Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2f04501a-e42e-4e8d-92db-f2de0979982c.roa
File:                     2f04501a-e42e-4e8d-92db-f2de0979982c.roa (raw, json)
Hash identifier:          Xy0slB+9GaTdNn1KCWDfvLZW259Lnumb8wMjPy3DYm0=
Subject key identifier:   1A:53:38:60:9A:1F:E5:B5:63:3A:EF:88:7E:EF:CA:AD:18:06:B2:C5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       29686658541FFF2DE515E2568177DA7768EFCBBC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2f04501a-e42e-4e8d-92db-f2de0979982c.roa
Signing time:             Tue 04 Nov 2025 02:10:35 +0000
ROA not before:           Tue 04 Nov 2025 02:10:35 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        3.208.0.0/12 maxlen: 12
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:68:66:58:54:1f:ff:2d:e5:15:e2:56:81:77:da:77:68:ef:cb:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 02:10:35 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=bfa71516be08e73ea8abb39f2a721ecb5c2a4057d4735a2b07eb5747ad37736f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:6f:0b:87:cb:a8:51:86:e8:67:eb:28:fc:9c:
                    d8:b5:a2:db:57:8e:ba:8c:57:2b:0f:54:1d:3d:80:
                    66:ae:03:7b:ec:a4:d8:50:8a:81:b1:14:38:03:bb:
                    b5:bb:31:ff:94:da:8e:37:38:46:79:ac:bd:2a:1d:
                    22:cb:b3:f7:8e:2e:44:74:6d:bb:ec:8e:71:9c:56:
                    81:5d:a7:c9:22:0d:8b:35:56:34:19:09:3a:75:06:
                    79:72:f3:e5:46:92:d8:d5:ae:b8:c0:f5:05:35:b7:
                    52:0e:e5:7b:f3:86:c3:d3:bd:a2:76:93:05:e5:16:
                    c5:60:40:17:e9:df:ef:48:6b:80:2c:1c:d0:a7:68:
                    5d:72:18:5f:6f:a0:51:ed:df:a0:4d:87:3c:7a:80:
                    45:84:6f:53:26:7e:8d:48:b2:77:82:97:c7:3a:c8:
                    fd:86:78:26:8b:ff:fe:46:73:ed:50:63:a3:65:c3:
                    46:d2:f8:40:96:71:23:ff:44:46:81:a2:fd:83:e6:
                    15:e2:1a:5f:d8:21:22:96:ef:13:0e:be:e8:c5:89:
                    e7:d8:3c:f7:04:47:ab:26:0d:fa:5f:93:8c:ed:21:
                    51:87:b8:b0:04:d1:70:47:d3:89:c2:62:92:83:88:
                    ea:72:fe:a4:2c:29:32:fd:ff:e3:7f:f1:ed:06:85:
                    65:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:53:38:60:9A:1F:E5:B5:63:3A:EF:88:7E:EF:CA:AD:18:06:B2:C5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2f04501a-e42e-4e8d-92db-f2de0979982c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.208.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         69:04:64:c5:af:4c:23:99:07:a0:bc:ff:23:d5:dc:83:b6:de:
         4d:b2:0a:f7:42:fe:d0:f0:d4:c5:34:19:d8:e0:55:46:a1:55:
         b0:9b:33:89:15:ce:e5:55:18:0e:7c:54:85:af:41:a4:c0:53:
         47:41:bc:c5:11:15:20:60:62:a0:41:2c:55:eb:3c:da:eb:69:
         1d:7c:67:9a:16:e2:63:66:0f:00:4e:d3:09:00:60:49:a8:62:
         6b:a8:78:f8:60:59:40:b6:80:c9:e4:43:f7:42:4c:75:65:71:
         c8:fd:a7:92:f1:0b:f5:6a:ca:6c:3a:76:20:de:56:ee:fc:e3:
         2b:a5:17:11:e1:73:5a:50:b7:96:3f:c6:f2:dd:1c:41:5b:a5:
         a4:8d:05:1d:03:05:07:c5:bd:55:e7:77:82:de:15:e7:60:99:
         11:f5:54:a7:21:7c:a5:18:60:9b:76:db:e0:5e:8d:c3:27:e5:
         a5:66:74:d9:db:de:b8:70:81:6f:55:a3:05:74:b3:b8:ad:0c:
         c0:4d:47:9b:66:a8:35:c4:f1:7a:51:af:56:9c:10:af:b4:cc:
         ec:73:af:e5:a3:da:20:56:03:0f:e9:49:2e:ee:82:75:d5:af:
         b4:42:ae:fd:f9:2f:df:b9:2c:6b:1f:9d:77:b8:51:fd:9f:1a:
         57:7c:8d:22
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKWhmWFQf/y3lFeJWgXfad2jvy7wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDIxMDM1WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZmE3MTUxNmJlMDhlNzNlYThhYmIzOWYyYTcyMWVjYjVj
MmE0MDU3ZDQ3MzVhMmIwN2ViNTc0N2FkMzc3MzZmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCGbwuHy6hRhuhn6yj8nNi1ottXjrqMVysPVB09gGauA3vs
pNhQioGxFDgDu7W7Mf+U2o43OEZ5rL0qHSLLs/eOLkR0bbvsjnGcVoFdp8kiDYs1
VjQZCTp1Bnly8+VGktjVrrjA9QU1t1IO5XvzhsPTvaJ2kwXlFsVgQBfp3+9Ia4As
HNCnaF1yGF9voFHt36BNhzx6gEWEb1Mmfo1IsneCl8c6yP2GeCaL//5Gc+1QY6Nl
w0bS+ECWcSP/REaBov2D5hXiGl/YISKW7xMOvujFiefYPPcER6smDfpfk4ztIVGH
uLAE0XBH04nCYpKDiOpy/qQsKTL9/+N/8e0GhWUtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUGlM4YJof5bVjOu+Ifu/KrRgGssUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJmMDQ1MDFhLWU0MmUtNGU4ZC05MmRiLWYyZGUwOTc5OTgyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQD0DANBgkqhkiG9w0BAQsFAAOCAQEAaQRkxa9MI5kHoLz/I9Xcg7beTbIK
90L+0PDUxTQZ2OBVRqFVsJsziRXO5VUYDnxUha9BpMBTR0G8xREVIGBioEEsVes8
2utpHXxnmhbiY2YPAE7TCQBgSahia6h4+GBZQLaAyeRD90JMdWVxyP2nkvEL9WrK
bDp2IN5W7vzjK6UXEeFzWlC3lj/G8t0cQVulpI0FHQMFB8W9Ved3gt4V52CZEfVU
pyF8pRhgm3bb4F6NwyflpWZ02dveuHCBb1WjBXSzuK0MwE1Hm2aoNcTxelGvVpwQ
r7TM7HOv5aPaIFYDD+lJLu6CddWvtEKu/fkv37ksax+dd7hR/Z8aV3yNIg==
-----END CERTIFICATE-----