JxxNaA4TcGUIw
DqXWU6aeF7YSD6OHG3AJ94XhXOtg06g3g29r7lxazpF6fLrajA1x8t9EW2MmwMWR
1zGKG9JUkJDc5gSn54JLqAL4LEqH6B5QBrUArLwDpTDKe8WLDmANttxmMinfWaft
NhMuWN+pYOELf4yPiZBWlg1N3IcGm5rF8H5d/LTuV+Kh/4Ng/sVQJ3L9qpUvXwiL
V7zPHUJr1tb3Jx8mzRL02geM7RRSr/ojPxLi2P5z4GUAkJ7Nb4RVW6QwocmjyDlU
WLeUKUg7gPUiGBRh4WNiCPZ5Sy2jTk0pQW/EqgITAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/CBPisG674Y9b3MfsWaN8eGM2IgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YwMjdiMzhkLTc1NzMtNDY5NS1iOWNmLTA2M2RkMTk5MGViMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQDqLAwDQYJKoZIhvcNAQELBQADggEBAAG/ei48juuXsoyuOnenURVfuouq
yzmhrKXDEaKXDlgIt8bWesbL0VIGFdLF5XSSNBqadWzBa5TCD8kADduuSEeKUtqK
mYR7fynL5GnCnyvjkQDjwEZjBjOdZof0p/TclBoOd/grcv7TroZDMT52qUJhM0yG
AGyF3ta7dBgPTtG84S5Tee1o6CTtb3dr3i7QcmY+sxNoeT3Q6EgTCtPpyqzzNdBO
pyNEXd7d8yj9NV2fIcjPEJFbjfOSt97xTHhkPCbDA5xUMbEPzV/DnyPXMuN2StdO
3nIQ4ocQlNdBaehYpryf/MBy3648gjMCKeCqrCUZWE7Qjx4KIFvqxpslmSM=
-----END CERTIFICATE-----