Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa
File:                     a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa (raw, json)
Hash identifier:          4QkAePSDCSYJ50E4T8bUUP8Q86CA4I36XxKiODlNtwc=
Subject key identifier:   68:9A:1A:24:D0:8A:22:F2:9E:8A:60:11:5A:45:4B:7F:32:F1:2A:06
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       128DB2A65C8A88115767790F9B55A8E4482B29B4
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa
Signing time:             Fri 06 Jun 2025 00:51:01 +0000
ROA not before:           Fri 06 Jun 2025 00:51:01 +0000
ROA not after:            Fri 11 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.33.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:8d:b2:a6:5c:8a:88:11:57:67:79:0f:9b:55:a8:e4:48:2b:29:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  6 00:51:01 2025 GMT
            Not After : Jul 11 23:59:59 2025 GMT
        Subject: serialNumber=d385bf7b6f94e1ccf92758e3a3f08a68df69db8b489e4652808e3b5e6a0b511a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:67:fa:a7:f0:70:57:fa:45:24:fa:e9:10:50:
                    80:f9:f3:36:e3:81:8d:da:93:c0:62:77:bc:35:55:
                    e3:71:ba:2c:b1:c6:14:a6:b9:71:fa:2c:ac:d3:06:
                    57:66:60:33:61:c5:fa:a5:a0:88:4e:9e:7d:35:9f:
                    48:f6:1b:aa:3a:00:52:f0:23:94:89:36:bd:40:ef:
                    65:68:dc:21:c0:8c:53:67:5f:88:7e:14:f2:92:8d:
                    4b:3d:91:68:c6:4c:d1:5d:41:a5:a1:10:4f:b8:c7:
                    2e:14:6e:4e:6c:cc:a3:31:85:23:40:de:9d:bf:89:
                    db:18:9f:a6:be:22:70:96:10:0d:48:c6:5d:3b:2b:
                    10:62:c2:a2:37:5e:44:7f:c5:58:87:fc:85:e8:2b:
                    d5:cb:75:6a:4a:a5:51:87:04:88:96:de:17:d2:82:
                    5c:52:e9:e5:92:2b:7d:27:7b:01:41:73:31:a7:90:
                    29:c6:32:bd:87:f1:13:90:a9:50:d5:9f:4d:f9:db:
                    61:b9:55:b3:b3:b6:14:12:4a:e6:b4:6d:8a:74:38:
                    76:ad:1c:cf:80:3f:97:9c:4b:08:02:b0:d7:58:d1:
                    39:47:dc:4b:f2:57:9f:03:88:0b:fa:46:9f:eb:28:
                    34:24:79:a0:c7:4f:4e:26:86:4a:05:c0:7e:3e:f2:
                    98:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:9A:1A:24:D0:8A:22:F2:9E:8A:60:11:5A:45:4B:7F:32:F1:2A:06
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.33.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:00:22:b5:24:03:e5:36:46:5c:66:47:3c:ec:61:ff:9c:29:
         d7:15:3c:11:56:af:1e:b7:0a:0c:e8:d7:9f:02:f2:9a:7b:e0:
         4f:88:4c:d0:6b:64:1f:47:51:50:86:ec:ff:2a:7f:a9:38:93:
         8d:13:4f:69:9e:98:cf:cd:79:df:ff:60:86:ce:99:64:60:9d:
         9b:ea:ed:29:a9:47:26:8e:af:e4:c0:f7:19:22:b6:9f:e7:3c:
         e9:c9:a7:80:aa:42:c5:62:61:13:8e:28:cf:f2:ad:e2:33:10:
         85:4c:2f:08:a2:b6:a9:8e:98:6c:93:5d:d8:0f:68:ae:af:ae:
         a6:f8:78:57:e8:1b:f9:34:d4:f4:c9:37:a5:af:62:2a:8b:f3:
         a3:d2:55:b5:39:c2:25:77:99:08:38:00:9f:33:77:64:c0:da:
         8b:3d:df:8c:60:c3:54:6c:ca:38:3e:21:67:1d:06:63:f9:95:
         2d:39:ae:95:28:1d:88:75:a7:82:f3:66:66:d1:33:57:79:37:
         5c:bc:af:f5:ec:d0:a6:35:ad:3b:97:33:a3:66:39:37:3d:5b:
         e0:d8:42:54:0b:2e:7f:5f:3d:6c:81:8d:0f:a4:cc:e5:9a:f2:
         f6:c8:4c:9a:ab:e2:2f:b4:4c:2c:5c:ab:8b:cf:b2:a6:f5:f1:
         46:a1:31:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEo2yplyKiBFXZ3kPm1Wo5EgrKbQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA2MDA1MTAxWhcNMjUwNzExMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMzg1YmY3YjZmOTRlMWNjZjkyNzU4ZTNhM2YwOGE2OGRm
NjlkYjhiNDg5ZTQ2NTI4MDhlM2I1ZTZhMGI1MTFhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5Z/qn8HBX+kUk+ukQUID58zbjgY3ak8Bid7w1VeNxuiyx
xhSmuXH6LKzTBldmYDNhxfqloIhOnn01n0j2G6o6AFLwI5SJNr1A72Vo3CHAjFNn
X4h+FPKSjUs9kWjGTNFdQaWhEE+4xy4Ubk5szKMxhSNA3p2/idsYn6a+InCWEA1I
xl07KxBiwqI3XkR/xViH/IXoK9XLdWpKpVGHBIiW3hfSglxS6eWSK30newFBczGn
kCnGMr2H8ROQqVDVn03522G5VbOzthQSSua0bYp0OHatHM+AP5ecSwgCsNdY0TlH
3EvyV58DiAv6Rp/rKDQkeaDHT04mhkoFwH4+8pgHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUaJoaJNCKIvKeimARWkVLfzLxKgYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EyY2FmMzFiLWE4ZGQtNDRmNi1iN2FkLTQwZDgwYTBhMmY1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDISwwDQYJKoZIhvcNAQELBQADggEBAHkAIrUkA+U2RlxmRzzsYf+cKdcV
PBFWrx63Cgzo158C8pp74E+ITNBrZB9HUVCG7P8qf6k4k40TT2memM/Ned//YIbO
mWRgnZvq7SmpRyaOr+TA9xkitp/nPOnJp4CqQsViYROOKM/yreIzEIVMLwiitqmO
mGyTXdgPaK6vrqb4eFfoG/k01PTJN6WvYiqL86PSVbU5wiV3mQg4AJ8zd2TA2os9
34xgw1Rsyjg+IWcdBmP5lS05rpUoHYh1p4LzZmbRM1d5N1y8r/Xs0KY1rTuXM6Nm
OTc9W+DYQlQLLn9fPWyBjQ+kzOWa8vbITJqr4i+0TCxcq4vPsqb18UahMbk=
-----END CERTIFICATE-----