Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/762c6a7d-5723-4cb8-87a8-e332ae019657.roa
File:                     762c6a7d-5723-4cb8-87a8-e332ae019657.roa (raw, json)
Hash identifier:          YKnrNPNe+yx5OW6dSN8lEQRRqj7i+znrtJUUWoyY1Gk=
Subject key identifier:   B9:41:D6:5A:DF:A6:69:99:C0:43:42:6A:FB:F4:19:F3:2A:93:41:97
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5289333DC4B7216DBB9BEA71D53FFCD99DF33604
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/762c6a7d-5723-4cb8-87a8-e332ae019657.roa
Signing time:             Thu 25 Sep 2025 23:42:14 +0000
ROA not before:           Thu 25 Sep 2025 23:42:14 +0000
ROA not after:            Thu 30 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.174.78.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:89:33:3d:c4:b7:21:6d:bb:9b:ea:71:d5:3f:fc:d9:9d:f3:36:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 25 23:42:14 2025 GMT
            Not After : Oct 30 23:59:59 2025 GMT
        Subject: serialNumber=d72d19a7fbaeba8ea886ee6d30a06335c22ce8778d65c25de20e25f6161cb8c6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:07:81:68:65:69:2f:33:48:c9:d5:f3:65:a0:
                    92:7a:3f:a1:35:ff:5c:8d:00:de:2c:b3:20:4c:8a:
                    4b:82:1d:6d:98:b4:5d:db:32:b2:06:11:13:62:a7:
                    3f:21:8c:f1:a6:57:04:bd:c0:2e:bd:c2:bf:5b:14:
                    fd:a9:84:b1:0d:b2:8a:f3:40:0d:ad:3a:7f:53:72:
                    aa:ed:c1:00:0f:97:7a:31:60:e1:b4:e3:81:e2:31:
                    7d:2f:20:04:40:d6:95:21:65:e5:6f:8d:c8:3c:3f:
                    e5:44:87:ce:7a:ac:aa:76:79:da:05:0c:71:c9:8c:
                    7f:f9:7e:f5:60:3f:d8:70:45:8a:22:ee:a8:dc:8a:
                    fd:b1:6d:dc:93:f6:30:b2:91:23:7b:75:b2:eb:90:
                    68:4b:33:62:4f:a7:65:7b:81:4d:60:75:fc:02:9a:
                    fa:cd:79:60:9a:59:82:13:e6:b1:73:f4:f2:52:19:
                    dc:d9:d9:b5:bd:5e:b0:f9:de:d3:fe:f7:16:f3:46:
                    28:fb:5b:72:16:65:57:50:cc:d9:4e:cc:10:4a:9f:
                    e8:81:77:c3:59:51:98:99:2f:16:f0:0e:75:b5:9d:
                    e8:15:0f:dc:ad:60:fa:b8:94:99:d9:c7:08:02:9d:
                    67:f7:2e:35:53:6b:c1:45:6e:c4:2e:74:d6:bb:2a:
                    f1:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:41:D6:5A:DF:A6:69:99:C0:43:42:6A:FB:F4:19:F3:2A:93:41:97
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/762c6a7d-5723-4cb8-87a8-e332ae019657.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.174.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:9b:77:ad:43:00:73:8a:18:93:1b:54:a9:1e:e3:3f:67:ba:
         ca:97:61:0c:1d:08:a1:df:7c:50:5f:ec:e7:90:42:39:22:87:
         94:d4:e7:d6:cf:91:2f:ae:81:9c:9f:60:55:f2:e0:9c:fd:2f:
         44:e5:7c:98:3f:f0:ca:a6:7c:f0:a4:e5:61:3a:a8:f4:f8:f9:
         5b:fe:4b:88:3d:e8:dd:a9:b4:fa:1f:97:01:05:05:b1:14:37:
         5d:da:c9:8a:29:5a:d9:4a:2c:00:c0:7b:01:bd:80:d7:8a:ac:
         ba:cd:20:05:34:dd:7f:c9:e3:ee:7e:a4:b2:35:33:63:0e:82:
         71:dc:d3:f1:76:d0:79:8c:01:1e:e0:f0:ad:81:39:a6:f2:b6:
         84:cd:1d:83:fc:f2:e0:d5:8d:9e:1b:8b:b3:ab:a5:59:ad:ba:
         fd:b2:d6:95:c5:02:64:33:63:ab:86:eb:dd:1a:94:2d:10:3e:
         1b:26:45:a4:ce:aa:4f:32:2d:7b:a6:51:a8:ec:81:93:91:d5:
         9c:7b:49:fb:34:75:bd:cd:ff:98:82:86:8d:0b:ab:ac:30:cd:
         3c:08:bc:be:a4:72:41:e4:6e:79:92:27:6b:58:94:bc:0d:b0:
         b6:d4:4b:f1:2f:db:94:1e:82:dd:d4:98:2b:cd:99:56:d7:bf:
         b3:34:58:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUokzPcS3IW27m+px1T/82Z3zNgQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI1MjM0MjE0WhcNMjUxMDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzJkMTlhN2ZiYWViYThlYTg4NmVlNmQzMGEwNjMzNWMy
MmNlODc3OGQ2NWMyNWRlMjBlMjVmNjE2MWNiOGM2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBB4FoZWkvM0jJ1fNloJJ6P6E1/1yNAN4ssyBMikuCHW2Y
tF3bMrIGERNipz8hjPGmVwS9wC69wr9bFP2phLENsorzQA2tOn9TcqrtwQAPl3ox
YOG044HiMX0vIARA1pUhZeVvjcg8P+VEh856rKp2edoFDHHJjH/5fvVgP9hwRYoi
7qjciv2xbdyT9jCykSN7dbLrkGhLM2JPp2V7gU1gdfwCmvrNeWCaWYIT5rFz9PJS
GdzZ2bW9XrD53tP+9xbzRij7W3IWZVdQzNlOzBBKn+iBd8NZUZiZLxbwDnW1negV
D9ytYPq4lJnZxwgCnWf3LjVTa8FFbsQudNa7KvENAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuUHWWt+maZnAQ0Jq+/QZ8yqTQZcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc2MmM2YTdkLTU3MjMtNGNiOC04N2E4LWUzMzJhZTAxOTY1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDrk4wDQYJKoZIhvcNAQELBQADggEBAFCbd61DAHOKGJMbVKke4z9nusqX
YQwdCKHffFBf7OeQQjkih5TU59bPkS+ugZyfYFXy4Jz9L0TlfJg/8MqmfPCk5WE6
qPT4+Vv+S4g96N2ptPoflwEFBbEUN13ayYopWtlKLADAewG9gNeKrLrNIAU03X/J
4+5+pLI1M2MOgnHc0/F20HmMAR7g8K2BOabytoTNHYP88uDVjZ4bi7OrpVmtuv2y
1pXFAmQzY6uG690alC0QPhsmRaTOqk8yLXumUajsgZOR1Zx7Sfs0db3N/5iCho0L
q6wwzTwIvL6kckHkbnmSJ2tYlLwNsLbUS/Ev25Qegt3UmCvNmVbXv7M0WHI=
-----END CERTIFICATE-----