Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9b6942d9-f92c-4734-aefa-a7a0b88a0bdc.roa
File:                     9b6942d9-f92c-4734-aefa-a7a0b88a0bdc.roa (raw, json)
Hash identifier:          wu4qoCG1Qvcn2NlP2exszOUtQitFimiRCKY20mcm2bQ=
Subject key identifier:   3B:68:D9:3D:77:F0:B6:B0:28:73:9C:98:7C:3A:9A:E9:09:22:75:A7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4CE1D411BCB5A3F2CE84F4D5E85C43C3289F8F64
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9b6942d9-f92c-4734-aefa-a7a0b88a0bdc.roa
Signing time:             Tue 17 Feb 2026 01:21:15 +0000
ROA not before:           Tue 17 Feb 2026 01:21:15 +0000
ROA not after:            Mon 18 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        3.33.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:e1:d4:11:bc:b5:a3:f2:ce:84:f4:d5:e8:5c:43:c3:28:9f:8f:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 17 01:21:15 2026 GMT
            Not After : May 18 23:59:59 2026 GMT
        Subject: serialNumber=0d64cb5d0785862729bc3dfb64a01145812271907111d62ee9063dc3e03897f9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:52:36:40:1b:e6:06:85:97:94:f2:26:39:b4:
                    ef:4a:3f:bf:35:3b:93:b9:69:35:6e:a9:5f:ba:c6:
                    48:af:7d:21:94:9b:de:67:27:6c:ac:f2:b8:36:78:
                    14:68:38:78:f8:4d:09:c3:a7:cb:d0:7c:fe:fb:08:
                    07:f1:1b:cc:af:e0:3b:17:32:b0:bb:19:fd:46:b6:
                    ca:0a:55:4a:f2:84:20:7e:b8:76:ad:ad:79:a0:a0:
                    d6:7d:a0:02:97:28:49:88:d4:01:92:84:38:78:93:
                    66:b8:5b:8d:6e:fc:3b:64:62:b8:56:59:c5:fe:c0:
                    67:a6:37:56:74:81:1b:0f:17:6a:6d:45:94:e4:3f:
                    37:dc:f8:ae:4e:17:79:b0:be:15:35:91:8e:5d:4e:
                    fc:a5:f5:35:86:a3:57:02:00:82:fc:5c:28:2a:59:
                    15:2f:ec:4b:d5:4b:f2:61:3b:ac:39:28:aa:3a:3a:
                    02:3c:24:e0:94:8b:25:ea:69:81:dd:39:ce:e2:4d:
                    dc:10:de:d8:0b:e5:fe:ff:3a:c0:45:09:5c:06:17:
                    db:7d:56:e8:76:8f:7d:9f:1d:e3:59:4e:be:fc:29:
                    8d:38:d6:2b:e3:9a:fc:43:88:78:a9:87:1f:be:32:
                    4f:f6:0a:c2:d5:22:5f:96:30:0d:5f:fb:c2:6d:36:
                    32:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:68:D9:3D:77:F0:B6:B0:28:73:9C:98:7C:3A:9A:E9:09:22:75:A7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9b6942d9-f92c-4734-aefa-a7a0b88a0bdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.33.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:3f:c3:81:90:ef:a4:93:f1:df:15:5c:6c:b1:a6:bc:0b:0e:
         12:93:a1:a1:ae:bc:d7:ab:83:12:46:39:bc:37:aa:e9:6a:8b:
         ad:7c:77:93:d3:84:ec:89:e5:25:f9:cb:65:70:1d:dd:04:9b:
         3b:6b:13:ba:6a:30:82:84:7b:bb:16:90:65:15:08:2b:4b:43:
         9c:01:c6:26:63:6e:be:cf:a9:f3:96:d7:e8:05:19:45:86:bf:
         84:ad:d3:23:a9:f1:0d:5c:fe:86:99:78:3e:e4:69:9a:6a:a7:
         6d:f9:8b:ef:8a:95:b9:37:52:b5:d7:9b:54:30:8a:09:01:1a:
         5e:0d:10:35:74:7c:33:1a:80:42:8d:99:f6:eb:0b:18:f2:8b:
         f8:0c:29:29:3d:98:21:59:a3:55:bc:37:4c:2a:a4:df:67:e8:
         3e:db:01:8b:86:9a:a7:02:07:01:d3:6c:aa:df:92:a8:85:11:
         43:0e:aa:14:b5:12:fe:14:36:b8:b2:e7:2f:ff:79:82:88:03:
         8f:84:9a:09:af:58:3a:31:0d:04:eb:4a:4d:61:41:47:d1:89:
         5f:ad:24:c9:9b:c6:af:94:63:df:50:31:cf:5d:b1:d9:a9:06:
         a5:61:14:8b:90:72:8e:34:27:fe:22:bc:ae:f8:69:00:22:2d:
         69:ac:3f:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTOHUEby1o/LOhPTV6FxDwyifj2QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjE3MDEyMTE1WhcNMjYwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZDY0Y2I1ZDA3ODU4NjI3MjliYzNkZmI2NGEwMTE0NTgx
MjI3MTkwNzExMWQ2MmVlOTA2M2RjM2UwMzg5N2Y5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfUjZAG+YGhZeU8iY5tO9KP781O5O5aTVuqV+6xkivfSGU
m95nJ2ys8rg2eBRoOHj4TQnDp8vQfP77CAfxG8yv4DsXMrC7Gf1GtsoKVUryhCB+
uHatrXmgoNZ9oAKXKEmI1AGShDh4k2a4W41u/DtkYrhWWcX+wGemN1Z0gRsPF2pt
RZTkPzfc+K5OF3mwvhU1kY5dTvyl9TWGo1cCAIL8XCgqWRUv7EvVS/JhO6w5KKo6
OgI8JOCUiyXqaYHdOc7iTdwQ3tgL5f7/OsBFCVwGF9t9Vuh2j32fHeNZTr78KY04
1ivjmvxDiHiphx++Mk/2CsLVIl+WMA1f+8JtNjLHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUO2jZPXfwtrAoc5yYfDqa6QkidacwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzliNjk0MmQ5LWY5MmMtNDczNC1hZWZhLWE3YTBiODhhMGJkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADISEwDQYJKoZIhvcNAQELBQADggEBAHw/w4GQ76ST8d8VXGyxprwLDhKT
oaGuvNergxJGObw3qulqi618d5PThOyJ5SX5y2VwHd0EmztrE7pqMIKEe7sWkGUV
CCtLQ5wBxiZjbr7PqfOW1+gFGUWGv4St0yOp8Q1c/oaZeD7kaZpqp235i++Klbk3
UrXXm1QwigkBGl4NEDV0fDMagEKNmfbrCxjyi/gMKSk9mCFZo1W8N0wqpN9n6D7b
AYuGmqcCBwHTbKrfkqiFEUMOqhS1Ev4UNriy5y//eYKIA4+EmgmvWDoxDQTrSk1h
QUfRiV+tJMmbxq+UY99QMc9dsdmpBqVhFIuQco40J/4ivK74aQAiLWmsPyk=
-----END CERTIFICATE-----