Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa
File:                     a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa (raw, json)
Hash identifier:          r4Ea0BnBfJWeYS+gFaVulxDu/6joWpa4HxIACoU+vSo=
Subject key identifier:   8B:C3:CB:BE:34:69:2B:20:9E:5D:D2:56:66:62:D7:62:85:F8:45:B2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       76A9351F22DDD026619C18423BC1348569F1777C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa
Signing time:             Tue 17 Feb 2026 00:50:06 +0000
ROA not before:           Tue 17 Feb 2026 00:50:06 +0000
ROA not after:            Mon 18 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        3.33.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:a9:35:1f:22:dd:d0:26:61:9c:18:42:3b:c1:34:85:69:f1:77:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 17 00:50:06 2026 GMT
            Not After : May 18 23:59:59 2026 GMT
        Subject: serialNumber=91e3602a2e6f8a55693324c53d95cdec7f65825e5e5d1de2d145bd3caa66060d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:fe:17:3c:1a:40:c1:13:4d:a0:f4:ae:cd:ca:
                    cf:36:a7:c3:80:7e:3b:b8:8f:77:a9:08:7f:1a:91:
                    be:a5:c6:1d:54:be:89:65:2a:64:48:a1:6c:0f:94:
                    8e:73:5d:b7:29:47:9a:df:f2:56:36:e4:e4:1e:c3:
                    f5:31:11:90:d1:ee:1d:91:08:d4:51:25:25:68:38:
                    0d:82:90:03:d5:0c:12:57:10:91:45:55:c5:6c:4e:
                    df:0a:39:9b:c7:ef:38:e1:98:50:2b:e9:6a:d3:2f:
                    ab:8b:ba:88:8e:a8:fe:68:53:c8:50:38:de:e9:5b:
                    9a:33:bd:0a:e6:de:37:e8:88:5c:e8:a7:0e:19:5d:
                    e6:30:63:f7:0b:da:e8:5a:20:4f:a1:2e:77:25:18:
                    b7:57:b4:f4:cf:47:03:3f:41:3a:5f:f9:2e:ce:27:
                    56:f2:d3:d9:0d:6c:cb:72:0d:7b:0e:f2:21:eb:4a:
                    fc:92:ab:b0:d7:9c:d5:f2:2d:7c:c1:a6:67:7b:d1:
                    4f:ac:62:8a:c9:5b:a9:4c:20:67:89:56:ec:44:a3:
                    0a:6d:3c:88:fe:b1:cf:3d:76:25:d8:5f:81:10:82:
                    c0:0b:e4:b8:66:68:d3:53:88:f9:a8:d7:ee:46:1c:
                    5d:65:9d:db:04:bb:35:9f:2c:de:ac:c1:7b:72:11:
                    9b:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:C3:CB:BE:34:69:2B:20:9E:5D:D2:56:66:62:D7:62:85:F8:45:B2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.33.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:60:4e:ea:42:f3:9d:52:2d:d4:f9:e8:f9:10:59:74:fb:c1:
         26:c5:aa:c5:e3:71:ca:2d:2e:8e:a3:8a:71:41:68:77:d9:89:
         70:b7:bf:b2:9f:53:09:49:52:a6:d0:ef:0f:b4:0d:8b:18:2a:
         f5:73:8b:f0:28:f8:21:6a:9b:a3:04:b2:9f:10:34:05:01:48:
         35:3f:10:ad:05:d0:b0:d1:60:61:c1:dd:1c:9e:b6:d4:51:14:
         14:ed:47:da:17:f7:5c:23:a8:f3:02:ad:fc:f5:91:9f:e8:b3:
         b7:aa:e5:d8:68:35:b4:71:20:d6:0e:f6:7f:6c:99:15:c1:b4:
         d7:5a:ab:18:3a:a4:07:85:96:63:b5:a5:54:23:73:03:55:de:
         5f:43:ca:41:92:11:2a:79:6d:6b:d7:55:8a:96:58:da:62:3a:
         bc:34:73:65:92:e3:cb:cf:2d:37:3f:b6:81:b3:99:7b:7b:0a:
         59:29:da:47:45:1d:5c:c6:95:01:cd:38:33:b6:9f:db:6f:db:
         c9:b1:e3:47:c3:3b:71:3a:d4:d4:20:95:24:44:3b:94:4e:ca:
         81:20:35:c2:ef:f2:68:b9:45:0f:83:97:9f:0c:8a:62:ad:6e:
         61:36:b8:90:8d:dd:eb:64:58:35:83:34:6f:73:b7:06:5c:c3:
         71:2e:d6:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdqk1HyLd0CZhnBhCO8E0hWnxd3wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjE3MDA1MDA2WhcNMjYwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MWUzNjAyYTJlNmY4YTU1NjkzMzI0YzUzZDk1Y2RlYzdm
NjU4MjVlNWU1ZDFkZTJkMTQ1YmQzY2FhNjYwNjBkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDB/hc8GkDBE02g9K7Nys82p8OAfju4j3epCH8akb6lxh1U
vollKmRIoWwPlI5zXbcpR5rf8lY25OQew/UxEZDR7h2RCNRRJSVoOA2CkAPVDBJX
EJFFVcVsTt8KOZvH7zjhmFAr6WrTL6uLuoiOqP5oU8hQON7pW5ozvQrm3jfoiFzo
pw4ZXeYwY/cL2uhaIE+hLnclGLdXtPTPRwM/QTpf+S7OJ1by09kNbMtyDXsO8iHr
SvySq7DXnNXyLXzBpmd70U+sYorJW6lMIGeJVuxEowptPIj+sc89diXYX4EQgsAL
5LhmaNNTiPmo1+5GHF1lndsEuzWfLN6swXtyEZtNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUi8PLvjRpKyCeXdJWZmLXYoX4RbIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EyY2FmMzFiLWE4ZGQtNDRmNi1iN2FkLTQwZDgwYTBhMmY1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDISwwDQYJKoZIhvcNAQELBQADggEBACBgTupC851SLdT56PkQWXT7wSbF
qsXjccotLo6jinFBaHfZiXC3v7KfUwlJUqbQ7w+0DYsYKvVzi/Ao+CFqm6MEsp8Q
NAUBSDU/EK0F0LDRYGHB3RyettRRFBTtR9oX91wjqPMCrfz1kZ/os7eq5dhoNbRx
INYO9n9smRXBtNdaqxg6pAeFlmO1pVQjcwNV3l9DykGSESp5bWvXVYqWWNpiOrw0
c2WS48vPLTc/toGzmXt7Clkp2kdFHVzGlQHNODO2n9tv28mx40fDO3E61NQglSRE
O5ROyoEgNcLv8mi5RQ+Dl58MimKtbmE2uJCN3etkWDWDNG9ztwZcw3Eu1lY=
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:24:12 2026 by rpki-client