Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fffedd46-502e-4178-9bc7-2c752a3d89e7.roa
File:                     fffedd46-502e-4178-9bc7-2c752a3d89e7.roa (raw, json)
Hash identifier:          k6No702ZDIPKjJAn8tZlbikdxit0MPpTZQwK5icuUSk=
Subject key identifier:   C1:A1:9F:09:11:F3:99:D4:69:97:30:0F:69:94:56:12:07:8D:54:3C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       032CB92F5EC44C3EC86C1F582418AFF74DBECE7A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fffedd46-502e-4178-9bc7-2c752a3d89e7.roa
Signing time:             Mon 20 Oct 2025 09:43:37 +0000
ROA not before:           Mon 20 Oct 2025 09:43:37 +0000
ROA not after:            Mon 24 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.161.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 23 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:2c:b9:2f:5e:c4:4c:3e:c8:6c:1f:58:24:18:af:f7:4d:be:ce:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 20 09:43:37 2025 GMT
            Not After : Nov 24 23:59:59 2025 GMT
        Subject: serialNumber=4971fe1e7f9f73fee9a19cae19e34804765df560738a2b264bb18667bcfb7aec, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:fa:17:8f:e4:dd:b5:08:f7:03:05:97:b4:82:
                    45:de:3f:e8:c3:ba:77:98:43:93:c0:a3:c4:a3:ee:
                    67:59:df:50:80:dc:9e:c1:d0:10:34:17:3b:24:ac:
                    65:8b:f7:75:48:5a:d7:ff:78:0d:f7:d8:68:64:13:
                    a3:bc:e2:a9:9c:22:7f:8d:46:1a:87:e1:88:45:b1:
                    1e:b1:84:fe:f0:5f:0d:f8:d7:db:93:dc:c8:d5:5f:
                    2f:89:45:fa:68:a6:6f:62:e1:6b:ac:f3:4e:ad:49:
                    37:94:14:6f:3f:95:01:7b:d1:b1:fb:56:93:26:1a:
                    7b:af:1d:bc:5c:40:06:bb:60:09:88:24:26:46:d4:
                    3a:1f:ce:12:d7:51:7d:5e:f4:26:d7:be:2a:4f:11:
                    2e:79:c3:20:f7:6b:e9:c0:0d:32:34:bf:20:8e:77:
                    ef:61:54:b1:58:a9:a9:34:72:0e:2e:98:94:49:16:
                    dd:97:45:9c:f9:27:81:01:7e:f7:7c:c3:63:b9:22:
                    69:58:23:b8:59:b3:c1:85:07:c3:4e:b1:21:26:c1:
                    fd:f4:0a:43:7b:b0:85:54:d9:ea:ab:27:bd:1f:51:
                    d6:70:d1:86:b5:6f:98:48:eb:c7:fa:52:0b:d4:9c:
                    8b:7a:8f:0a:93:08:66:45:bb:b6:7f:b7:30:92:99:
                    70:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:A1:9F:09:11:F3:99:D4:69:97:30:0F:69:94:56:12:07:8D:54:3C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fffedd46-502e-4178-9bc7-2c752a3d89e7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.161.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:cc:c3:0e:7d:44:b5:c7:d8:1e:02:a6:c2:b6:ec:6c:4c:06:
         c5:e7:f0:4f:69:86:a2:ec:3e:b6:70:e8:c9:05:c1:41:01:d3:
         08:a8:02:7c:10:ee:d8:80:58:ab:73:2b:6b:f7:1c:82:17:6e:
         d3:0f:d3:c8:d3:fd:c9:a3:81:9f:f7:9f:a9:8d:8a:f2:9a:43:
         53:8a:47:ff:2b:6b:4a:43:2a:b6:75:3c:8c:c8:fd:5c:d5:6c:
         4c:44:fd:ce:7f:b8:8f:28:57:d6:9e:82:17:d9:e7:f7:bc:a0:
         f4:c6:d1:3e:62:fa:88:3d:32:d6:0a:9f:31:dd:6e:d3:d1:b8:
         0d:b9:c5:be:f6:2e:c6:5c:ca:b7:6e:91:99:0f:2e:55:dc:21:
         e6:8f:f3:af:3b:f7:e4:b0:59:a0:a4:01:91:14:4f:fc:31:83:
         21:f3:47:c4:11:28:0a:76:53:51:dd:7a:47:9e:2d:10:3b:e2:
         34:7f:33:b2:b1:7a:f2:71:2d:e9:da:04:da:de:ec:44:10:d4:
         5d:5a:83:43:ca:6e:6c:84:1a:1b:a0:6b:b4:5e:cf:82:a8:1e:
         4f:a9:a4:99:a8:fc:c1:4f:29:15:e4:99:62:14:d1:c4:af:48:
         3f:30:ae:49:27:46:ba:21:e7:b2:92:41:1e:93:9b:f4:ac:97:
         56:b4:09:7d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAyy5L17ETD7IbB9YJBiv902+znowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIwMDk0MzM3WhcNMjUxMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OTcxZmUxZTdmOWY3M2ZlZTlhMTljYWUxOWUzNDgwNDc2
NWRmNTYwNzM4YTJiMjY0YmIxODY2N2JjZmI3YWVjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDE+heP5N21CPcDBZe0gkXeP+jDuneYQ5PAo8Sj7mdZ31CA
3J7B0BA0FzskrGWL93VIWtf/eA332GhkE6O84qmcIn+NRhqH4YhFsR6xhP7wXw34
19uT3MjVXy+JRfpopm9i4Wus806tSTeUFG8/lQF70bH7VpMmGnuvHbxcQAa7YAmI
JCZG1DofzhLXUX1e9CbXvipPES55wyD3a+nADTI0vyCOd+9hVLFYqak0cg4umJRJ
Ft2XRZz5J4EBfvd8w2O5ImlYI7hZs8GFB8NOsSEmwf30CkN7sIVU2eqrJ70fUdZw
0Ya1b5hI68f6UgvUnIt6jwqTCGZFu7Z/tzCSmXCVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwaGfCRHzmdRplzAPaZRWEgeNVDwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZmZmVkZDQ2LTUwMmUtNDE3OC05YmM3LTJjNzUyYTNkODllNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADoXswDQYJKoZIhvcNAQELBQADggEBAGzMww59RLXH2B4CpsK27GxMBsXn
8E9phqLsPrZw6MkFwUEB0wioAnwQ7tiAWKtzK2v3HIIXbtMP08jT/cmjgZ/3n6mN
ivKaQ1OKR/8ra0pDKrZ1PIzI/VzVbExE/c5/uI8oV9aeghfZ5/e8oPTG0T5i+og9
MtYKnzHdbtPRuA25xb72LsZcyrdukZkPLlXcIeaP86879+SwWaCkAZEUT/wxgyHz
R8QRKAp2U1HdekeeLRA74jR/M7KxevJxLenaBNre7EQQ1F1ag0PKbmyEGhuga7Re
z4KoHk+ppJmo/MFPKRXkmWIU0cSvSD8wrkknRroh57KSQR6Tm/Ssl1a0CX0=
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:25:11 2025 by rpki-client