Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fcdc548d-2687-47e2-bad3-e444c64df64b.roa
File:                     fcdc548d-2687-47e2-bad3-e444c64df64b.roa (raw, json)
Hash identifier:          C9i7NBBsTn9K7RobQDGXiW6Qb4iqU0zbBrgSyGXPNzI=
Subject key identifier:   A1:74:01:26:0C:C5:FA:A2:92:28:5A:18:1E:A1:6E:2F:D2:9A:A8:78
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       32DDA915DA074D11BC025DFFAECD5081E1725B36
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fcdc548d-2687-47e2-bad3-e444c64df64b.roa
Signing time:             Mon 04 Aug 2025 17:50:51 +0000
ROA not before:           Mon 04 Aug 2025 17:50:51 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        148.162.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:dd:a9:15:da:07:4d:11:bc:02:5d:ff:ae:cd:50:81:e1:72:5b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  4 17:50:51 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=a036e93c60a3d226044bdd9aba9ae7cd16d523b53b8f0bc940456dcdb226ff86, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:1d:d4:cb:23:91:5e:aa:01:fd:24:86:26:7f:
                    c8:e0:b2:37:ac:2b:b7:4e:ef:f4:57:aa:6c:64:22:
                    c1:08:e0:60:4d:29:59:0e:db:79:1e:3a:02:ef:e6:
                    a4:a8:7f:d5:45:8e:3f:4a:f1:54:e1:32:ce:aa:5c:
                    2e:65:63:bd:23:4f:86:98:4a:30:8d:91:1d:99:64:
                    3d:36:a6:43:1a:dc:dc:35:72:1f:5c:da:11:b3:dd:
                    e9:cb:c9:d8:96:01:21:fa:5b:1c:5c:3f:3b:2c:90:
                    3c:60:c0:3e:1b:6c:38:e2:40:b7:8a:3e:a0:9e:99:
                    35:de:30:f6:2f:f0:70:a3:38:9c:5a:ba:73:ea:5c:
                    eb:85:6f:9a:9d:78:d9:52:47:6f:f0:55:7f:b7:26:
                    24:c9:5b:e6:57:80:bd:eb:f3:86:fa:6a:16:28:be:
                    14:4f:ef:c3:ed:67:69:8b:21:c2:7c:73:a5:4b:98:
                    f7:ea:b4:d9:47:50:9e:35:19:88:2c:da:82:0e:3e:
                    ca:88:45:c5:6b:c2:6b:20:64:38:d8:e0:06:1a:c1:
                    21:fd:58:2c:a7:f3:b9:d9:91:81:45:72:79:fa:f2:
                    58:3e:03:56:2b:f9:d7:15:7c:a5:8c:b9:a3:e3:2f:
                    3b:f5:23:77:10:a1:f1:8d:83:8c:74:8e:2a:7c:65:
                    b1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:74:01:26:0C:C5:FA:A2:92:28:5A:18:1E:A1:6E:2F:D2:9A:A8:78
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fcdc548d-2687-47e2-bad3-e444c64df64b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.162.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8d:c4:9a:bf:a9:11:f0:80:f7:76:a1:92:6a:5f:51:43:fb:6e:
         9e:85:2a:d9:9c:f7:e7:04:a8:8e:6a:b9:b7:d4:0f:34:83:c4:
         c5:d8:ed:2b:9f:e6:83:59:52:18:21:19:dc:ff:c6:c0:69:d1:
         ba:47:92:58:93:19:c8:e2:b7:03:23:dc:af:48:98:17:11:08:
         c4:83:eb:23:97:f3:8b:87:34:43:dc:09:2e:43:ae:43:08:55:
         dd:68:e4:0f:2d:58:6c:fa:73:df:9e:ae:5c:5b:59:ee:38:59:
         b0:38:3d:cc:dd:ab:62:42:47:69:4e:82:b1:02:96:23:fe:95:
         54:16:f6:c8:5b:a7:92:95:fb:fb:3c:8f:19:76:a0:3b:ba:c2:
         51:f1:3c:47:ea:54:3a:38:32:35:4a:b6:6f:5e:d6:aa:26:e7:
         97:6e:08:ff:84:09:cb:28:5c:19:3b:3c:81:00:98:a3:07:eb:
         fe:8a:b2:f8:d0:32:06:39:17:48:28:b4:b9:64:8a:83:bd:fc:
         67:ca:93:1c:34:c0:90:9b:ed:5b:25:1e:4f:a0:e1:53:30:54:
         3c:a5:18:a3:52:64:4f:c1:07:4b:00:2d:25:e4:74:fc:fb:c7:
         1e:3c:53:db:21:26:ba:ad:62:8c:90:57:5b:6b:ea:5e:4a:31:
         c6:89:8a:3d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMt2pFdoHTRG8Al3/rs1QgeFyWzYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA0MTc1MDUxWhcNMjUwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMDM2ZTkzYzYwYTNkMjI2MDQ0YmRkOWFiYTlhZTdjZDE2
ZDUyM2I1M2I4ZjBiYzk0MDQ1NmRjZGIyMjZmZjg2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDrHdTLI5FeqgH9JIYmf8jgsjesK7dO7/RXqmxkIsEI4GBN
KVkO23keOgLv5qSof9VFjj9K8VThMs6qXC5lY70jT4aYSjCNkR2ZZD02pkMa3Nw1
ch9c2hGz3enLydiWASH6WxxcPzsskDxgwD4bbDjiQLeKPqCemTXeMPYv8HCjOJxa
unPqXOuFb5qdeNlSR2/wVX+3JiTJW+ZXgL3r84b6ahYovhRP78PtZ2mLIcJ8c6VL
mPfqtNlHUJ41GYgs2oIOPsqIRcVrwmsgZDjY4AYawSH9WCyn87nZkYFFcnn68lg+
A1Yr+dcVfKWMuaPjLzv1I3cQofGNg4x0jip8ZbGvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUoXQBJgzF+qKSKFoYHqFuL9KaqHgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZjZGM1NDhkLTI2ODctNDdlMi1iYWQzLWU0NDRjNjRkZjY0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCUojANBgkqhkiG9w0BAQsFAAOCAQEAjcSav6kR8ID3dqGSal9RQ/tunoUq
2Zz35wSojmq5t9QPNIPExdjtK5/mg1lSGCEZ3P/GwGnRukeSWJMZyOK3AyPcr0iY
FxEIxIPrI5fzi4c0Q9wJLkOuQwhV3WjkDy1YbPpz356uXFtZ7jhZsDg9zN2rYkJH
aU6CsQKWI/6VVBb2yFunkpX7+zyPGXagO7rCUfE8R+pUOjgyNUq2b17Wqibnl24I
/4QJyyhcGTs8gQCYowfr/oqy+NAyBjkXSCi0uWSKg738Z8qTHDTAkJvtWyUeT6Dh
UzBUPKUYo1JkT8EHSwAtJeR0/PvHHjxT2yEmuq1ijJBXW2vqXkoxxomKPQ==
-----END CERTIFICATE-----