Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3c7987c3-4b82-4523-9ffb-1e9e97d3c4d6.roa
File:                     3c7987c3-4b82-4523-9ffb-1e9e97d3c4d6.roa (raw, json)
Hash identifier:          ZoiyG4l7k0KdgxCRL/JEq5thviiMa85QknWMH8/rji4=
Subject key identifier:   01:28:FD:1B:17:BE:B0:81:91:63:59:F0:8E:C4:FF:E9:F0:DA:04:48
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7EE617C46482E91704AC6245337BBE72A8786227
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3c7987c3-4b82-4523-9ffb-1e9e97d3c4d6.roa
Signing time:             Fri 25 Jul 2025 15:10:59 +0000
ROA not before:           Fri 25 Jul 2025 15:10:59 +0000
ROA not after:            Fri 29 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.78.202.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:e6:17:c4:64:82:e9:17:04:ac:62:45:33:7b:be:72:a8:78:62:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 25 15:10:59 2025 GMT
            Not After : Aug 29 23:59:59 2025 GMT
        Subject: serialNumber=0a504d5ec71d53d057419c26f1c2103a04a2c6bdd304db3fefba79a80b709dad, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:46:e7:8c:be:c8:2f:12:fe:36:3b:c4:53:f9:
                    b7:92:dd:00:0f:98:0a:c1:bb:b2:fa:ae:ca:5d:b3:
                    7a:23:42:c2:f1:2b:30:bc:15:6a:a5:dc:8f:2e:a7:
                    b3:5c:a4:fe:fa:a2:10:c0:57:b9:ec:a5:35:39:a1:
                    25:28:e0:63:2b:a1:9b:15:b6:49:2d:33:5b:5a:b3:
                    3f:08:0a:a5:3f:21:ff:06:ca:a5:89:cc:60:54:0c:
                    08:5b:56:72:66:ac:eb:91:49:8f:40:9f:a4:d8:69:
                    72:7c:22:ba:1b:de:c1:e9:25:35:49:0c:49:38:74:
                    01:5c:87:1b:3c:a2:00:22:7c:ae:60:cb:fa:91:e1:
                    06:6a:c5:59:fc:d6:61:99:c4:6b:d5:42:42:99:97:
                    de:21:0b:87:52:b3:3c:13:cf:cf:2c:89:d6:a8:f2:
                    03:e4:07:41:4f:03:4f:ba:aa:b1:f1:5b:e6:61:ac:
                    37:fd:9a:bc:5f:9f:fa:25:d9:eb:23:b1:c0:e3:0e:
                    cf:d1:4b:8f:ad:f7:ec:ed:e8:03:b4:23:54:65:bb:
                    89:e5:9c:ec:c5:5b:3f:00:d1:80:3c:83:37:7f:a1:
                    25:a9:3a:cb:8f:0f:26:21:49:16:f9:2a:87:62:16:
                    00:47:18:50:0b:b6:62:ba:b9:c2:2c:29:75:d0:bd:
                    a4:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:28:FD:1B:17:BE:B0:81:91:63:59:F0:8E:C4:FF:E9:F0:DA:04:48
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3c7987c3-4b82-4523-9ffb-1e9e97d3c4d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.78.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:34:c1:78:34:4c:34:50:32:ba:ce:2b:27:95:21:bf:df:22:
         40:a0:76:f5:31:08:d8:63:02:3f:45:88:1e:89:30:df:d0:42:
         5e:b1:a7:ac:f9:93:3e:98:80:e1:7d:bf:f0:fd:cc:a9:50:fc:
         df:e8:f0:ea:f2:84:0b:b7:41:74:ee:40:69:0e:18:b0:62:52:
         77:21:03:34:dc:19:97:08:2c:67:0c:93:db:0a:32:13:20:9f:
         b9:57:27:eb:f9:2c:19:96:9a:e2:3a:c5:b3:69:b7:31:f1:2a:
         40:a7:6b:0d:9c:76:e2:de:de:60:68:ab:83:2e:13:65:df:1e:
         64:7b:12:a2:be:71:14:c2:7d:5d:f4:87:ba:34:99:a9:9b:ee:
         a8:c6:6c:37:0a:ed:f7:9c:91:7f:aa:00:e1:d8:f2:56:99:dc:
         7d:a1:12:03:0d:e2:93:cb:b9:02:55:12:01:f0:3d:96:71:cc:
         76:ff:59:10:54:83:16:55:8a:f4:18:2f:d2:57:5b:eb:1a:4e:
         5d:24:f9:6d:a8:fe:b5:bb:db:9e:ae:85:ad:53:77:c1:10:f3:
         0f:03:ce:f6:df:4c:cd:15:72:73:aa:59:e6:07:7d:e6:b2:4e:
         8d:a3:e9:e5:dd:9f:b2:73:f2:e6:9b:1b:fe:de:28:12:68:6a:
         cf:e2:0f:c9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfuYXxGSC6RcErGJFM3u+cqh4YicwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI1MTUxMDU5WhcNMjUwODI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYTUwNGQ1ZWM3MWQ1M2QwNTc0MTljMjZmMWMyMTAzYTA0
YTJjNmJkZDMwNGRiM2ZlZmJhNzlhODBiNzA5ZGFkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxRueMvsgvEv42O8RT+beS3QAPmArBu7L6rspds3ojQsLx
KzC8FWql3I8up7NcpP76ohDAV7nspTU5oSUo4GMroZsVtkktM1tasz8ICqU/If8G
yqWJzGBUDAhbVnJmrOuRSY9An6TYaXJ8Irob3sHpJTVJDEk4dAFchxs8ogAifK5g
y/qR4QZqxVn81mGZxGvVQkKZl94hC4dSszwTz88sidao8gPkB0FPA0+6qrHxW+Zh
rDf9mrxfn/ol2esjscDjDs/RS4+t9+zt6AO0I1Rlu4nlnOzFWz8A0YA8gzd/oSWp
OsuPDyYhSRb5KodiFgBHGFALtmK6ucIsKXXQvaRnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUASj9Gxe+sIGRY1nwjsT/6fDaBEgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNjNzk4N2MzLTRiODItNDUyMy05ZmZiLTFlOWU5N2QzYzRkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDTsowDQYJKoZIhvcNAQELBQADggEBAIg0wXg0TDRQMrrOKyeVIb/fIkCg
dvUxCNhjAj9FiB6JMN/QQl6xp6z5kz6YgOF9v/D9zKlQ/N/o8OryhAu3QXTuQGkO
GLBiUnchAzTcGZcILGcMk9sKMhMgn7lXJ+v5LBmWmuI6xbNptzHxKkCnaw2cduLe
3mBoq4MuE2XfHmR7EqK+cRTCfV30h7o0mamb7qjGbDcK7feckX+qAOHY8laZ3H2h
EgMN4pPLuQJVEgHwPZZxzHb/WRBUgxZVivQYL9JXW+saTl0k+W2o/rW7256uha1T
d8EQ8w8DzvbfTM0VcnOqWeYHfeayTo2j6eXdn7Jz8uabG/7eKBJoas/iD8k=
-----END CERTIFICATE-----