Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09f2a28b-bc83-44b1-b088-f2cab4682327.roa
File:                     09f2a28b-bc83-44b1-b088-f2cab4682327.roa (raw, json)
Hash identifier:          Vo12WDbkJYhAeXKbWSX/co05TJTYPwtm7pSh4S4reuY=
Subject key identifier:   EF:1C:3C:63:88:E2:5B:8C:14:FB:2F:8A:40:88:D9:D1:91:2B:3C:64
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       785E2C865A319C3A38799B94F32B1BF821828774
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09f2a28b-bc83-44b1-b088-f2cab4682327.roa
Signing time:             Tue 04 Nov 2025 01:40:58 +0000
ROA not before:           Tue 04 Nov 2025 01:40:58 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.131.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:5e:2c:86:5a:31:9c:3a:38:79:9b:94:f3:2b:1b:f8:21:82:87:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 01:40:58 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=e8922e2b6d885583631893163466aec6502079d088fc62e6f59d1fa7e621f5cf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:5b:a2:84:ec:a6:ce:23:af:85:24:25:25:56:
                    f5:35:8e:93:7f:a8:6f:b4:f9:1e:4d:33:85:c1:45:
                    21:b6:5b:a5:fb:09:d5:0f:54:0b:97:17:c7:89:9b:
                    00:71:8a:26:00:c8:ec:3d:bb:04:bc:f4:e2:8c:ba:
                    98:97:e4:6c:f3:4e:ea:81:05:52:17:de:ed:59:62:
                    f3:d1:61:e3:20:e7:06:35:d3:7e:ad:02:d1:6d:c8:
                    39:ba:c8:8f:03:ea:ec:b0:6e:cf:cd:f6:68:c0:2c:
                    e6:8d:e9:5b:5d:13:16:8f:f2:0f:48:f4:b1:87:8f:
                    32:3e:49:33:69:6a:54:bc:cd:06:d5:c0:56:57:08:
                    f1:d5:9b:b7:99:a5:8f:41:27:1d:1c:89:dd:53:fe:
                    fd:ec:d2:1b:59:b7:35:b7:f5:a3:3b:14:4c:bf:90:
                    63:c2:85:1d:eb:25:db:b7:2b:13:42:b0:7e:46:a1:
                    45:69:fc:11:76:45:c3:57:01:5c:e1:ac:94:43:c5:
                    44:0d:03:de:d4:d4:58:fb:02:d4:d9:55:a6:3f:a7:
                    a4:ff:46:25:8f:3c:5b:23:21:c8:5b:65:61:9b:32:
                    4c:31:64:23:49:c6:79:28:c7:e1:8c:b8:0c:a8:a9:
                    d0:f4:13:31:2a:c1:4b:b4:fe:64:d7:bf:e7:4f:93:
                    12:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:1C:3C:63:88:E2:5B:8C:14:FB:2F:8A:40:88:D9:D1:91:2B:3C:64
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09f2a28b-bc83-44b1-b088-f2cab4682327.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.131.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         69:58:01:dc:5c:f8:bd:ba:31:3c:b7:b4:10:eb:b7:8a:2f:03:
         ea:84:50:87:c2:27:00:7d:2f:34:10:4b:45:7b:ca:e5:dd:25:
         b0:0d:71:0b:3f:e9:7a:54:39:71:b5:7a:de:17:46:8e:a7:8f:
         40:e6:fa:0c:13:7b:d3:a5:b4:fd:68:57:6e:71:4c:6a:36:be:
         19:cd:4a:7e:e8:41:52:c3:cf:ab:95:1f:05:0d:69:e8:fb:8f:
         d2:10:54:08:32:c8:97:57:bd:b2:7e:da:b8:96:88:84:60:b9:
         cb:7e:18:87:6f:5f:d5:87:65:a9:e7:d8:96:0d:da:34:a5:9f:
         b3:f4:9f:5e:c6:77:1b:f7:e3:39:20:34:36:bd:53:7b:78:61:
         9a:5f:3d:67:61:12:fd:c6:53:ce:84:46:63:f2:71:f6:f0:8a:
         3f:e3:5c:15:27:81:5d:95:ab:0a:d3:bd:1b:3a:ae:b1:88:ba:
         3c:56:4b:f4:7b:d8:b1:9e:d3:2f:3b:e8:58:c4:61:69:d7:5a:
         09:05:35:f0:8a:97:bf:77:fb:15:d5:bc:cd:f2:a3:63:59:46:
         a0:76:c2:58:c4:bf:1a:3f:5d:86:8d:d3:30:fe:35:9e:b3:e7:
         ef:c9:68:69:70:19:c5:2e:f3:b9:d0:3f:af:80:e9:1d:87:d8:
         3c:53:b1:d6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeF4shloxnDo4eZuU8ysb+CGCh3QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDE0MDU4WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlODkyMmUyYjZkODg1NTgzNjMxODkzMTYzNDY2YWVjNjUw
MjA3OWQwODhmYzYyZTZmNTlkMWZhN2U2MjFmNWNmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGW6KE7KbOI6+FJCUlVvU1jpN/qG+0+R5NM4XBRSG2W6X7
CdUPVAuXF8eJmwBxiiYAyOw9uwS89OKMupiX5GzzTuqBBVIX3u1ZYvPRYeMg5wY1
036tAtFtyDm6yI8D6uywbs/N9mjALOaN6VtdExaP8g9I9LGHjzI+STNpalS8zQbV
wFZXCPHVm7eZpY9BJx0cid1T/v3s0htZtzW39aM7FEy/kGPChR3rJdu3KxNCsH5G
oUVp/BF2RcNXAVzhrJRDxUQNA97U1Fj7AtTZVaY/p6T/RiWPPFsjIchbZWGbMkwx
ZCNJxnkox+GMuAyoqdD0EzEqwUu0/mTXv+dPkxJLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7xw8Y4jiW4wU+y+KQIjZ0ZErPGQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA5ZjJhMjhiLWJjODMtNDRiMS1iMDg4LWYyY2FiNDY4MjMyNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwADgzANBgkqhkiG9w0BAQsFAAOCAQEAaVgB3Fz4vboxPLe0EOu3ii8D6oRQ
h8InAH0vNBBLRXvK5d0lsA1xCz/pelQ5cbV63hdGjqePQOb6DBN706W0/WhXbnFM
aja+Gc1KfuhBUsPPq5UfBQ1p6PuP0hBUCDLIl1e9sn7auJaIhGC5y34Yh29f1Ydl
qefYlg3aNKWfs/SfXsZ3G/fjOSA0Nr1Te3hhml89Z2ES/cZTzoRGY/Jx9vCKP+Nc
FSeBXZWrCtO9GzqusYi6PFZL9HvYsZ7TLzvoWMRhaddaCQU18IqXv3f7FdW8zfKj
Y1lGoHbCWMS/Gj9dho3TMP41nrPn78loaXAZxS7zudA/r4DpHYfYPFOx1g==
-----END CERTIFICATE-----