Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa
File:                     a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa (raw, json)
Hash identifier:          nl6W61OyihU0vTKAGa3772SwQDeCPzRxRomsioJG6f0=
Subject key identifier:   CF:52:2D:4C:F6:43:C8:7E:0F:2E:30:0D:5F:B4:F0:1E:6E:2A:C3:0A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3E8880292552AB22C2789E8A9BDB564E2A18A905
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa
Signing time:             Fri 10 Oct 2025 15:10:11 +0000
ROA not before:           Fri 10 Oct 2025 15:10:11 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.33.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:88:80:29:25:52:ab:22:c2:78:9e:8a:9b:db:56:4e:2a:18:a9:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 15:10:11 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=65bde1783efa6e3258d5d470f679991c0e3c1c7242cb317ea7f80c5c6e566848, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:32:cb:79:02:02:63:2c:fc:9c:8a:0d:09:8e:
                    64:75:7f:38:fa:f5:c5:d6:3f:51:82:95:d8:c3:7a:
                    d7:c4:e2:04:82:57:b7:40:1e:7e:37:64:72:62:6f:
                    49:a6:5e:5d:80:5d:52:f9:01:a8:b7:44:d0:11:cb:
                    99:31:0c:65:79:be:8b:88:e4:a4:76:41:8e:0b:92:
                    74:54:c1:08:d4:aa:98:df:85:04:5d:98:43:04:70:
                    5d:da:85:96:90:f7:75:21:45:8a:dd:19:3f:8b:a4:
                    97:e4:2a:fd:9d:c3:3b:b2:fe:f0:e9:5d:4d:b9:48:
                    71:72:74:d2:87:34:a1:b0:f7:32:9d:bd:b5:71:c5:
                    7c:11:b3:54:b0:01:0a:8c:95:27:e6:53:dd:9e:42:
                    d9:4b:cd:76:25:5e:cc:c4:3d:99:4b:48:02:dd:89:
                    ac:0d:e4:ff:a0:36:39:ea:b3:6e:82:c0:ec:93:35:
                    08:2c:6b:78:ce:13:ca:21:05:40:ab:99:d3:77:22:
                    58:da:b3:d6:57:b4:4e:d3:7f:61:d0:00:c3:01:bb:
                    fa:c0:d6:d4:97:15:13:09:bb:07:31:44:49:27:45:
                    9e:69:0f:52:42:3b:ac:24:ea:cf:56:53:5e:e9:f5:
                    78:fc:bf:d8:0a:25:58:d3:a2:32:36:16:66:cc:36:
                    07:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:52:2D:4C:F6:43:C8:7E:0F:2E:30:0D:5F:B4:F0:1E:6E:2A:C3:0A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.33.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:31:95:8e:86:47:6a:9f:34:9a:70:16:b4:61:70:b8:3e:0b:
         b5:3a:a8:11:23:f8:fa:eb:7b:0f:1d:ae:6e:58:29:a5:ba:52:
         e4:3c:74:94:cf:c8:80:63:94:46:01:77:c5:4d:9d:4f:18:55:
         5c:38:db:29:0e:60:ee:49:7e:89:d8:a0:c0:f7:60:11:77:87:
         be:15:ed:e1:8e:32:e9:5e:e6:0f:27:b9:c1:29:54:1a:58:58:
         7f:ca:07:34:f8:4f:24:fd:30:48:83:b5:9b:11:36:99:b6:95:
         78:e0:65:dd:c3:d4:ae:d5:12:f5:e8:f1:5a:44:3d:c0:c1:c6:
         8a:17:97:e4:c2:84:74:cd:4f:bc:3e:47:37:93:5e:c4:67:61:
         32:5f:ea:cb:39:a0:bb:96:00:b5:3c:13:40:8b:c3:2a:8a:d2:
         a5:97:97:4c:89:97:ce:14:d2:77:7d:8a:46:89:f2:07:12:53:
         1f:ab:f3:9c:a7:46:d7:12:8a:d9:14:ca:af:1d:c2:68:f2:94:
         18:fa:b3:e5:88:1e:8c:97:d4:58:74:b8:d2:b6:94:59:5f:4c:
         71:3e:17:8c:62:40:50:11:bb:c2:9f:de:45:ed:28:c0:eb:a1:
         90:cc:8d:e5:ea:c9:2a:96:fd:50:f2:1e:0f:2a:b6:a8:c1:41:
         30:e8:39:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPoiAKSVSqyLCeJ6Km9tWTioYqQUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTUxMDExWhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NWJkZTE3ODNlZmE2ZTMyNThkNWQ0NzBmNjc5OTkxYzBl
M2MxYzcyNDJjYjMxN2VhN2Y4MGM1YzZlNTY2ODQ4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZMst5AgJjLPycig0JjmR1fzj69cXWP1GCldjDetfE4gSC
V7dAHn43ZHJib0mmXl2AXVL5Aai3RNARy5kxDGV5vouI5KR2QY4LknRUwQjUqpjf
hQRdmEMEcF3ahZaQ93UhRYrdGT+LpJfkKv2dwzuy/vDpXU25SHFydNKHNKGw9zKd
vbVxxXwRs1SwAQqMlSfmU92eQtlLzXYlXszEPZlLSALdiawN5P+gNjnqs26CwOyT
NQgsa3jOE8ohBUCrmdN3Iljas9ZXtE7Tf2HQAMMBu/rA1tSXFRMJuwcxREknRZ5p
D1JCO6wk6s9WU17p9Xj8v9gKJVjTojI2FmbMNgcnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUz1ItTPZDyH4PLjANX7TwHm4qwwowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EyY2FmMzFiLWE4ZGQtNDRmNi1iN2FkLTQwZDgwYTBhMmY1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDISwwDQYJKoZIhvcNAQELBQADggEBAGsxlY6GR2qfNJpwFrRhcLg+C7U6
qBEj+Prrew8drm5YKaW6UuQ8dJTPyIBjlEYBd8VNnU8YVVw42ykOYO5JfonYoMD3
YBF3h74V7eGOMule5g8nucEpVBpYWH/KBzT4TyT9MEiDtZsRNpm2lXjgZd3D1K7V
EvXo8VpEPcDBxooXl+TChHTNT7w+RzeTXsRnYTJf6ss5oLuWALU8E0CLwyqK0qWX
l0yJl84U0nd9ikaJ8gcSUx+r85ynRtcSitkUyq8dwmjylBj6s+WIHoyX1Fh0uNK2
lFlfTHE+F4xiQFARu8Kf3kXtKMDroZDMjeXqySqW/VDyHg8qtqjBQTDoORQ=
-----END CERTIFICATE-----