Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f22c1a4a-a589-4541-ad72-a19b01ba030d.roa
File:                     f22c1a4a-a589-4541-ad72-a19b01ba030d.roa (raw, json)
Hash identifier:          tV3qkONLRzo/Hcelz9h5YVTpeu9vBES6n1GOXsutRaI=
Subject key identifier:   3E:2A:D9:DD:04:F0:A2:59:25:E6:CF:EE:DA:09:3B:90:81:4B:97:D4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3CBF948FBFE78F5F72FAF7C17070F5A946BB557C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f22c1a4a-a589-4541-ad72-a19b01ba030d.roa
Signing time:             Fri 26 Sep 2025 00:39:46 +0000
ROA not before:           Fri 26 Sep 2025 00:39:46 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.169.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:bf:94:8f:bf:e7:8f:5f:72:fa:f7:c1:70:70:f5:a9:46:bb:55:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 00:39:46 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=658a91f583b73f4bc5c7a658ea3c572008a470d7b2228319e1beec795779b553, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a8:27:1e:d2:c8:34:07:f3:a8:54:53:dd:42:
                    3c:85:6f:84:38:2d:84:18:f0:e6:06:56:71:cd:67:
                    18:3e:7d:4b:e6:68:e3:b4:79:4d:02:0a:0a:4f:71:
                    a1:75:5d:cd:23:24:3e:ae:8e:6d:5d:51:a5:8e:4e:
                    a8:22:53:a3:b8:65:8d:32:79:24:cf:c8:bd:6b:e7:
                    a3:e7:3a:81:12:62:aa:9b:6e:df:71:dd:2b:b0:95:
                    15:07:e2:0a:fe:82:99:c0:c1:73:03:10:9a:ce:de:
                    bf:41:35:23:74:51:e0:d9:0c:f9:9f:02:1b:bf:91:
                    e2:bf:3b:f4:a2:a4:e0:69:79:67:d1:f2:d0:d3:97:
                    a9:4e:db:55:f0:49:84:77:9d:58:f1:65:b5:98:f9:
                    94:1f:ec:d1:c2:2d:fd:d5:d2:50:fd:16:50:8b:56:
                    cc:86:67:a8:64:c9:4e:47:82:1d:fa:3e:d7:bc:1c:
                    88:5e:12:b3:25:58:60:bc:47:25:5b:e3:a4:fe:74:
                    96:ed:4b:2b:53:24:fb:c5:20:b3:45:39:b6:24:df:
                    62:61:98:d5:3b:82:11:67:dd:50:ef:40:47:67:ee:
                    37:9c:c8:b6:d1:f6:d5:2a:14:ce:a4:4e:c2:47:ef:
                    f3:f5:35:95:c5:cc:23:04:65:30:c3:b5:dc:63:e7:
                    42:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:2A:D9:DD:04:F0:A2:59:25:E6:CF:EE:DA:09:3B:90:81:4B:97:D4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f22c1a4a-a589-4541-ad72-a19b01ba030d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.169.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:b7:7b:ac:2c:03:eb:07:a6:26:22:2f:02:08:b0:26:aa:5b:
         6b:80:09:3c:91:0d:a8:db:52:b7:fe:bf:35:97:77:65:a4:07:
         e1:d6:f2:3d:d2:ab:0b:1b:f6:91:a7:81:0a:df:c2:c4:ad:2d:
         76:05:c7:e1:63:2a:28:06:59:9b:80:ca:cf:e6:8a:3f:4e:e2:
         8f:56:fe:7b:5d:82:a1:25:e5:59:3c:cd:8d:bd:9f:64:66:8f:
         3c:d0:28:1d:5d:62:a2:a0:6d:36:63:63:00:bc:6c:ae:2e:f8:
         84:1d:72:a4:24:ab:3d:ab:65:5f:14:46:04:55:ed:1b:2c:e0:
         85:24:ff:f4:41:98:38:7c:8e:fe:47:b2:16:68:79:05:bf:89:
         31:dc:5c:65:91:43:74:23:d5:e2:b7:94:89:10:de:f7:0c:4f:
         37:6d:68:c8:b9:c7:a4:ac:12:f5:3d:5f:f4:2b:41:9b:9f:d6:
         02:49:f9:d1:35:df:1f:f0:77:64:2c:92:fa:30:3e:07:a4:8e:
         0f:5a:da:5e:53:da:6a:92:57:25:8c:d3:d3:b4:43:c9:23:16:
         e6:29:95:93:72:93:2b:5f:41:72:74:02:44:64:3f:1a:78:29:
         35:03:53:b4:3b:6d:5e:bf:c5:2a:58:d3:5d:58:72:c3:e1:6d:
         30:16:5f:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPL+Uj7/nj19y+vfBcHD1qUa7VXwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDAzOTQ2WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NThhOTFmNTgzYjczZjRiYzVjN2E2NThlYTNjNTcyMDA4
YTQ3MGQ3YjIyMjgzMTllMWJlZWM3OTU3NzliNTUzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYqCce0sg0B/OoVFPdQjyFb4Q4LYQY8OYGVnHNZxg+fUvm
aOO0eU0CCgpPcaF1Xc0jJD6ujm1dUaWOTqgiU6O4ZY0yeSTPyL1r56PnOoESYqqb
bt9x3SuwlRUH4gr+gpnAwXMDEJrO3r9BNSN0UeDZDPmfAhu/keK/O/SipOBpeWfR
8tDTl6lO21XwSYR3nVjxZbWY+ZQf7NHCLf3V0lD9FlCLVsyGZ6hkyU5Hgh36Pte8
HIheErMlWGC8RyVb46T+dJbtSytTJPvFILNFObYk32JhmNU7ghFn3VDvQEdn7jec
yLbR9tUqFM6kTsJH7/P1NZXFzCMEZTDDtdxj50JLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPirZ3QTwolkl5s/u2gk7kIFLl9QwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YyMmMxYTRhLWE1ODktNDU0MS1hZDcyLWExOWIwMWJhMDMwZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDqQgwDQYJKoZIhvcNAQELBQADggEBAEm3e6wsA+sHpiYiLwIIsCaqW2uA
CTyRDajbUrf+vzWXd2WkB+HW8j3Sqwsb9pGngQrfwsStLXYFx+FjKigGWZuAys/m
ij9O4o9W/ntdgqEl5Vk8zY29n2RmjzzQKB1dYqKgbTZjYwC8bK4u+IQdcqQkqz2r
ZV8URgRV7Rss4IUk//RBmDh8jv5HshZoeQW/iTHcXGWRQ3Qj1eK3lIkQ3vcMTzdt
aMi5x6SsEvU9X/QrQZuf1gJJ+dE13x/wd2QskvowPgekjg9a2l5T2mqSVyWM09O0
Q8kjFuYplZNykytfQXJ0AkRkPxp4KTUDU7Q7bV6/xSpY011YcsPhbTAWX2E=
-----END CERTIFICATE-----