Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f3b29dd5-ecb0-4a52-b94c-c3ea706e35bd.roa
File:                     f3b29dd5-ecb0-4a52-b94c-c3ea706e35bd.roa (raw, json)
Hash identifier:          LHgk4qdpH8CQrkvKcWLhVv2NybdYGysJzupNObSfBRM=
Subject key identifier:   AA:C1:61:6A:AE:1A:75:AA:E9:CA:88:E8:3B:00:4C:22:22:7D:6F:B5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0B96C8332E996587C9461F7AED29B7FCE0902F63
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f3b29dd5-ecb0-4a52-b94c-c3ea706e35bd.roa
Signing time:             Thu 25 Sep 2025 19:21:55 +0000
ROA not before:           Thu 25 Sep 2025 19:21:55 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.168.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:96:c8:33:2e:99:65:87:c9:46:1f:7a:ed:29:b7:fc:e0:90:2f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 19:21:55 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=b936bbf1bbee2fddab060e50d77d3c6a1468072c23c2432f3a2114708818b469, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:46:c2:92:b8:31:6a:44:31:a7:0a:f7:67:45:
                    8c:99:02:ca:12:e1:4d:0b:fc:08:fe:26:94:02:6a:
                    bb:74:8d:10:d0:bd:47:7a:ec:72:2d:72:cc:29:41:
                    7a:6d:64:99:e8:06:01:e7:db:a7:d0:06:f9:1b:eb:
                    90:c5:3c:18:78:65:cd:b8:23:33:02:e9:b6:44:bc:
                    a3:d5:a0:44:d7:ab:6c:54:8b:79:ac:e4:a0:75:81:
                    35:6c:c0:eb:16:08:4e:9d:91:95:cb:72:cc:95:32:
                    e5:f3:67:58:64:7e:42:34:25:d2:de:8a:35:cd:4c:
                    77:82:46:aa:24:71:14:4f:b8:73:10:58:3b:b7:72:
                    3b:73:60:06:de:de:e8:6b:ee:de:63:c0:d5:2d:f2:
                    78:68:26:e8:49:48:0c:b6:1d:90:78:1d:fe:3d:57:
                    a8:c4:2f:c4:e8:fa:0c:7b:04:11:c6:65:8f:2a:4a:
                    0a:e3:06:0d:2a:0b:8a:b5:d0:f3:b8:7d:8c:21:3f:
                    24:b3:6c:3d:fd:df:d9:2b:50:68:1d:7a:9c:b8:01:
                    66:ab:b9:52:5e:93:64:b5:d8:1d:2c:63:83:e1:5f:
                    ee:42:67:74:17:2e:3d:68:87:85:fc:15:68:f0:44:
                    4e:9d:4d:67:6d:d0:d8:ed:81:f3:f7:15:c1:09:09:
                    3d:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:C1:61:6A:AE:1A:75:AA:E9:CA:88:E8:3B:00:4C:22:22:7D:6F:B5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f3b29dd5-ecb0-4a52-b94c-c3ea706e35bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.168.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:86:3c:1b:53:a1:d1:ff:a6:14:03:92:4d:7e:bc:84:44:9d:
         46:41:9e:18:39:4a:80:f7:68:ef:63:27:52:db:81:92:8d:a2:
         d3:55:f0:e4:20:a1:c8:a3:27:ff:9e:31:33:a9:08:b7:88:64:
         6f:be:c7:c1:2f:61:c3:5f:e8:c1:9a:a7:ed:9a:97:c2:4d:fb:
         2a:aa:0d:50:cc:8d:bc:c5:7a:62:d2:e2:15:81:c4:6e:57:a1:
         d0:31:91:aa:c1:ff:8a:bb:a3:dc:22:11:c3:01:49:ae:b0:b2:
         c0:4b:27:a9:d9:b1:98:a2:4f:a3:85:8c:5f:fa:2d:12:06:b8:
         21:a5:b7:f8:c7:77:08:93:63:2e:b3:aa:a1:c0:71:71:d5:f1:
         20:00:44:60:b4:cb:4d:fd:f8:e5:e6:12:db:09:c6:22:b5:c6:
         9e:66:c5:93:bb:7a:06:4a:ab:37:2b:b5:82:36:a7:e7:00:20:
         ee:6f:87:0f:2e:e3:bd:05:d4:f4:b2:57:93:14:4f:65:18:0a:
         55:cb:bb:ef:50:ea:2a:d2:26:87:6a:53:24:2f:51:6f:d0:d1:
         7c:b9:85:3b:56:2f:3e:ea:aa:3a:d7:64:53:49:22:91:95:17:
         a9:ce:ee:d0:27:09:d3:2f:be:b8:93:52:d2:1a:d9:3e:e0:90:
         3e:f3:d5:64
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC5bIMy6ZZYfJRh967Sm3/OCQL2MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTkyMTU1WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiOTM2YmJmMWJiZWUyZmRkYWIwNjBlNTBkNzdkM2M2YTE0
NjgwNzJjMjNjMjQzMmYzYTIxMTQ3MDg4MThiNDY5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJRsKSuDFqRDGnCvdnRYyZAsoS4U0L/Aj+JpQCart0jRDQ
vUd67HItcswpQXptZJnoBgHn26fQBvkb65DFPBh4Zc24IzMC6bZEvKPVoETXq2xU
i3ms5KB1gTVswOsWCE6dkZXLcsyVMuXzZ1hkfkI0JdLeijXNTHeCRqokcRRPuHMQ
WDu3cjtzYAbe3uhr7t5jwNUt8nhoJuhJSAy2HZB4Hf49V6jEL8To+gx7BBHGZY8q
SgrjBg0qC4q10PO4fYwhPySzbD3939krUGgdepy4AWaruVJek2S12B0sY4PhX+5C
Z3QXLj1oh4X8FWjwRE6dTWdt0NjtgfP3FcEJCT3BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqsFhaq4adarpyojoOwBMIiJ9b7UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YzYjI5ZGQ1LWVjYjAtNGE1Mi1iOTRjLWMzZWE3MDZlMzViZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADqB8wDQYJKoZIhvcNAQELBQADggEBAC2GPBtTodH/phQDkk1+vIREnUZB
nhg5SoD3aO9jJ1LbgZKNotNV8OQgocijJ/+eMTOpCLeIZG++x8EvYcNf6MGap+2a
l8JN+yqqDVDMjbzFemLS4hWBxG5XodAxkarB/4q7o9wiEcMBSa6wssBLJ6nZsZii
T6OFjF/6LRIGuCGlt/jHdwiTYy6zqqHAcXHV8SAARGC0y039+OXmEtsJxiK1xp5m
xZO7egZKqzcrtYI2p+cAIO5vhw8u470F1PSyV5MUT2UYClXLu+9Q6irSJodqUyQv
UW/Q0Xy5hTtWLz7qqjrXZFNJIpGVF6nO7tAnCdMvvriTUtIa2T7gkD7z1WQ=
-----END CERTIFICATE-----