Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa
File:                     a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa (raw, json)
Hash identifier:          0b5LEgHG/8X2y7MEeTDEWBRsfW4hlDa8AkB2fFPKXnE=
Subject key identifier:   BC:E8:64:9B:34:DB:0E:E0:67:BF:FB:40:AA:C1:25:D5:5B:B7:E2:9B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4CF2391C221F65BFF8ECAC2D5EBD8C2FA2A60912
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa
Signing time:             Mon 12 May 2025 16:00:17 +0000
ROA not before:           Mon 12 May 2025 16:00:17 +0000
ROA not after:            Mon 16 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.33.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Jun 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:f2:39:1c:22:1f:65:bf:f8:ec:ac:2d:5e:bd:8c:2f:a2:a6:09:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 12 16:00:17 2025 GMT
            Not After : Jun 16 23:59:59 2025 GMT
        Subject: serialNumber=1d94428f86f9878701c4db18edf8cae36dc3c1509846b49d67f71038a4574cd4, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:63:69:65:0a:19:2c:a8:83:15:76:47:e2:05:
                    61:a7:49:d5:98:9b:d7:4d:9c:0a:b1:2f:ec:fd:64:
                    2b:8a:99:ab:11:bf:c9:2b:47:89:8c:0a:d9:b5:68:
                    76:cb:e3:1a:fa:94:dd:18:00:60:98:e7:f2:6e:7d:
                    ab:40:38:72:da:9a:21:5c:7c:ce:91:3d:ba:56:dc:
                    f8:40:8b:65:71:2e:da:18:75:be:91:84:f2:4e:77:
                    38:2e:3c:61:c4:07:82:e2:5c:87:60:7a:05:ae:ab:
                    29:ed:c0:d8:c8:d4:2b:32:f7:e5:a0:70:f3:59:56:
                    6b:f4:48:bb:9a:55:18:d9:26:56:40:96:07:cc:55:
                    7b:29:3c:d3:69:da:63:6a:21:4b:bb:35:e5:04:7f:
                    35:e3:d3:40:d4:91:59:e3:cb:b5:1d:37:ad:dc:46:
                    dc:94:e0:90:45:bd:53:aa:53:9e:22:ce:6e:94:14:
                    70:3f:48:14:e9:ed:93:82:c0:39:b1:5d:17:24:1c:
                    97:df:7a:9a:c4:2e:13:2a:a2:01:b5:b5:6b:a0:99:
                    42:6a:1d:48:00:94:e4:d9:5e:7e:ac:e9:22:4e:f7:
                    d1:d2:7e:28:30:8b:0a:fe:14:54:ec:b1:31:1e:3a:
                    ca:18:d0:4c:73:f4:9d:fc:69:63:9e:74:ac:c8:00:
                    bc:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:E8:64:9B:34:DB:0E:E0:67:BF:FB:40:AA:C1:25:D5:5B:B7:E2:9B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.33.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:4c:63:6b:3c:36:e2:39:04:08:63:fa:45:2e:00:a3:a5:c5:
         60:8f:2d:73:b5:30:c3:14:09:29:d1:a5:1b:00:51:ae:9f:d2:
         c2:54:3f:ac:57:38:29:c1:cb:2b:18:64:fd:8e:5c:f0:6c:0c:
         66:aa:ed:94:53:32:b6:06:71:2a:83:93:4c:cc:2f:f1:34:46:
         70:7a:aa:94:5e:13:c7:61:13:ac:be:70:cf:26:39:b3:e8:b1:
         35:a4:57:e0:0a:5d:36:87:ab:f5:bf:82:29:ce:5e:9d:1c:5c:
         d6:c5:c4:81:2f:fb:6f:bf:ad:f0:29:e1:28:14:1e:e0:72:64:
         c6:f1:d3:bd:6c:c8:e3:9a:d7:3f:70:ea:f7:b2:b5:43:02:ed:
         e9:45:56:9d:e2:5f:24:57:0f:03:f2:25:c6:e3:bf:dc:39:2c:
         26:70:98:46:05:3e:53:7c:bb:5d:d4:1d:30:10:f5:49:94:26:
         87:38:01:1a:8f:ae:02:d2:01:0d:09:f7:15:f4:08:c0:49:32:
         d6:d8:70:61:ce:5b:96:11:0a:3b:11:c2:e6:7f:18:d2:c6:7e:
         8f:7f:05:49:ba:bb:61:b4:be:bc:6b:61:5c:49:d7:a0:e6:4b:
         56:dd:b7:58:28:fc:6e:4e:e2:d1:1b:2f:80:3b:4a:d9:37:c6:
         37:0e:90:11
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTPI5HCIfZb/47KwtXr2ML6KmCRIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTEyMTYwMDE3WhcNMjUwNjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZDk0NDI4Zjg2Zjk4Nzg3MDFjNGRiMThlZGY4Y2FlMzZk
YzNjMTUwOTg0NmI0OWQ2N2Y3MTAzOGE0NTc0Y2Q0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDY2llChksqIMVdkfiBWGnSdWYm9dNnAqxL+z9ZCuKmasR
v8krR4mMCtm1aHbL4xr6lN0YAGCY5/JufatAOHLamiFcfM6RPbpW3PhAi2VxLtoY
db6RhPJOdzguPGHEB4LiXIdgegWuqyntwNjI1Csy9+WgcPNZVmv0SLuaVRjZJlZA
lgfMVXspPNNp2mNqIUu7NeUEfzXj00DUkVnjy7UdN63cRtyU4JBFvVOqU54izm6U
FHA/SBTp7ZOCwDmxXRckHJffeprELhMqogG1tWugmUJqHUgAlOTZXn6s6SJO99HS
figwiwr+FFTssTEeOsoY0Exz9J38aWOedKzIALy/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvOhkmzTbDuBnv/tAqsEl1Vu34pswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EyY2FmMzFiLWE4ZGQtNDRmNi1iN2FkLTQwZDgwYTBhMmY1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDISwwDQYJKoZIhvcNAQELBQADggEBABtMY2s8NuI5BAhj+kUuAKOlxWCP
LXO1MMMUCSnRpRsAUa6f0sJUP6xXOCnByysYZP2OXPBsDGaq7ZRTMrYGcSqDk0zM
L/E0RnB6qpReE8dhE6y+cM8mObPosTWkV+AKXTaHq/W/ginOXp0cXNbFxIEv+2+/
rfAp4SgUHuByZMbx071syOOa1z9w6veytUMC7elFVp3iXyRXDwPyJcbjv9w5LCZw
mEYFPlN8u13UHTAQ9UmUJoc4ARqPrgLSAQ0J9xX0CMBJMtbYcGHOW5YRCjsRwuZ/
GNLGfo9/BUm6u2G0vrxrYVxJ16DmS1bdt1go/G5O4tEbL4A7Stk3xjcOkBE=
-----END CERTIFICATE-----