Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ffcc9c61-8dcf-44a7-916e-1bcbd79f2317.roa
File:                     ffcc9c61-8dcf-44a7-916e-1bcbd79f2317.roa (raw, json)
Hash identifier:          Oxyo4lod+cHHLYx5BVl80PkUpgNK9WzUFIFRBkwpdpI=
Subject key identifier:   88:3D:D0:DC:68:AE:94:3F:F2:9E:8B:38:55:F9:90:95:27:96:0A:9E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       76791499D27F2816B4857058C39288A2C55030AA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ffcc9c61-8dcf-44a7-916e-1bcbd79f2317.roa
Signing time:             Fri 10 Oct 2025 15:37:39 +0000
ROA not before:           Fri 10 Oct 2025 15:37:39 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.78.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:79:14:99:d2:7f:28:16:b4:85:70:58:c3:92:88:a2:c5:50:30:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 15:37:39 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=5296066a5c133353848dc3b98fff8c1da176bc002cf59808c8723d4a08421eb1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:04:6d:45:d2:ea:b8:0d:f5:4a:88:67:14:55:
                    f0:8e:bd:14:a3:29:78:f0:9a:13:07:4a:d2:3e:8e:
                    78:d3:3a:42:8b:78:70:90:c3:5d:e0:d0:b7:e8:ea:
                    b1:6e:e9:4f:18:58:cb:69:1f:0d:ec:60:81:a4:71:
                    97:1a:93:01:7e:df:22:4d:69:0f:b9:fb:c2:7f:a8:
                    79:54:e6:5c:03:f0:08:65:99:5b:16:f2:cb:54:a6:
                    7a:38:86:b7:48:93:63:84:84:df:c5:69:69:f5:4c:
                    b5:09:c5:1c:48:7d:67:22:f1:2f:56:5f:05:84:a4:
                    1f:c3:af:38:16:e7:26:87:20:60:ff:bd:23:3a:ba:
                    20:bc:44:17:29:fe:0c:f3:c3:63:48:24:1a:07:f4:
                    08:d0:f1:07:25:ea:a8:2d:8b:c7:f8:5c:a6:36:56:
                    89:18:fb:59:fb:42:83:a5:b9:17:d2:38:d4:33:39:
                    c5:86:1e:94:a1:b5:85:3c:ef:fc:24:5d:df:58:93:
                    80:f3:8c:5e:86:98:85:f2:01:0c:69:e9:8e:66:f0:
                    2f:5c:8a:7c:7f:67:38:1a:9c:e4:bb:3f:5c:38:bc:
                    81:d8:78:06:4a:4d:ef:72:cf:5d:c8:20:21:73:79:
                    95:09:01:da:27:62:bf:31:47:ef:e8:76:36:77:70:
                    71:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:3D:D0:DC:68:AE:94:3F:F2:9E:8B:38:55:F9:90:95:27:96:0A:9E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ffcc9c61-8dcf-44a7-916e-1bcbd79f2317.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.78.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:94:47:da:50:08:87:80:14:e2:b7:12:46:c0:58:0f:c2:47:
         0f:af:22:f8:48:9d:e3:79:d1:4c:c3:34:50:7c:25:64:fe:88:
         83:6e:ff:ab:fc:e7:0d:42:94:95:6e:cb:95:cd:f0:f8:48:64:
         36:c1:df:d5:2e:d3:15:f6:f0:20:ae:22:0f:68:54:e0:7b:2f:
         02:f5:b1:38:0c:c7:58:d3:88:e5:86:1d:d1:80:2a:ab:8b:ec:
         95:95:f7:16:fc:1d:1b:f0:d1:bb:a7:a1:b6:7d:be:83:64:c2:
         a3:dd:26:ee:db:cc:ee:59:54:d7:54:bc:e5:96:1c:73:d3:a7:
         b3:db:59:ab:b2:88:a7:3e:d5:ae:79:5d:45:7d:aa:fe:9e:07:
         09:ba:41:f5:3f:51:67:83:79:cf:5b:43:d9:78:7f:7e:de:71:
         2b:9d:19:da:68:a7:8e:d1:1c:e3:d2:5f:57:9e:d5:3b:e2:5b:
         71:66:26:d7:ac:39:38:ab:57:72:aa:3f:a9:45:01:f0:de:18:
         35:a3:ba:8d:4f:49:56:70:fb:b7:db:ce:85:83:b4:93:a5:76:
         fe:fb:f8:08:9c:f7:ea:ec:69:83:7e:e3:30:9a:bf:fb:38:b7:
         83:94:b2:49:2f:23:4b:51:98:aa:ce:39:14:00:6f:4a:ab:b2:
         c0:a1:ee:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdnkUmdJ/KBa0hXBYw5KIosVQMKowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTUzNzM5WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Mjk2MDY2YTVjMTMzMzUzODQ4ZGMzYjk4ZmZmOGMxZGEx
NzZiYzAwMmNmNTk4MDhjODcyM2Q0YTA4NDIxZWIxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxBG1F0uq4DfVKiGcUVfCOvRSjKXjwmhMHStI+jnjTOkKL
eHCQw13g0Lfo6rFu6U8YWMtpHw3sYIGkcZcakwF+3yJNaQ+5+8J/qHlU5lwD8Ahl
mVsW8stUpno4hrdIk2OEhN/FaWn1TLUJxRxIfWci8S9WXwWEpB/DrzgW5yaHIGD/
vSM6uiC8RBcp/gzzw2NIJBoH9AjQ8Qcl6qgti8f4XKY2VokY+1n7QoOluRfSONQz
OcWGHpShtYU87/wkXd9Yk4DzjF6GmIXyAQxp6Y5m8C9cinx/ZzganOS7P1w4vIHY
eAZKTe9yz13IICFzeZUJAdonYr8xR+/odjZ3cHH1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiD3Q3GiulD/ynos4VfmQlSeWCp4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZmY2M5YzYxLThkY2YtNDRhNy05MTZlLTFiY2JkNzlmMjMxNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDTswwDQYJKoZIhvcNAQELBQADggEBAHeUR9pQCIeAFOK3EkbAWA/CRw+v
IvhIneN50UzDNFB8JWT+iINu/6v85w1ClJVuy5XN8PhIZDbB39Uu0xX28CCuIg9o
VOB7LwL1sTgMx1jTiOWGHdGAKquL7JWV9xb8HRvw0bunobZ9voNkwqPdJu7bzO5Z
VNdUvOWWHHPTp7PbWauyiKc+1a55XUV9qv6eBwm6QfU/UWeDec9bQ9l4f37ecSud
Gdpop47RHOPSX1ee1TviW3FmJtesOTirV3KqP6lFAfDeGDWjuo1PSVZw+7fbzoWD
tJOldv77+Aic9+rsaYN+4zCav/s4t4OUskkvI0tRmKrOORQAb0qrssCh7vM=
-----END CERTIFICATE-----