Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f250c72a-5bf6-4da2-9ad8-ff850d5aa21d.roa
File:                     f250c72a-5bf6-4da2-9ad8-ff850d5aa21d.roa (raw, json)
Hash identifier:          HFgRQMZn8bBYz1VYOLN6KYSj7CiflT6BE4MdxtoTvng=
Subject key identifier:   4A:6A:DE:D2:91:FE:9B:D3:02:86:2F:03:61:F5:3D:72:F3:25:83:57
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       28A16B92AED14F6D6F3A9FF66F71E5983FAFA76C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f250c72a-5bf6-4da2-9ad8-ff850d5aa21d.roa
Signing time:             Tue 21 Oct 2025 08:22:25 +0000
ROA not before:           Tue 21 Oct 2025 08:22:25 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.4.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:a1:6b:92:ae:d1:4f:6d:6f:3a:9f:f6:6f:71:e5:98:3f:af:a7:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 08:22:25 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=fc4fb4aa8db30540e3b6d7cf23fd9c314b7768e0bbcf3c730be33357dc2a966e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:7d:dd:7b:b6:dc:cc:79:b2:c0:09:ec:47:08:
                    dc:7d:ac:e0:8e:d4:49:b1:80:14:8c:38:13:4b:85:
                    3b:ef:5e:86:8d:da:eb:c3:c5:fe:1c:53:0e:1b:6c:
                    86:3e:3b:83:4e:99:e6:7d:c3:86:7f:b8:74:34:fd:
                    ff:f3:d4:50:e9:e4:83:8d:c0:da:14:22:d4:b5:29:
                    33:ac:3c:d9:a0:be:34:91:12:04:16:93:90:92:4c:
                    21:12:e6:7b:5b:07:5d:00:25:4d:42:41:3d:3c:45:
                    71:1c:4e:f6:d3:20:1f:b2:4e:6b:45:46:d8:7c:10:
                    00:af:df:2b:00:03:0d:18:fe:02:f7:33:f0:47:5e:
                    67:97:92:2c:73:76:50:85:56:dc:5a:e7:96:0a:4f:
                    d6:82:de:b1:c9:ab:4f:0d:ed:df:44:a6:19:00:d7:
                    09:e4:ed:ff:b8:1a:dd:02:2e:0a:30:0f:62:8a:8c:
                    f7:41:95:2e:fa:40:6b:5e:45:1d:52:02:43:fc:31:
                    a0:08:ff:6c:bc:88:d2:73:0d:21:61:76:95:b1:06:
                    47:d2:72:ef:26:02:5e:cf:63:f2:26:37:dd:b0:61:
                    ae:88:9f:74:34:b4:f2:59:f0:59:24:74:03:30:a4:
                    12:4f:aa:83:5e:60:a3:c7:4b:7f:8d:58:98:1a:7d:
                    86:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:6A:DE:D2:91:FE:9B:D3:02:86:2F:03:61:F5:3D:72:F3:25:83:57
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f250c72a-5bf6-4da2-9ad8-ff850d5aa21d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.4.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:3e:9b:37:7d:92:d0:30:2f:0b:65:f9:eb:52:ac:a1:28:63:
         ad:92:1a:fd:63:42:8e:4a:e2:18:33:15:09:41:ba:52:c8:7d:
         e3:b2:c6:cc:fd:67:45:c1:e8:9c:90:f1:3a:01:21:6c:a8:af:
         05:ab:59:9c:a1:70:54:f1:72:6b:26:82:11:0f:20:20:01:c6:
         19:75:8f:39:0b:ca:5e:b7:4b:10:86:60:fc:5f:95:74:4b:1e:
         7c:5b:44:f5:50:3f:a3:d9:f2:f2:b3:05:c5:91:27:9d:f1:cb:
         44:9b:37:b0:1a:9f:6b:0f:3a:83:9e:49:47:29:df:29:77:85:
         b2:8a:22:dc:e9:2d:56:50:d1:db:8d:d7:96:5f:89:a2:c4:66:
         d0:b1:d6:64:bb:09:6a:00:8c:f6:a7:3e:9f:bf:b7:d9:e3:d8:
         4e:a0:be:2e:06:a5:ce:c7:c7:f5:a4:fa:bf:e5:1f:06:00:73:
         fe:82:42:2a:c1:d4:7d:e1:d7:9b:e8:e8:be:c2:16:ae:72:6d:
         2c:cd:07:c6:e6:6f:92:72:37:82:99:85:d6:22:46:25:c2:da:
         c9:36:f1:8b:07:3c:13:fd:6f:f1:20:35:13:dd:c7:7e:dd:eb:
         1f:07:c3:a1:39:1f:fc:1f:e1:c0:6c:6a:a0:29:28:93:d3:c0:
         15:c1:f0:36
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKKFrkq7RT21vOp/2b3HlmD+vp2wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDgyMjI1WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYzRmYjRhYThkYjMwNTQwZTNiNmQ3Y2YyM2ZkOWMzMTRi
Nzc2OGUwYmJjZjNjNzMwYmUzMzM1N2RjMmE5NjZlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDffd17ttzMebLACexHCNx9rOCO1EmxgBSMOBNLhTvvXoaN
2uvDxf4cUw4bbIY+O4NOmeZ9w4Z/uHQ0/f/z1FDp5IONwNoUItS1KTOsPNmgvjSR
EgQWk5CSTCES5ntbB10AJU1CQT08RXEcTvbTIB+yTmtFRth8EACv3ysAAw0Y/gL3
M/BHXmeXkixzdlCFVtxa55YKT9aC3rHJq08N7d9EphkA1wnk7f+4Gt0CLgowD2KK
jPdBlS76QGteRR1SAkP8MaAI/2y8iNJzDSFhdpWxBkfScu8mAl7PY/ImN92wYa6I
n3Q0tPJZ8FkkdAMwpBJPqoNeYKPHS3+NWJgafYYPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSmre0pH+m9MChi8DYfU9cvMlg1cwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YyNTBjNzJhLTViZjYtNGRhMi05YWQ4LWZmODUwZDVhYTIxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADBAowDQYJKoZIhvcNAQELBQADggEBAIE+mzd9ktAwLwtl+etSrKEoY62S
Gv1jQo5K4hgzFQlBulLIfeOyxsz9Z0XB6JyQ8ToBIWyorwWrWZyhcFTxcmsmghEP
ICABxhl1jzkLyl63SxCGYPxflXRLHnxbRPVQP6PZ8vKzBcWRJ53xy0SbN7Aan2sP
OoOeSUcp3yl3hbKKItzpLVZQ0duN15ZfiaLEZtCx1mS7CWoAjPanPp+/t9nj2E6g
vi4Gpc7Hx/Wk+r/lHwYAc/6CQirB1H3h15vo6L7CFq5ybSzNB8bmb5JyN4KZhdYi
RiXC2sk28YsHPBP9b/EgNRPdx37d6x8Hw6E5H/wf4cBsaqApKJPTwBXB8DY=
-----END CERTIFICATE-----