Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b70b41d-e89c-4531-9695-c56d4fbbf712.roa
File:                     3b70b41d-e89c-4531-9695-c56d4fbbf712.roa (raw, json)
Hash identifier:          AWPGJaGrBmoaitji/knNCN+cIIMEFbU/Op23aZQZ4DQ=
Subject key identifier:   72:0E:79:E3:75:8B:B3:60:65:08:93:4D:68:AF:3D:13:19:33:0D:6C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       09C626C2B035FEE76FCFE00CA99115E263036D09
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b70b41d-e89c-4531-9695-c56d4fbbf712.roa
Signing time:             Tue 23 Sep 2025 17:11:58 +0000
ROA not before:           Tue 23 Sep 2025 17:11:58 +0000
ROA not after:            Tue 28 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.3.0.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:c6:26:c2:b0:35:fe:e7:6f:cf:e0:0c:a9:91:15:e2:63:03:6d:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 23 17:11:58 2025 GMT
            Not After : Oct 28 23:59:59 2025 GMT
        Subject: serialNumber=11c0ba3c7c180ad67be5fddde12240d0a1ca46b45ecfbe779fb3fc3e96d19032, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:79:25:e3:46:6d:93:f7:5b:db:99:4e:7b:e5:
                    90:87:02:d7:7b:d7:1c:33:48:cd:eb:62:f3:7e:47:
                    2d:d1:09:2f:a2:6f:f2:d0:8d:07:32:08:1f:c9:52:
                    1b:69:cd:19:ee:86:52:fd:20:6b:ff:09:fc:ee:4b:
                    11:6b:bb:f0:71:c3:3b:cb:4a:65:bd:7f:33:42:ee:
                    f9:0b:e9:f9:96:15:dc:6b:32:8d:a4:52:1b:9a:e2:
                    65:76:ab:ee:49:2b:15:11:43:3c:4c:95:13:ca:50:
                    74:92:2e:25:fc:d7:a6:11:a0:99:8a:b0:ce:e8:74:
                    63:22:c5:d6:55:ac:71:a3:dc:59:3b:be:f5:67:ae:
                    1d:88:be:20:cf:c8:b2:fa:84:be:f6:d0:7c:e0:69:
                    60:67:f5:2e:bb:7e:af:e7:9f:83:98:e9:d1:b8:93:
                    20:67:71:b3:58:02:74:93:e6:ab:39:d3:f8:9d:33:
                    ce:9b:4a:a9:88:dc:52:4b:68:0f:cb:27:06:e9:e1:
                    41:e9:31:e0:8b:64:a2:f9:a8:3d:ea:6a:56:bb:3a:
                    2e:fb:27:4d:bd:20:7c:87:b8:d3:e7:5a:13:b2:83:
                    18:06:aa:24:cb:27:28:79:1c:ea:09:6d:ff:cb:95:
                    fe:82:b5:01:40:3d:40:14:64:dd:d8:9f:d0:d0:46:
                    0a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:0E:79:E3:75:8B:B3:60:65:08:93:4D:68:AF:3D:13:19:33:0D:6C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3b70b41d-e89c-4531-9695-c56d4fbbf712.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.3.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:6c:8f:c2:97:2f:55:20:4c:c2:61:75:1b:2e:e0:71:b3:21:
         ad:fb:6a:37:07:59:ef:bc:f4:b4:c2:44:a4:ac:92:21:fb:4b:
         77:ab:8c:2b:21:ff:17:f3:09:47:39:b8:b1:d9:6c:0d:7a:c7:
         7b:52:d6:04:b5:5c:c1:d4:8a:2e:d4:b0:28:85:a6:16:ac:06:
         ff:5d:10:b6:e6:31:6c:92:f4:21:5b:66:3a:66:93:ae:6a:00:
         0f:f0:dc:a8:ff:e3:36:fc:e5:60:86:f9:22:ee:74:e1:4d:7e:
         0a:1b:d6:74:e0:74:18:47:c7:ae:46:c0:f2:50:58:46:55:23:
         63:e7:ce:3c:34:cc:f5:d4:51:19:18:3b:24:dc:13:54:54:be:
         11:fe:71:7f:a1:13:97:5c:75:db:34:0f:11:3e:9f:ff:12:0c:
         3c:1c:ee:6d:b3:78:8b:a6:18:a2:a8:06:37:53:a1:e6:47:3c:
         bc:38:b6:4b:d4:07:4b:ee:c4:94:16:9f:df:bc:1c:1c:31:aa:
         15:bd:2f:5d:ea:25:ef:e1:02:69:4a:6d:b7:a4:c3:7b:61:51:
         38:8d:3f:b4:3e:ed:4d:4c:9e:40:56:7d:2d:28:cc:90:11:46:
         36:6f:97:ea:48:51:27:9e:68:d0:58:9c:20:52:93:70:e0:b7:
         60:91:ac:35
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCcYmwrA1/udvz+AMqZEV4mMDbQkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIzMTcxMTU4WhcNMjUxMDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMWMwYmEzYzdjMTgwYWQ2N2JlNWZkZGRlMTIyNDBkMGEx
Y2E0NmI0NWVjZmJlNzc5ZmIzZmMzZTk2ZDE5MDMyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCteSXjRm2T91vbmU575ZCHAtd71xwzSM3rYvN+Ry3RCS+i
b/LQjQcyCB/JUhtpzRnuhlL9IGv/CfzuSxFru/BxwzvLSmW9fzNC7vkL6fmWFdxr
Mo2kUhua4mV2q+5JKxURQzxMlRPKUHSSLiX816YRoJmKsM7odGMixdZVrHGj3Fk7
vvVnrh2IviDPyLL6hL720HzgaWBn9S67fq/nn4OY6dG4kyBncbNYAnST5qs50/id
M86bSqmI3FJLaA/LJwbp4UHpMeCLZKL5qD3qala7Oi77J029IHyHuNPnWhOygxgG
qiTLJyh5HOoJbf/Llf6CtQFAPUAUZN3Yn9DQRgqTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcg5543WLs2BlCJNNaK89ExkzDWwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiNzBiNDFkLWU4OWMtNDUzMS05Njk1LWM1NmQ0ZmJiZjcxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEDAwAwDQYJKoZIhvcNAQELBQADggEBAAlsj8KXL1UgTMJhdRsu4HGzIa37
ajcHWe+89LTCRKSskiH7S3erjCsh/xfzCUc5uLHZbA16x3tS1gS1XMHUii7UsCiF
phasBv9dELbmMWyS9CFbZjpmk65qAA/w3Kj/4zb85WCG+SLudOFNfgob1nTgdBhH
x65GwPJQWEZVI2Pnzjw0zPXUURkYOyTcE1RUvhH+cX+hE5dcdds0DxE+n/8SDDwc
7m2zeIumGKKoBjdToeZHPLw4tkvUB0vuxJQWn9+8HBwxqhW9L13qJe/hAmlKbbek
w3thUTiNP7Q+7U1MnkBWfS0ozJARRjZvl+pIUSeeaNBYnCBSk3Dgt2CRrDU=
-----END CERTIFICATE-----