Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa
File:                     a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa (raw, json)
Hash identifier:          pegmVL6UnWywcg4Ov8QAqCVILt4XK0U7QSqUgxgCpQE=
Subject key identifier:   58:A5:FA:59:B1:12:AC:E6:86:08:6E:AD:74:0A:53:AE:36:5C:C9:80
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1069BA9B5FCB0C50C8893C4EC90EE79DB858EB39
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa
Signing time:             Wed 20 Aug 2025 00:51:06 +0000
ROA not before:           Wed 20 Aug 2025 00:51:06 +0000
ROA not after:            Wed 24 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.33.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:69:ba:9b:5f:cb:0c:50:c8:89:3c:4e:c9:0e:e7:9d:b8:58:eb:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 20 00:51:06 2025 GMT
            Not After : Sep 24 23:59:59 2025 GMT
        Subject: serialNumber=19a8511e1332637f18f4534b82d82abae52f4e2818ebd8b850f89325034bc2f5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ef:36:5c:39:61:f8:2f:d5:e1:64:ca:60:e7:
                    0d:64:09:b1:5d:a7:6e:53:29:dd:7a:2f:bf:dc:55:
                    c3:5a:f3:e4:a3:6b:3c:ee:36:6a:86:5a:f2:ab:57:
                    53:b6:5e:0c:c2:d5:08:e4:94:58:8f:e5:30:95:ac:
                    db:98:91:a2:e2:78:fa:da:7d:ea:3a:a4:38:1c:93:
                    0a:81:6b:cc:41:f9:e0:9f:44:08:bb:04:91:1e:fb:
                    30:ce:c8:cd:51:be:c3:ef:28:b5:45:2a:bb:6f:6c:
                    55:b3:cc:0d:f9:e0:7d:c7:ea:09:b3:03:1b:a8:b5:
                    28:47:21:a0:f4:ae:f3:a9:05:0d:ef:ca:c6:87:5c:
                    e5:e9:06:5e:af:8d:08:c5:26:67:a8:4c:05:8d:13:
                    74:d0:a3:24:8e:8d:20:bf:68:cf:b7:ba:37:1b:18:
                    61:4f:b7:0b:4d:3a:ff:e2:b0:64:80:d6:4f:42:ae:
                    97:9e:af:ea:2b:04:99:2c:a0:10:aa:f9:10:9e:e8:
                    54:43:4b:01:98:9f:bd:d7:9e:6f:38:54:e4:98:06:
                    46:13:14:ce:bb:02:aa:9d:fc:94:8e:fe:73:e7:f7:
                    14:5f:b8:19:de:c4:79:29:da:a0:c0:1d:0a:83:ab:
                    9c:d3:8a:30:49:d7:ea:77:a7:43:7b:b1:c0:90:14:
                    fe:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A5:FA:59:B1:12:AC:E6:86:08:6E:AD:74:0A:53:AE:36:5C:C9:80
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.33.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:9c:8f:d0:ca:71:5c:5c:0f:a5:20:0a:d1:ac:dc:57:02:ce:
         09:52:d3:7a:42:08:01:d0:1e:40:29:ee:76:c1:5f:2c:df:96:
         b0:03:f9:b6:0c:c4:6e:cf:da:fc:dc:d4:c7:fa:f3:fa:4b:55:
         85:59:55:f6:4b:50:ba:dd:79:b2:6a:10:a5:56:71:9f:4f:45:
         f6:76:be:72:a1:aa:79:04:49:dd:88:a2:aa:38:0f:7a:4d:1f:
         18:c6:49:6a:b0:65:75:d9:ea:02:e0:75:53:4b:fd:a4:e6:22:
         5a:81:fc:14:77:70:f8:6d:e8:34:29:46:fd:bd:cf:0c:23:95:
         5d:46:54:6d:08:2f:3b:03:9e:be:8c:a4:2c:18:49:70:e7:86:
         0c:7b:c1:aa:89:64:c3:f3:53:f5:85:3d:5e:1a:45:5c:de:a7:
         40:21:40:f0:96:04:f9:73:0a:03:ea:cb:af:e9:40:e8:18:b0:
         8d:79:0e:d3:0d:2b:05:b3:03:85:89:6c:41:bb:18:9b:fa:78:
         d2:a9:8d:4d:15:4a:2e:3e:55:46:fb:3b:51:0a:35:b1:b7:f2:
         d6:63:55:d0:a7:d2:51:a5:5d:1c:10:29:c0:19:7a:73:32:81:
         29:ea:3b:46:65:0c:62:9d:67:91:99:61:79:7e:49:19:53:25:
         07:8a:c9:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEGm6m1/LDFDIiTxOyQ7nnbhY6zkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODIwMDA1MTA2WhcNMjUwOTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxOWE4NTExZTEzMzI2MzdmMThmNDUzNGI4MmQ4MmFiYWU1
MmY0ZTI4MThlYmQ4Yjg1MGY4OTMyNTAzNGJjMmY1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDI7zZcOWH4L9XhZMpg5w1kCbFdp25TKd16L7/cVcNa8+Sj
azzuNmqGWvKrV1O2XgzC1QjklFiP5TCVrNuYkaLiePrafeo6pDgckwqBa8xB+eCf
RAi7BJEe+zDOyM1RvsPvKLVFKrtvbFWzzA354H3H6gmzAxuotShHIaD0rvOpBQ3v
ysaHXOXpBl6vjQjFJmeoTAWNE3TQoySOjSC/aM+3ujcbGGFPtwtNOv/isGSA1k9C
rpeer+orBJksoBCq+RCe6FRDSwGYn73Xnm84VOSYBkYTFM67Aqqd/JSO/nPn9xRf
uBnexHkp2qDAHQqDq5zTijBJ1+p3p0N7scCQFP55AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWKX6WbESrOaGCG6tdApTrjZcyYAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EyY2FmMzFiLWE4ZGQtNDRmNi1iN2FkLTQwZDgwYTBhMmY1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDISwwDQYJKoZIhvcNAQELBQADggEBACCcj9DKcVxcD6UgCtGs3FcCzglS
03pCCAHQHkAp7nbBXyzflrAD+bYMxG7P2vzc1Mf68/pLVYVZVfZLULrdebJqEKVW
cZ9PRfZ2vnKhqnkESd2Ioqo4D3pNHxjGSWqwZXXZ6gLgdVNL/aTmIlqB/BR3cPht
6DQpRv29zwwjlV1GVG0ILzsDnr6MpCwYSXDnhgx7waqJZMPzU/WFPV4aRVzep0Ah
QPCWBPlzCgPqy6/pQOgYsI15DtMNKwWzA4WJbEG7GJv6eNKpjU0VSi4+VUb7O1EK
NbG38tZjVdCn0lGlXRwQKcAZenMygSnqO0ZlDGKdZ5GZYXl+SRlTJQeKycA=
-----END CERTIFICATE-----