Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa
File:                     a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa (raw, json)
Hash identifier:          5PwKqZGfWWfoi6w3LsXpih7NavYZWIgUwHHNszfjmEQ=
Subject key identifier:   60:3C:C7:86:D6:75:04:50:16:CA:65:78:29:07:39:55:8B:42:4F:10
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       695992356F6C68867F2AC290C8FF93795172DF04
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa
Signing time:             Sat 26 Jul 2025 00:51:12 +0000
ROA not before:           Sat 26 Jul 2025 00:51:12 +0000
ROA not after:            Sat 30 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.33.44.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:59:92:35:6f:6c:68:86:7f:2a:c2:90:c8:ff:93:79:51:72:df:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 26 00:51:12 2025 GMT
            Not After : Aug 30 23:59:59 2025 GMT
        Subject: serialNumber=db433b85db90a2db8c705a164b3cdb638b895c1641afdfcc0844cfa40f4e98f1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:97:e3:42:77:8f:8f:96:e5:52:ac:c2:61:2d:
                    87:e5:75:81:1d:cc:02:18:cf:a7:35:a0:9f:f5:2f:
                    99:09:51:41:fc:63:8d:90:fd:d7:fb:f3:7c:d6:a1:
                    64:64:a3:a9:5f:66:e9:76:e0:56:67:40:3c:40:5f:
                    03:73:27:6f:ef:84:7e:1a:ec:73:42:96:28:f2:61:
                    33:9f:a7:b4:e1:2b:65:7d:07:24:0d:56:30:ab:a3:
                    14:2f:7e:6b:d1:9a:f3:56:51:60:0f:22:aa:be:80:
                    89:99:39:6a:da:6e:98:8a:20:c9:0f:3b:28:2f:79:
                    19:94:a3:9f:ba:4f:e2:57:eb:16:db:40:b4:7a:15:
                    3e:7e:c9:c4:14:a7:84:15:cc:58:c5:8c:16:2c:97:
                    ed:11:e3:b0:d8:e4:23:fb:83:e3:93:2a:a3:cd:1f:
                    ad:b7:35:54:e8:3f:c6:67:34:b0:be:2b:88:84:05:
                    29:f5:a2:70:df:c8:e0:69:89:10:00:54:16:81:7c:
                    54:13:a6:b0:b4:04:90:39:d9:0a:84:73:e1:32:0f:
                    09:4b:c3:cf:b5:a5:c7:c1:8a:e7:c6:a7:ca:04:de:
                    01:85:ae:4a:fc:f3:19:fd:75:64:42:cf:b5:d0:0c:
                    f5:92:cf:21:58:cb:e0:05:f6:78:e2:f6:bd:b2:a1:
                    55:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:3C:C7:86:D6:75:04:50:16:CA:65:78:29:07:39:55:8B:42:4F:10
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a2caf31b-a8dd-44f6-b7ad-40d80a0a2f50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.33.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:76:02:39:f1:34:d5:0e:3e:b3:4f:48:cd:27:50:25:59:9a:
         9d:0f:51:bc:b2:a8:c0:b0:d5:a8:08:94:e1:05:9c:b4:40:4b:
         f9:08:04:2c:77:f9:e3:c2:9b:e4:a5:52:3b:10:e7:87:22:ab:
         de:fc:f9:a5:36:6c:c3:f6:47:3e:9e:5b:62:0e:85:da:35:a0:
         65:56:a3:f4:d8:bc:0a:3a:f8:0b:3c:56:04:c8:34:63:55:7a:
         8e:18:33:6f:33:44:99:dc:b1:51:c0:a9:e9:84:4c:d5:c8:d4:
         4d:45:e7:1e:b2:4b:f3:11:fa:9b:b7:93:ef:1d:ef:c3:1a:ae:
         fb:82:bc:3b:80:35:93:e6:81:76:67:13:44:2f:9c:14:a0:c6:
         a2:6e:51:cc:ee:fb:17:2e:e3:77:7e:d6:64:61:84:b0:b0:de:
         c2:3f:30:95:3c:a7:b9:5f:f7:ec:fe:e0:c1:5c:eb:d2:fd:5f:
         38:0d:ec:bb:8a:81:b9:fa:4f:6a:8e:d8:c7:98:6f:dc:30:3d:
         ca:d3:db:b3:3c:f2:5e:d8:f8:63:9d:f4:c4:6e:9e:cf:2b:63:
         0d:6a:29:9d:38:d1:2e:ea:68:a7:26:ab:80:0c:03:6f:7b:f8:
         36:51:c3:ae:f0:87:35:7e:87:4d:aa:69:52:29:dc:1e:98:e8:
         45:26:46:db
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaVmSNW9saIZ/KsKQyP+TeVFy3wQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI2MDA1MTEyWhcNMjUwODMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjQzM2I4NWRiOTBhMmRiOGM3MDVhMTY0YjNjZGI2Mzhi
ODk1YzE2NDFhZmRmY2MwODQ0Y2ZhNDBmNGU5OGYxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxl+NCd4+PluVSrMJhLYfldYEdzAIYz6c1oJ/1L5kJUUH8
Y42Q/df783zWoWRko6lfZul24FZnQDxAXwNzJ2/vhH4a7HNClijyYTOfp7ThK2V9
ByQNVjCroxQvfmvRmvNWUWAPIqq+gImZOWrabpiKIMkPOygveRmUo5+6T+JX6xbb
QLR6FT5+ycQUp4QVzFjFjBYsl+0R47DY5CP7g+OTKqPNH623NVToP8ZnNLC+K4iE
BSn1onDfyOBpiRAAVBaBfFQTprC0BJA52QqEc+EyDwlLw8+1pcfBiufGp8oE3gGF
rkr88xn9dWRCz7XQDPWSzyFYy+AF9nji9r2yoVULAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYDzHhtZ1BFAWymV4KQc5VYtCTxAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2EyY2FmMzFiLWE4ZGQtNDRmNi1iN2FkLTQwZDgwYTBhMmY1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIDISwwDQYJKoZIhvcNAQELBQADggEBAIR2AjnxNNUOPrNPSM0nUCVZmp0P
UbyyqMCw1agIlOEFnLRAS/kIBCx3+ePCm+SlUjsQ54ciq978+aU2bMP2Rz6eW2IO
hdo1oGVWo/TYvAo6+As8VgTINGNVeo4YM28zRJncsVHAqemETNXI1E1F5x6yS/MR
+pu3k+8d78MarvuCvDuANZPmgXZnE0QvnBSgxqJuUczu+xcu43d+1mRhhLCw3sI/
MJU8p7lf9+z+4MFc69L9XzgN7LuKgbn6T2qO2MeYb9wwPcrT27M88l7Y+GOd9MRu
ns8rYw1qKZ040S7qaKcmq4AMA297+DZRw67whzV+h02qaVIp3B6Y6EUmRts=
-----END CERTIFICATE-----