Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6cb052db-b2e8-4906-a585-69043cc771d2.roa
File:                     6cb052db-b2e8-4906-a585-69043cc771d2.roa (raw, json)
Hash identifier:          KVhf10hl+g7LwJceX/NxTHV7+V6a8+PEGqSgDr7w4VQ=
Subject key identifier:   4B:CF:4F:32:10:87:52:15:38:B1:A0:B4:B9:E6:45:7F:16:4B:A3:FC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       73AE476FCD5B242D9F4D5265E58C75A827B2BB6B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6cb052db-b2e8-4906-a585-69043cc771d2.roa
Signing time:             Tue 21 Oct 2025 08:42:34 +0000
ROA not before:           Tue 21 Oct 2025 08:42:34 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.170.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:ae:47:6f:cd:5b:24:2d:9f:4d:52:65:e5:8c:75:a8:27:b2:bb:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 08:42:34 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=afffa68543e0f6e7da48fff8d6369fd1fb612d8cb0b356651721418362f16404, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:2a:ad:ea:8a:bb:08:82:9b:39:26:97:7c:33:
                    38:5e:5b:9f:da:83:13:39:f2:b2:ae:3c:05:f4:27:
                    77:3d:27:68:9b:94:46:ac:ca:d1:fd:ce:a8:e7:b1:
                    87:21:8b:f3:20:fd:18:75:63:89:3e:6a:8c:67:27:
                    79:7c:18:be:97:fc:9f:d3:69:e8:93:cb:6a:23:29:
                    53:dd:57:ab:3f:78:41:19:c1:df:76:d2:64:bc:fa:
                    55:91:f1:2e:1e:3f:51:bc:00:3a:64:9b:57:3e:0f:
                    85:26:78:5e:4e:70:9b:a4:cd:16:ac:5a:d0:09:b5:
                    4e:7d:3c:e9:ed:92:c5:0c:56:1f:79:fb:23:a2:49:
                    47:30:54:43:09:1c:90:a1:d7:b6:b5:e4:dc:b7:c0:
                    50:b1:a3:5a:59:71:43:b3:81:ac:70:e6:be:57:5b:
                    10:a8:73:18:46:0d:79:86:a4:bc:dd:b2:31:f0:00:
                    13:41:ba:5c:d9:f6:03:87:0a:92:bd:37:24:1c:b1:
                    84:ef:d5:64:77:45:68:da:70:8c:13:ef:cf:1a:bd:
                    79:51:48:21:44:e1:fb:2e:66:91:ab:47:e3:6e:51:
                    18:a3:c0:cc:ac:59:1d:d4:d6:0a:49:3a:61:58:54:
                    f7:8b:cc:35:59:2e:cf:40:3b:af:11:3b:08:3c:d1:
                    4d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:CF:4F:32:10:87:52:15:38:B1:A0:B4:B9:E6:45:7F:16:4B:A3:FC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6cb052db-b2e8-4906-a585-69043cc771d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.170.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         24:f3:86:30:f1:74:b5:52:98:3b:4b:6d:8e:d6:50:b5:8b:9f:
         00:86:ba:29:27:db:49:29:a8:4b:f8:29:03:52:44:e7:09:20:
         db:08:d4:fc:e0:d1:c8:71:ae:ef:e2:86:a5:82:d2:1a:86:ed:
         b1:55:5c:99:c9:df:c4:94:42:8e:ba:fd:17:14:46:04:18:a7:
         a2:15:a0:90:e0:4d:7c:07:0d:71:7b:ee:e1:3e:2c:64:18:e7:
         26:46:9e:e8:92:ac:12:ee:69:fc:67:e3:df:86:9c:db:18:94:
         0b:09:c1:37:89:71:19:21:ee:62:ca:a7:13:24:f0:af:d8:d9:
         ff:91:2a:3b:fe:cc:4d:ac:96:e5:55:3c:81:39:cd:c6:c1:50:
         cd:63:60:69:24:4d:dc:8d:5b:18:8f:83:f3:c9:98:37:82:a9:
         1d:c3:34:64:18:f1:6f:80:7b:a5:3c:2d:0e:b9:fa:8c:71:29:
         56:ee:12:61:c3:c3:3f:c9:8e:a9:41:bf:1a:15:30:e7:eb:d1:
         5e:2b:6e:81:3e:0e:95:e4:fd:45:47:79:11:7e:76:f9:b9:96:
         b0:1a:06:ce:61:4b:68:fc:c4:09:2f:78:bf:c9:1b:15:50:a7:
         52:5e:4c:f0:3c:1c:e4:77:84:74:51:75:5c:86:5b:44:17:f5:
         87:8d:15:c8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc65Hb81bJC2fTVJl5Yx1qCeyu2swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDg0MjM0WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZmZmYTY4NTQzZTBmNmU3ZGE0OGZmZjhkNjM2OWZkMWZi
NjEyZDhjYjBiMzU2NjUxNzIxNDE4MzYyZjE2NDA0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaKq3qirsIgps5Jpd8MzheW5/agxM58rKuPAX0J3c9J2ib
lEasytH9zqjnsYchi/Mg/Rh1Y4k+aoxnJ3l8GL6X/J/TaeiTy2ojKVPdV6s/eEEZ
wd920mS8+lWR8S4eP1G8ADpkm1c+D4UmeF5OcJukzRasWtAJtU59POntksUMVh95
+yOiSUcwVEMJHJCh17a15Ny3wFCxo1pZcUOzgaxw5r5XWxCocxhGDXmGpLzdsjHw
ABNBulzZ9gOHCpK9NyQcsYTv1WR3RWjacIwT788avXlRSCFE4fsuZpGrR+NuURij
wMysWR3U1gpJOmFYVPeLzDVZLs9AO68ROwg80U1/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUS89PMhCHUhU4saC0ueZFfxZLo/wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZjYjA1MmRiLWIyZTgtNDkwNi1hNTg1LTY5MDQzY2M3NzFkMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcDqoAwDQYJKoZIhvcNAQELBQADggEBACTzhjDxdLVSmDtLbY7WULWLnwCG
uikn20kpqEv4KQNSROcJINsI1Pzg0chxru/ihqWC0hqG7bFVXJnJ38SUQo66/RcU
RgQYp6IVoJDgTXwHDXF77uE+LGQY5yZGnuiSrBLuafxn49+GnNsYlAsJwTeJcRkh
7mLKpxMk8K/Y2f+RKjv+zE2sluVVPIE5zcbBUM1jYGkkTdyNWxiPg/PJmDeCqR3D
NGQY8W+Ae6U8LQ65+oxxKVbuEmHDwz/JjqlBvxoVMOfr0V4rboE+DpXk/UVHeRF+
dvm5lrAaBs5hS2j8xAkveL/JGxVQp1JeTPA8HOR3hHRRdVyGW0QX9YeNFcg=
-----END CERTIFICATE-----