Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9b6942d9-f92c-4734-aefa-a7a0b88a0bdc.roa
File:                     9b6942d9-f92c-4734-aefa-a7a0b88a0bdc.roa (raw, json)
Hash identifier:          lFGibY4nk+EqZKUFhfRXLUyE0r1g2AbpiQL4tTZs0P4=
Subject key identifier:   5D:53:D6:F8:F8:04:08:71:02:4A:E3:89:C8:7B:1B:BD:F4:66:DB:B1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4B329EE824AAAD6062D04D19E78A7DC8F085D73B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9b6942d9-f92c-4734-aefa-a7a0b88a0bdc.roa
Signing time:             Tue 04 Nov 2025 01:31:27 +0000
ROA not before:           Tue 04 Nov 2025 01:31:27 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.33.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:32:9e:e8:24:aa:ad:60:62:d0:4d:19:e7:8a:7d:c8:f0:85:d7:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 01:31:27 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=79f7473570d9541b59b71f1acc42035e0809bd4abd1d446f9cc42158d4cff885, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:a9:d0:8c:f7:58:e0:25:ea:7f:ec:a6:cd:2a:
                    82:b8:3d:44:44:5d:60:78:61:d4:f4:ad:2f:5a:96:
                    02:ae:35:c4:50:8f:f5:5f:d3:f8:0b:c2:c1:7c:b7:
                    d4:f5:13:e1:aa:a4:d8:2f:a3:bc:c6:1e:81:8c:2f:
                    ea:fe:f7:fb:78:3b:ed:bd:72:20:27:a1:da:05:92:
                    0f:4b:1c:2f:a4:52:46:79:00:4e:d3:b9:13:79:92:
                    8a:ff:a5:f4:c1:cd:1f:6b:f9:91:c7:14:eb:b9:65:
                    d7:0c:48:77:d9:05:db:aa:4d:10:11:db:bf:9c:01:
                    ee:76:b6:f3:3a:01:da:b7:64:b4:15:b3:0e:a4:06:
                    c8:b5:8a:e5:2c:5e:6a:b4:f2:11:ba:29:f7:32:6d:
                    62:10:97:3d:84:95:03:ff:ba:c8:bf:16:6e:a3:cd:
                    06:e5:98:f9:fc:6c:06:10:57:a4:80:61:ee:86:67:
                    7d:0f:7d:9b:ef:31:04:fb:bf:bb:8e:b4:29:4b:56:
                    93:1e:3c:7b:86:b5:92:92:00:a4:09:9c:6f:cc:32:
                    4c:15:8a:02:54:f2:57:6c:2c:c8:8a:55:d9:c4:1a:
                    95:59:50:54:c3:ac:b9:c9:76:12:af:9f:9d:0b:c6:
                    6b:23:53:14:be:67:66:09:9f:fe:9c:47:c3:43:c2:
                    79:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:53:D6:F8:F8:04:08:71:02:4A:E3:89:C8:7B:1B:BD:F4:66:DB:B1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9b6942d9-f92c-4734-aefa-a7a0b88a0bdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.33.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:09:59:7a:70:73:0b:c0:56:46:a0:8b:78:2c:a6:ee:b8:bf:
         f1:29:6a:f7:04:fb:e1:62:e3:76:1f:f0:bc:99:19:a0:28:49:
         32:1d:33:ed:11:77:28:8e:c3:ff:72:dd:e3:3a:77:b7:b1:4a:
         76:c5:80:24:62:33:a1:30:fb:ed:c5:59:51:29:d9:47:77:34:
         ca:0a:83:ec:39:9d:24:5e:77:b1:fb:9e:2d:cd:83:ef:9a:4f:
         fd:63:da:87:3b:2c:33:31:c6:44:16:d9:c5:f6:ed:7c:52:c3:
         a7:99:f4:b1:8d:39:b1:3d:6a:8d:4d:47:69:15:ba:36:bc:92:
         14:94:de:7b:32:a5:d7:35:21:04:78:60:1a:1f:1b:ee:74:ea:
         26:01:f1:04:ca:89:af:8a:44:33:2f:00:8d:dd:ea:22:b4:79:
         1e:51:4d:67:d7:7e:37:69:c7:c0:ea:e7:fd:e8:85:d0:06:23:
         76:57:20:10:21:ec:cf:7b:27:e6:38:46:be:92:b8:0c:47:ae:
         45:12:59:3c:cd:0d:fc:27:f5:1c:b6:34:37:f2:4c:49:c9:90:
         ee:7d:27:aa:cb:f1:e3:0f:cd:10:27:88:56:5e:da:f5:e7:a0:
         f7:ec:89:da:f6:a6:9e:e3:67:2f:a3:b9:b2:8c:88:3f:3d:5d:
         2a:fb:31:f0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSzKe6CSqrWBi0E0Z54p9yPCF1zswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDEzMTI3WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3OWY3NDczNTcwZDk1NDFiNTliNzFmMWFjYzQyMDM1ZTA4
MDliZDRhYmQxZDQ0NmY5Y2M0MjE1OGQ0Y2ZmODg1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNqdCM91jgJep/7KbNKoK4PUREXWB4YdT0rS9algKuNcRQ
j/Vf0/gLwsF8t9T1E+GqpNgvo7zGHoGML+r+9/t4O+29ciAnodoFkg9LHC+kUkZ5
AE7TuRN5kor/pfTBzR9r+ZHHFOu5ZdcMSHfZBduqTRAR27+cAe52tvM6Adq3ZLQV
sw6kBsi1iuUsXmq08hG6KfcybWIQlz2ElQP/usi/Fm6jzQblmPn8bAYQV6SAYe6G
Z30PfZvvMQT7v7uOtClLVpMePHuGtZKSAKQJnG/MMkwVigJU8ldsLMiKVdnEGpVZ
UFTDrLnJdhKvn50LxmsjUxS+Z2YJn/6cR8NDwnmRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXVPW+PgECHECSuOJyHsbvfRm27EwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzliNjk0MmQ5LWY5MmMtNDczNC1hZWZhLWE3YTBiODhhMGJkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADISEwDQYJKoZIhvcNAQELBQADggEBAEsJWXpwcwvAVkagi3gspu64v/Ep
avcE++Fi43Yf8LyZGaAoSTIdM+0RdyiOw/9y3eM6d7exSnbFgCRiM6Ew++3FWVEp
2Ud3NMoKg+w5nSRed7H7ni3Ng++aT/1j2oc7LDMxxkQW2cX27XxSw6eZ9LGNObE9
ao1NR2kVuja8khSU3nsypdc1IQR4YBofG+506iYB8QTKia+KRDMvAI3d6iK0eR5R
TWfXfjdpx8Dq5/3ohdAGI3ZXIBAh7M97J+Y4Rr6SuAxHrkUSWTzNDfwn9Ry2NDfy
TEnJkO59J6rL8eMPzRAniFZe2vXnoPfsidr2pp7jZy+jubKMiD89XSr7MfA=
-----END CERTIFICATE-----