Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/60b6952e-f423-4318-9ffb-9790f23f41b8.roa
File:                     60b6952e-f423-4318-9ffb-9790f23f41b8.roa (raw, json)
Hash identifier:          pkLjfJ8jdH38KsRZlcT4DcAyRUyVXF8QR6Xst3xvLhw=
Subject key identifier:   18:85:D0:17:4E:B7:30:C2:0C:0C:FA:50:BE:98:7A:C4:CF:F9:0D:E7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       352CA206ED98FA71996ACD3269EC8127449C5EA9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/60b6952e-f423-4318-9ffb-9790f23f41b8.roa
Signing time:             Tue 04 Nov 2025 01:00:05 +0000
ROA not before:           Tue 04 Nov 2025 01:00:05 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.240.0.0/13 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:2c:a2:06:ed:98:fa:71:99:6a:cd:32:69:ec:81:27:44:9c:5e:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 01:00:05 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=ce614dada22a376bafa747cfdd744e58c17d2065a88bedaccbdee09947f68867, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:60:85:eb:56:02:e5:25:e1:32:30:25:c5:bf:
                    cf:0f:76:cc:78:ca:89:58:bf:44:d8:7f:15:e1:93:
                    aa:59:fa:cb:11:c8:7e:46:39:13:0b:4d:04:2f:70:
                    c2:28:2e:49:da:93:be:8c:40:af:13:f2:41:c4:b0:
                    bf:0f:b5:ce:e9:75:2a:94:42:22:28:cf:13:db:0a:
                    05:26:73:b1:80:c2:18:82:f6:01:6a:cd:b9:50:ec:
                    03:80:65:69:04:ab:b7:6d:df:a8:dd:5a:e1:bd:89:
                    8c:60:15:cd:64:fb:7a:b5:c8:eb:b4:62:8a:42:4b:
                    a6:c3:08:81:76:6d:36:03:8c:a5:79:35:7c:e0:6a:
                    af:f7:d8:af:e6:0a:f6:32:d3:dd:b5:98:9d:23:d6:
                    a7:20:20:2d:29:5f:40:39:ec:6c:5c:93:02:b0:46:
                    10:39:39:81:5d:82:d1:e6:20:69:95:a7:66:5f:7c:
                    76:6b:1c:9b:43:eb:ea:87:d5:12:ab:1e:9d:60:17:
                    d9:a5:19:62:46:fa:f6:ad:36:7d:c3:c2:1c:75:d7:
                    1b:dd:e6:9d:ae:6e:bc:07:18:56:9a:71:02:83:2f:
                    14:6f:98:ed:9f:e5:c0:52:e3:4d:df:7c:cf:2d:ec:
                    d8:68:21:e9:16:fe:a7:64:9b:92:1f:8b:0f:b9:32:
                    a5:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:85:D0:17:4E:B7:30:C2:0C:0C:FA:50:BE:98:7A:C4:CF:F9:0D:E7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/60b6952e-f423-4318-9ffb-9790f23f41b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.240.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         af:fa:ea:a5:68:66:41:e7:64:c3:2c:c3:f2:d9:b6:a0:d2:79:
         9a:aa:bb:0f:c9:c4:e7:10:38:b7:de:ce:1f:e8:5e:6c:20:7b:
         ca:52:ef:2f:e8:3b:aa:22:d0:d2:f1:e0:a5:91:34:fb:ff:d5:
         45:29:c1:4a:42:b0:36:b2:b0:cc:04:d3:ba:54:59:11:f1:0a:
         aa:ae:d6:60:a1:98:f0:69:10:25:28:de:b4:8f:47:f1:a9:59:
         a2:b1:68:7f:6a:dd:0b:15:b5:fd:fa:f2:aa:82:d1:50:28:c3:
         ca:44:b1:87:8d:a7:8e:f9:60:1d:77:43:01:84:5e:62:38:9b:
         e3:eb:85:60:62:e4:44:23:f9:9a:f7:3f:73:94:92:30:04:33:
         66:86:c6:4b:a1:9d:bb:77:12:2d:a2:a7:52:da:51:4c:c0:ad:
         36:c2:bb:3b:29:b2:63:38:fe:ab:c8:5f:0e:4e:19:11:2a:39:
         3d:bc:0e:0c:f9:03:08:ca:1c:7c:35:fe:a4:9b:56:fa:89:f4:
         02:b1:8e:59:af:ab:a3:35:5e:f5:8c:43:f4:54:55:53:43:27:
         c1:01:9a:3d:fc:9a:5e:5e:82:99:20:15:37:eb:6e:75:07:13:
         b1:9d:4e:d1:5e:19:6e:87:5b:46:4b:f3:6f:fa:d0:cd:42:1e:
         46:ce:b7:c7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNSyiBu2Y+nGZas0yaeyBJ0ScXqkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDEwMDA1WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZTYxNGRhZGEyMmEzNzZiYWZhNzQ3Y2ZkZDc0NGU1OGMx
N2QyMDY1YTg4YmVkYWNjYmRlZTA5OTQ3ZjY4ODY3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQYIXrVgLlJeEyMCXFv88Pdsx4yolYv0TYfxXhk6pZ+ssR
yH5GORMLTQQvcMIoLknak76MQK8T8kHEsL8Ptc7pdSqUQiIozxPbCgUmc7GAwhiC
9gFqzblQ7AOAZWkEq7dt36jdWuG9iYxgFc1k+3q1yOu0YopCS6bDCIF2bTYDjKV5
NXzgaq/32K/mCvYy0921mJ0j1qcgIC0pX0A57GxckwKwRhA5OYFdgtHmIGmVp2Zf
fHZrHJtD6+qH1RKrHp1gF9mlGWJG+vatNn3Dwhx11xvd5p2ubrwHGFaacQKDLxRv
mO2f5cBS403ffM8t7NhoIekW/qdkm5Ifiw+5MqXXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUGIXQF063MMIMDPpQvph6xM/5DecwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzYwYjY5NTJlLWY0MjMtNDMxOC05ZmZiLTk3OTBmMjNmNDFiOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwMD8DANBgkqhkiG9w0BAQsFAAOCAQEAr/rqpWhmQedkwyzD8tm2oNJ5mqq7
D8nE5xA4t97OH+hebCB7ylLvL+g7qiLQ0vHgpZE0+//VRSnBSkKwNrKwzATTulRZ
EfEKqq7WYKGY8GkQJSjetI9H8alZorFof2rdCxW1/fryqoLRUCjDykSxh42njvlg
HXdDAYReYjib4+uFYGLkRCP5mvc/c5SSMAQzZobGS6Gdu3cSLaKnUtpRTMCtNsK7
OymyYzj+q8hfDk4ZESo5PbwODPkDCMocfDX+pJtW+on0ArGOWa+rozVe9YxD9FRV
U0MnwQGaPfyaXl6CmSAVN+tudQcTsZ1O0V4ZbodbRkvzb/rQzUIeRs63xw==
-----END CERTIFICATE-----