Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/30f2ed42-fbcb-4e1d-bc2a-368829912bae.roa
File:                     30f2ed42-fbcb-4e1d-bc2a-368829912bae.roa (raw, json)
Hash identifier:          tmf/LQuWnH7tsDlSKfQQjK/SgqU9/Y4hURQYsRohiqA=
Subject key identifier:   E5:0D:06:DB:BF:1C:34:C6:1D:FB:DB:57:EB:05:30:E8:E4:43:10:27
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5F292746B700D626785CED031953AAC37CF06071
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/30f2ed42-fbcb-4e1d-bc2a-368829912bae.roa
Signing time:             Tue 21 Oct 2025 01:02:32 +0000
ROA not before:           Tue 21 Oct 2025 01:02:32 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.170.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:29:27:46:b7:00:d6:26:78:5c:ed:03:19:53:aa:c3:7c:f0:60:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 01:02:32 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=f4215c6f068410642a88f9df7582d158660f9801bbfc36cc7d1b36ad2b33ac6f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:f3:1c:a3:49:84:f7:74:b4:a4:5f:e4:a9:d3:
                    a0:f9:2c:b6:87:ee:ed:95:6b:23:28:f4:e3:93:d7:
                    89:bc:91:27:83:b1:06:cd:2c:93:b5:63:df:85:a4:
                    ad:94:d2:2c:35:8f:83:33:9f:85:6c:cb:80:df:6c:
                    d2:48:ec:9f:ff:f1:f1:4d:d4:8b:2d:6c:a2:fe:b5:
                    a0:25:a4:2d:3e:4f:2b:8a:a7:bd:e3:d9:23:83:b6:
                    59:97:f6:1f:da:9a:e5:4a:60:52:59:cd:38:de:9a:
                    f4:b1:a3:5f:65:44:60:ec:f6:5b:e1:d4:ee:ef:75:
                    01:b9:7c:15:7c:99:98:8a:6d:7b:b8:82:85:de:36:
                    cb:b1:64:14:31:93:ea:c6:a3:80:89:8b:54:37:71:
                    98:49:56:52:be:bb:ab:ae:27:26:91:04:9e:43:50:
                    3b:94:6b:fb:57:6c:3a:78:d4:b8:92:a6:6f:0a:b8:
                    93:45:4b:7a:ab:7c:ab:62:ab:a7:36:b0:3b:d7:bc:
                    82:38:b2:8a:b8:9f:98:d7:52:60:b8:16:d3:11:de:
                    51:46:74:7a:1f:37:83:99:00:56:18:ef:17:b7:16:
                    58:90:84:6c:7a:b3:c5:14:69:71:af:f3:c2:ed:86:
                    f9:f5:61:96:ac:79:0c:2f:6d:fc:c6:4d:12:ed:b1:
                    e2:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:0D:06:DB:BF:1C:34:C6:1D:FB:DB:57:EB:05:30:E8:E4:43:10:27
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/30f2ed42-fbcb-4e1d-bc2a-368829912bae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.170.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         6d:8f:9d:f7:72:4f:a9:e6:81:96:ff:b5:b5:82:2f:6c:41:ea:
         a5:3f:8b:29:91:83:6f:d2:a7:da:b9:0b:51:ce:6a:c6:9d:b5:
         15:f3:d3:fd:a6:93:d2:a1:48:60:01:dc:97:00:cf:e8:41:c3:
         e6:eb:f7:80:64:45:fd:1b:44:3a:d3:2a:a8:64:33:14:03:a2:
         f8:08:d3:80:47:8d:43:48:72:0b:d8:21:a7:ab:31:7a:2e:ff:
         99:0e:28:a8:24:bf:e7:b5:f4:3e:c9:4f:26:aa:e4:4a:16:5b:
         60:f6:a9:f2:2c:78:b8:00:94:5c:e7:71:31:35:61:d5:8f:7b:
         35:59:4b:0f:3c:fe:cc:6b:64:c9:4d:72:15:cc:da:92:79:54:
         74:d3:0d:bd:4d:18:40:7a:94:30:f0:f7:e1:0b:1e:45:ff:b5:
         a0:9f:52:f0:7e:a8:da:31:db:c7:57:e9:99:0a:d9:b5:4a:76:
         21:e1:44:c9:cf:25:66:7b:5e:a5:17:47:84:97:bd:9a:d7:6e:
         32:1b:b2:dc:65:d0:0c:61:41:0b:a7:e0:3b:da:9d:d1:74:46:
         36:0a:46:ee:0b:e3:04:40:31:e2:02:1b:70:bf:f1:90:00:e8:
         22:15:09:97:ef:68:f9:80:de:d4:3d:34:d9:a9:18:10:d3:1b:
         c4:ea:83:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXyknRrcA1iZ4XO0DGVOqw3zwYHEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDEwMjMyWhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNDIxNWM2ZjA2ODQxMDY0MmE4OGY5ZGY3NTgyZDE1ODY2
MGY5ODAxYmJmYzM2Y2M3ZDFiMzZhZDJiMzNhYzZmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDr8xyjSYT3dLSkX+Sp06D5LLaH7u2VayMo9OOT14m8kSeD
sQbNLJO1Y9+FpK2U0iw1j4Mzn4Vsy4DfbNJI7J//8fFN1IstbKL+taAlpC0+TyuK
p73j2SODtlmX9h/amuVKYFJZzTjemvSxo19lRGDs9lvh1O7vdQG5fBV8mZiKbXu4
goXeNsuxZBQxk+rGo4CJi1Q3cZhJVlK+u6uuJyaRBJ5DUDuUa/tXbDp41LiSpm8K
uJNFS3qrfKtiq6c2sDvXvII4soq4n5jXUmC4FtMR3lFGdHofN4OZAFYY7xe3FliQ
hGx6s8UUaXGv88Lthvn1YZaseQwvbfzGTRLtseJJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5Q0G278cNMYd+9tX6wUw6ORDECcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMwZjJlZDQyLWZiY2ItNGUxZC1iYzJhLTM2ODgyOTkxMmJhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcDqgAwDQYJKoZIhvcNAQELBQADggEBAG2PnfdyT6nmgZb/tbWCL2xB6qU/
iymRg2/Sp9q5C1HOasadtRXz0/2mk9KhSGAB3JcAz+hBw+br94BkRf0bRDrTKqhk
MxQDovgI04BHjUNIcgvYIaerMXou/5kOKKgkv+e19D7JTyaq5EoWW2D2qfIseLgA
lFzncTE1YdWPezVZSw88/sxrZMlNchXM2pJ5VHTTDb1NGEB6lDDw9+ELHkX/taCf
UvB+qNox28dX6ZkK2bVKdiHhRMnPJWZ7XqUXR4SXvZrXbjIbstxl0AxhQQun4Dva
ndF0RjYKRu4L4wRAMeICG3C/8ZAA6CIVCZfvaPmA3tQ9NNmpGBDTG8Tqg/M=
-----END CERTIFICATE-----