Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f4969503-2fd9-4e1e-8442-00b4d728c687.roa
File:                     f4969503-2fd9-4e1e-8442-00b4d728c687.roa (raw, json)
Hash identifier:          5fZ7JK5VvFr//4P34HoRDAgjz2Xefn97aBR1nG8Y4hw=
Subject key identifier:   C8:92:8A:A4:F1:ED:83:FD:FA:E0:FB:B1:AF:C1:59:85:D4:FA:59:F7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2B12509E470676D108A4D887BC44013724F1BFF0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f4969503-2fd9-4e1e-8442-00b4d728c687.roa
Signing time:             Thu 25 Sep 2025 18:45:29 +0000
ROA not before:           Thu 25 Sep 2025 18:45:29 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.166.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:12:50:9e:47:06:76:d1:08:a4:d8:87:bc:44:01:37:24:f1:bf:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 18:45:29 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=38cdcd90dd412455457ba8b22ba572680ff1d182abf9c7626cb35e1a10999e09, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3e:8d:f6:61:fc:9b:2b:a4:3d:49:e1:b4:79:
                    8d:3a:37:34:fa:94:0b:86:db:cd:8e:79:b1:7e:66:
                    22:2c:6f:b3:21:28:fc:c5:f9:a8:49:df:89:00:fa:
                    6e:94:ae:ee:dc:d5:08:3a:45:05:8e:d0:74:33:99:
                    b5:c1:90:7f:8c:e1:9b:67:67:88:d2:f7:06:85:c5:
                    83:c8:60:6f:99:5b:24:cc:24:8a:31:28:fb:19:32:
                    ac:87:e6:20:53:78:70:ef:c5:02:af:9b:fe:43:35:
                    ec:a5:86:80:6d:e5:84:e5:7e:fc:07:2c:9e:14:b1:
                    29:5e:bd:96:60:42:9a:c9:dc:4b:9f:c7:4b:67:9f:
                    38:c1:8d:8a:6b:26:51:c5:69:93:e3:4d:4c:71:5e:
                    69:f8:75:2a:ca:28:24:8f:3e:2a:42:b5:e0:85:31:
                    65:da:27:55:1d:8b:a3:08:81:87:3b:72:82:45:35:
                    64:ee:0e:be:14:c5:5f:0b:b6:78:91:10:a1:13:57:
                    94:e4:84:36:1e:68:9c:ba:bf:1d:19:3b:9c:55:07:
                    c1:63:fa:8b:81:5d:ae:80:17:9e:20:49:9b:f3:53:
                    57:2b:47:0f:30:ed:f3:25:d1:85:87:b8:8f:8f:1b:
                    d2:fb:b6:9a:2f:b2:fc:06:16:fd:f7:f8:30:6c:c7:
                    ab:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:92:8A:A4:F1:ED:83:FD:FA:E0:FB:B1:AF:C1:59:85:D4:FA:59:F7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f4969503-2fd9-4e1e-8442-00b4d728c687.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.166.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:93:fa:f9:0a:05:92:f4:a4:a1:e1:dc:d1:5a:2e:c0:7f:fa:
         c2:98:58:87:bc:9f:2e:1e:63:81:0c:8d:d1:d9:52:83:a2:6f:
         2b:46:da:95:95:e0:ad:70:2c:20:eb:38:4f:6e:3b:a3:48:63:
         fb:8e:4c:51:b8:d9:d8:fd:5d:9a:f9:4f:11:89:64:3f:56:e2:
         f8:de:15:54:0d:d6:c0:e6:1f:1e:4e:f0:8a:62:c7:98:bd:19:
         6e:14:4f:43:be:99:87:60:28:4f:35:8a:d3:35:2a:b9:8d:4b:
         02:9d:b3:64:74:02:0c:7f:1b:de:e5:21:28:ac:b3:f2:8c:67:
         25:a0:87:b0:03:38:7c:09:6e:6b:3d:5a:34:68:a6:9a:4d:26:
         49:00:c2:d3:38:c2:b7:b1:b1:76:8f:98:69:07:57:e9:c3:b7:
         9e:63:07:e3:4f:bb:03:59:67:99:5f:f8:fc:8e:5d:a9:42:75:
         c5:60:f1:06:cb:4e:ae:4b:f4:00:aa:3e:06:c0:0a:46:4c:d4:
         d4:f1:59:b1:e2:98:35:bd:74:e5:fa:f2:6d:03:38:7d:2a:3a:
         44:f4:f7:9c:89:0a:ef:6d:fc:9e:53:54:30:67:03:18:8a:5b:
         26:18:1d:51:b2:bc:7d:3d:fc:1b:04:dc:57:d8:1f:91:ad:00:
         5c:d4:cb:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKxJQnkcGdtEIpNiHvEQBNyTxv/AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MTg0NTI5WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOGNkY2Q5MGRkNDEyNDU1NDU3YmE4YjIyYmE1NzI2ODBm
ZjFkMTgyYWJmOWM3NjI2Y2IzNWUxYTEwOTk5ZTA5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6Po32YfybK6Q9SeG0eY06NzT6lAuG282OebF+ZiIsb7Mh
KPzF+ahJ34kA+m6Uru7c1Qg6RQWO0HQzmbXBkH+M4ZtnZ4jS9waFxYPIYG+ZWyTM
JIoxKPsZMqyH5iBTeHDvxQKvm/5DNeylhoBt5YTlfvwHLJ4UsSlevZZgQprJ3Euf
x0tnnzjBjYprJlHFaZPjTUxxXmn4dSrKKCSPPipCteCFMWXaJ1Udi6MIgYc7coJF
NWTuDr4UxV8LtniREKETV5TkhDYeaJy6vx0ZO5xVB8Fj+ouBXa6AF54gSZvzU1cr
Rw8w7fMl0YWHuI+PG9L7tpovsvwGFv33+DBsx6ufAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyJKKpPHtg/364Puxr8FZhdT6WfcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y0OTY5NTAzLTJmZDktNGUxZS04NDQyLTAwYjRkNzI4YzY4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADpjUwDQYJKoZIhvcNAQELBQADggEBAEOT+vkKBZL0pKHh3NFaLsB/+sKY
WIe8ny4eY4EMjdHZUoOibytG2pWV4K1wLCDrOE9uO6NIY/uOTFG42dj9XZr5TxGJ
ZD9W4vjeFVQN1sDmHx5O8Ipix5i9GW4UT0O+mYdgKE81itM1KrmNSwKds2R0Agx/
G97lISiss/KMZyWgh7ADOHwJbms9WjRopppNJkkAwtM4wrexsXaPmGkHV+nDt55j
B+NPuwNZZ5lf+PyOXalCdcVg8QbLTq5L9ACqPgbACkZM1NTxWbHimDW9dOX68m0D
OH0qOkT095yJCu9t/J5TVDBnAxiKWyYYHVGyvH09/BsE3FfYH5GtAFzUyy0=
-----END CERTIFICATE-----