Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3698a28a-faab-459c-8417-ccc4e03ad257.roa
File:                     3698a28a-faab-459c-8417-ccc4e03ad257.roa (raw, json)
Hash identifier:          nvCMobnRA/VL1N1sgkQNhPAzoSzKNO9nX8lxxhoAYlY=
Subject key identifier:   9C:AD:D9:47:3D:64:EE:2E:41:22:DF:11:FC:4E:B9:BB:B9:5A:4F:CF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1952F72E3252CD1CD4933B5D2A6A2BDD725E78DA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3698a28a-faab-459c-8417-ccc4e03ad257.roa
Signing time:             Tue 21 Oct 2025 06:32:39 +0000
ROA not before:           Tue 21 Oct 2025 06:32:39 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        156.7.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:52:f7:2e:32:52:cd:1c:d4:93:3b:5d:2a:6a:2b:dd:72:5e:78:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 06:32:39 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=607362803836e7bb97058fbd451e500c4c67972c58706433042fea7f1a97ebec, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ac:55:70:41:53:02:9d:5c:78:70:9b:45:31:
                    a3:97:67:d0:24:10:50:ce:4e:f2:97:a9:47:9f:ed:
                    57:90:38:c1:0d:7f:3e:44:85:36:68:46:9d:f0:ad:
                    69:e0:5a:54:b0:57:d2:ca:f0:4f:ee:ff:5b:db:af:
                    e1:b4:e9:db:13:a0:8f:91:00:04:17:fb:95:c4:1d:
                    1b:e4:30:12:b9:dd:ca:dd:a4:a8:df:27:fa:2d:bf:
                    58:af:22:94:1c:24:6f:84:0b:0c:4f:d5:ad:3a:68:
                    b3:07:e4:9b:53:e7:82:75:af:39:e7:4d:0a:58:43:
                    5c:52:09:1b:d6:88:14:51:b1:b9:d9:5c:08:ea:52:
                    1a:72:b7:63:bc:db:fc:73:60:ec:bf:6f:6d:6c:82:
                    2b:ef:a4:f1:08:3b:2d:c1:e3:34:15:ac:3e:23:c3:
                    70:74:fd:0b:89:9d:67:1d:e3:a8:9d:32:02:73:6c:
                    1e:38:09:d5:79:fe:1e:07:42:58:69:57:62:f1:07:
                    25:d0:7c:8b:8e:e4:37:06:20:8d:5c:7d:ce:b5:d1:
                    f8:91:c4:c6:cd:11:3a:73:3c:6c:80:ce:2b:21:60:
                    31:a3:88:ce:ed:47:d8:cd:37:bc:47:3b:90:24:51:
                    6a:f0:13:0e:04:1a:69:4e:1d:5f:5b:d0:20:9f:55:
                    3f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:AD:D9:47:3D:64:EE:2E:41:22:DF:11:FC:4E:B9:BB:B9:5A:4F:CF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3698a28a-faab-459c-8417-ccc4e03ad257.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.7.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         65:41:09:a2:c9:18:68:64:b4:00:c0:37:2a:b1:16:48:58:25:
         b4:fc:5f:0e:b3:cf:d8:83:07:c3:92:42:53:c0:e1:38:33:d1:
         84:8b:2a:66:74:73:80:a8:1f:65:d9:61:a5:62:a1:6a:e0:a7:
         98:5c:27:0d:9f:cf:96:d1:51:10:99:6c:fb:ff:b6:fa:60:16:
         f2:9a:92:15:5f:ac:9d:5f:1c:b8:26:a4:13:cd:02:71:ce:cc:
         5c:41:95:cb:ad:90:47:38:9d:6c:56:78:52:27:bd:48:99:94:
         a5:2a:d6:c8:eb:e5:5b:92:e1:c3:09:7f:05:61:88:f6:71:6d:
         b2:9d:ce:92:97:08:63:31:be:32:49:44:54:ea:99:31:ee:77:
         37:ea:3c:84:95:ef:14:dc:63:d5:7d:9e:36:a3:fb:70:9e:0e:
         22:51:93:50:f0:2a:f4:8a:c8:57:85:52:78:ad:63:3e:4a:62:
         ed:d6:1e:30:b6:b1:1d:2d:4c:da:ec:00:99:7d:88:41:44:b6:
         1f:7a:00:d8:45:cb:19:b9:97:f7:1c:03:26:0b:09:de:80:b5:
         4c:39:59:21:4e:57:72:f7:60:ce:63:70:6d:be:92:8b:13:22:
         51:07:9c:45:92:5e:d1:ea:7c:a5:16:5c:c9:62:d1:4f:31:c9:
         b2:c7:f5:65
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGVL3LjJSzRzUkztdKmor3XJeeNowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDYzMjM5WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDczNjI4MDM4MzZlN2JiOTcwNThmYmQ0NTFlNTAwYzRj
Njc5NzJjNTg3MDY0MzMwNDJmZWE3ZjFhOTdlYmVjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrrFVwQVMCnVx4cJtFMaOXZ9AkEFDOTvKXqUef7VeQOMEN
fz5EhTZoRp3wrWngWlSwV9LK8E/u/1vbr+G06dsToI+RAAQX+5XEHRvkMBK53crd
pKjfJ/otv1ivIpQcJG+ECwxP1a06aLMH5JtT54J1rznnTQpYQ1xSCRvWiBRRsbnZ
XAjqUhpyt2O82/xzYOy/b21sgivvpPEIOy3B4zQVrD4jw3B0/QuJnWcd46idMgJz
bB44CdV5/h4HQlhpV2LxByXQfIuO5DcGII1cfc610fiRxMbNETpzPGyAzishYDGj
iM7tR9jNN7xHO5AkUWrwEw4EGmlOHV9b0CCfVT8PAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUnK3ZRz1k7i5BIt8R/E65u7laT88wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM2OThhMjhhLWZhYWItNDU5Yy04NDE3LWNjYzRlMDNhZDI1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCcBzANBgkqhkiG9w0BAQsFAAOCAQEAZUEJoskYaGS0AMA3KrEWSFgltPxf
DrPP2IMHw5JCU8DhODPRhIsqZnRzgKgfZdlhpWKhauCnmFwnDZ/PltFREJls+/+2
+mAW8pqSFV+snV8cuCakE80Ccc7MXEGVy62QRzidbFZ4Uie9SJmUpSrWyOvlW5Lh
wwl/BWGI9nFtsp3OkpcIYzG+MklEVOqZMe53N+o8hJXvFNxj1X2eNqP7cJ4OIlGT
UPAq9IrIV4VSeK1jPkpi7dYeMLaxHS1M2uwAmX2IQUS2H3oA2EXLGbmX9xwDJgsJ
3oC1TDlZIU5XcvdgzmNwbb6SixMiUQecRZJe0ep8pRZcyWLRTzHJssf1ZQ==
-----END CERTIFICATE-----