Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/635c97f6-f97d-4ec3-b214-a1e6c23683c0.roa
File:                     635c97f6-f97d-4ec3-b214-a1e6c23683c0.roa (raw, json)
Hash identifier:          9lDgwzXtgHhV8jFVY9CoTJTOFZ5eH84epe65qr9qOig=
Subject key identifier:   95:2D:EB:3E:1B:AE:92:12:A8:07:77:77:BB:13:45:98:D5:0F:58:CF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6BB9CBC4436E957FE0B2C4A1B9F058ACE2A415CF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/635c97f6-f97d-4ec3-b214-a1e6c23683c0.roa
Signing time:             Tue 22 Apr 2025 18:01:15 +0000
ROA not before:           Tue 22 Apr 2025 18:01:15 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.33.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:b9:cb:c4:43:6e:95:7f:e0:b2:c4:a1:b9:f0:58:ac:e2:a4:15:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr 22 18:01:15 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=4d353bacd3a185089ee781a2c34b79fbb90a07125556def142018c321dc97005, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:bf:2b:51:56:2d:ce:db:8c:aa:a2:dc:08:21:
                    d9:d1:45:cb:8d:4d:79:c6:b4:62:66:76:07:2c:70:
                    61:ab:b8:7d:83:4a:51:d1:43:30:4a:79:46:b5:c5:
                    ef:4e:90:56:86:09:e3:94:d5:9c:5f:aa:df:f4:94:
                    fa:e1:d3:77:07:3c:78:9a:80:11:30:5a:ec:a1:35:
                    6f:07:db:dc:c8:56:3e:f8:cc:07:47:be:ef:b6:1f:
                    cc:bd:3d:cd:a3:e6:a7:dd:91:d5:18:f9:4d:e0:52:
                    ff:6e:97:57:ee:70:3a:d3:12:1c:e3:45:39:ac:c3:
                    5c:0d:36:7b:60:0c:c8:d0:0b:61:3b:60:86:ef:ef:
                    c6:fa:59:6e:fd:c0:34:d8:84:3c:a2:e4:b4:f5:07:
                    88:d7:97:bc:44:81:6e:f6:a9:14:2c:21:e0:e3:b8:
                    3c:dd:33:23:da:3e:fa:cf:e5:3e:12:f4:a2:65:e5:
                    d8:42:18:0e:01:cf:51:17:1d:cc:b0:09:ab:a9:e1:
                    fb:10:d2:f4:77:67:6d:44:2a:0f:68:3d:5d:ef:0f:
                    a0:ea:d2:bc:87:6d:58:65:1a:11:2a:0e:3e:c3:bd:
                    fd:2e:a0:43:eb:d8:9a:6d:59:0c:7f:4b:bf:f0:44:
                    cb:aa:ba:1e:17:d1:af:71:39:ad:90:94:0c:40:d3:
                    8a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:2D:EB:3E:1B:AE:92:12:A8:07:77:77:BB:13:45:98:D5:0F:58:CF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/635c97f6-f97d-4ec3-b214-a1e6c23683c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.33.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:ff:e9:fe:26:f0:d9:06:05:1c:15:fe:d5:c5:b8:1e:2f:b1:
         a9:bd:32:22:1a:de:94:97:39:0f:6f:8a:1c:fc:05:d7:46:03:
         e3:f7:0f:22:d7:26:1c:90:31:d1:86:08:b6:81:3a:0e:c7:9a:
         0a:a6:89:56:3a:1a:ea:8d:e0:b9:af:c0:fd:20:c8:3e:f8:96:
         a0:89:5b:6c:e1:29:6d:56:2e:52:3d:20:fa:e8:f1:7e:8a:12:
         17:db:8b:56:fe:98:d7:95:1e:69:ed:92:82:c6:28:f8:4d:80:
         74:0d:74:36:ff:39:a6:44:0c:7f:40:b2:ff:bf:2f:09:e7:4f:
         8e:8e:4e:b3:9c:4c:3a:a6:fe:23:a1:d8:6d:9e:a6:f8:ac:3d:
         20:de:ac:1a:1b:02:37:fd:34:a0:b7:12:78:63:d1:f5:29:bd:
         5b:73:11:da:1e:3a:4c:87:83:a4:58:8c:3b:77:fc:c1:d9:2e:
         bd:64:70:ea:40:ea:85:da:a5:ac:14:25:c1:5c:8f:ba:0e:82:
         d3:59:c3:66:e7:95:67:c8:f1:53:dc:ea:c5:af:68:11:2e:2c:
         3e:af:21:f5:9a:47:75:99:33:75:8e:c9:1e:e7:c1:04:73:86:
         34:9c:61:c0:c4:1c:63:5f:59:0b:41:a5:af:31:d7:5d:5c:9d:
         62:f0:b6:ad
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa7nLxENulX/gssShufBYrOKkFc8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNDIyMTgwMTE1WhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZDM1M2JhY2QzYTE4NTA4OWVlNzgxYTJjMzRiNzlmYmI5
MGEwNzEyNTU1NmRlZjE0MjAxOGMzMjFkYzk3MDA1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIvytRVi3O24yqotwIIdnRRcuNTXnGtGJmdgcscGGruH2D
SlHRQzBKeUa1xe9OkFaGCeOU1Zxfqt/0lPrh03cHPHiagBEwWuyhNW8H29zIVj74
zAdHvu+2H8y9Pc2j5qfdkdUY+U3gUv9ul1fucDrTEhzjRTmsw1wNNntgDMjQC2E7
YIbv78b6WW79wDTYhDyi5LT1B4jXl7xEgW72qRQsIeDjuDzdMyPaPvrP5T4S9KJl
5dhCGA4Bz1EXHcywCaup4fsQ0vR3Z21EKg9oPV3vD6Dq0ryHbVhlGhEqDj7Dvf0u
oEPr2JptWQx/S7/wRMuquh4X0a9xOa2QlAxA04o3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlS3rPhuukhKoB3d3uxNFmNUPWM8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzYzNWM5N2Y2LWY5N2QtNGVjMy1iMjE0LWExZTZjMjM2ODNjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADISIwDQYJKoZIhvcNAQELBQADggEBADb/6f4m8NkGBRwV/tXFuB4vsam9
MiIa3pSXOQ9vihz8BddGA+P3DyLXJhyQMdGGCLaBOg7HmgqmiVY6GuqN4LmvwP0g
yD74lqCJW2zhKW1WLlI9IPro8X6KEhfbi1b+mNeVHmntkoLGKPhNgHQNdDb/OaZE
DH9Asv+/LwnnT46OTrOcTDqm/iOh2G2epvisPSDerBobAjf9NKC3Enhj0fUpvVtz
EdoeOkyHg6RYjDt3/MHZLr1kcOpA6oXapawUJcFcj7oOgtNZw2bnlWfI8VPc6sWv
aBEuLD6vIfWaR3WZM3WOyR7nwQRzhjScYcDEHGNfWQtBpa8x111cnWLwtq0=
-----END CERTIFICATE-----