Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3c8e35a4-55f4-42e9-9859-18c9e6fdc522.roa
File:                     3c8e35a4-55f4-42e9-9859-18c9e6fdc522.roa (raw, json)
Hash identifier:          mdDGi4ZcnLHIuZ7iHBr60D3Nrbt6nsi8PIol+nB3d8Q=
Subject key identifier:   3F:B6:98:BA:16:72:65:32:98:4A:7D:8A:F5:09:9F:4A:40:04:F4:5C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2DD4806A3ED30DE20F50C787146C7C4235E6C391
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3c8e35a4-55f4-42e9-9859-18c9e6fdc522.roa
Signing time:             Sat 28 Feb 2026 03:50:05 +0000
ROA not before:           Sat 28 Feb 2026 03:50:05 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        18.234.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:d4:80:6a:3e:d3:0d:e2:0f:50:c7:87:14:6c:7c:42:35:e6:c3:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 03:50:05 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=34a556df3f6290f09a2d0e6fc880666e5cdc63e82d9713a73f247cf2a4f6784f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3b:08:21:ec:e7:c2:d1:cd:40:6c:10:a4:5a:
                    a4:40:da:af:ea:52:f1:3a:2c:c9:e7:d7:62:df:d1:
                    1a:be:3d:03:30:53:46:26:ec:60:66:71:e0:0c:88:
                    b2:c5:0e:85:fa:2e:1f:69:9c:50:3d:f7:a2:f2:17:
                    04:83:02:19:59:98:0a:51:1e:64:21:de:3d:03:05:
                    c2:30:42:0c:04:42:1e:3b:35:34:89:86:47:98:2f:
                    78:5f:5a:e0:15:fd:dc:cf:95:26:de:62:6c:30:93:
                    52:f6:f7:19:94:d3:3f:c7:4c:39:29:c5:1a:9d:c8:
                    a8:15:b3:71:5a:f6:f0:86:02:dc:76:ce:99:c2:32:
                    01:4d:1a:f1:75:b0:a1:1d:3a:da:48:16:ef:4c:65:
                    d7:7a:35:11:f8:d5:f3:a4:b3:74:d9:47:06:5b:3b:
                    4c:24:e8:6e:87:1c:db:98:ca:e8:21:1d:df:e8:8b:
                    56:3e:ec:a9:c5:99:47:cf:4b:7d:ed:48:76:97:e9:
                    2c:9b:9d:ff:8f:9e:86:80:03:03:be:08:fa:c7:a5:
                    54:c0:4e:c9:8f:aa:1e:5f:09:38:01:f3:1d:74:b5:
                    28:8a:69:00:b2:80:3c:91:11:5b:10:03:73:c9:e2:
                    26:1c:d7:75:cc:5c:f4:90:77:1c:97:25:5a:b1:26:
                    03:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B6:98:BA:16:72:65:32:98:4A:7D:8A:F5:09:9F:4A:40:04:F4:5C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3c8e35a4-55f4-42e9-9859-18c9e6fdc522.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.234.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:d5:ee:c6:53:d6:32:bb:bb:1c:5d:c8:69:a6:36:d1:a7:35:
         9c:97:74:74:7e:17:54:51:e3:52:bf:5a:d8:4b:c3:23:11:5e:
         53:43:5d:f5:fc:99:75:13:80:9a:c0:ac:6b:18:9e:d9:66:8f:
         43:fd:1b:30:f5:97:b4:25:9a:77:33:9f:ab:f5:9d:7c:f9:91:
         47:69:39:c8:9e:a2:fe:df:1e:cf:3f:79:a2:a8:9f:88:1f:e0:
         81:80:08:80:4b:b5:b6:ef:8a:7c:33:4e:16:2d:d4:2e:59:09:
         17:95:b3:c3:a3:90:27:8b:ea:63:2f:05:7d:e2:fa:72:a3:42:
         70:c7:f6:72:09:bd:0e:16:dc:c0:47:55:8c:3f:56:be:e5:f5:
         27:ce:04:41:83:74:5a:5d:9c:e5:81:de:ca:13:1e:23:c6:19:
         ab:40:81:82:df:3c:e6:df:f3:f3:26:06:44:b9:af:8b:33:b0:
         92:bb:5f:58:c4:26:76:0d:b6:d4:56:c7:56:c2:ac:71:9b:e8:
         b0:22:a1:5f:96:4e:5d:22:d0:18:98:95:b3:64:96:cd:e0:63:
         e8:f6:93:75:df:fc:5f:05:81:9c:fe:89:15:57:74:b4:28:23:
         d6:da:43:5d:2b:34:fc:0c:a9:05:55:54:87:99:1c:6e:91:b8:
         27:8c:fa:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULdSAaj7TDeIPUMeHFGx8QjXmw5EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDM1MDA1WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNGE1NTZkZjNmNjI5MGYwOWEyZDBlNmZjODgwNjY2ZTVj
ZGM2M2U4MmQ5NzEzYTczZjI0N2NmMmE0ZjY3ODRmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtOwgh7OfC0c1AbBCkWqRA2q/qUvE6LMnn12Lf0Rq+PQMw
U0Ym7GBmceAMiLLFDoX6Lh9pnFA996LyFwSDAhlZmApRHmQh3j0DBcIwQgwEQh47
NTSJhkeYL3hfWuAV/dzPlSbeYmwwk1L29xmU0z/HTDkpxRqdyKgVs3Fa9vCGAtx2
zpnCMgFNGvF1sKEdOtpIFu9MZdd6NRH41fOks3TZRwZbO0wk6G6HHNuYyughHd/o
i1Y+7KnFmUfPS33tSHaX6Sybnf+PnoaAAwO+CPrHpVTATsmPqh5fCTgB8x10tSiK
aQCygDyREVsQA3PJ4iYc13XMXPSQdxyXJVqxJgNtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUP7aYuhZyZTKYSn2K9QmfSkAE9FwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNjOGUzNWE0LTU1ZjQtNDJlOS05ODU5LTE4YzllNmZkYzUyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS6iEwDQYJKoZIhvcNAQELBQADggEBAHfV7sZT1jK7uxxdyGmmNtGnNZyX
dHR+F1RR41K/WthLwyMRXlNDXfX8mXUTgJrArGsYntlmj0P9GzD1l7Qlmnczn6v1
nXz5kUdpOcieov7fHs8/eaKon4gf4IGACIBLtbbvinwzThYt1C5ZCReVs8OjkCeL
6mMvBX3i+nKjQnDH9nIJvQ4W3MBHVYw/Vr7l9SfOBEGDdFpdnOWB3soTHiPGGatA
gYLfPObf8/MmBkS5r4szsJK7X1jEJnYNttRWx1bCrHGb6LAioV+WTl0i0BiYlbNk
ls3gY+j2k3Xf/F8FgZz+iRVXdLQoI9baQ10rNPwMqQVVVIeZHG6RuCeM+n8=
-----END CERTIFICATE-----