Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/64f378f9-7a94-4547-84f2-5af018b1ceca.roa
File:                     64f378f9-7a94-4547-84f2-5af018b1ceca.roa (raw, json)
Hash identifier:          cOaisXgLc2dngsZXVD7F7T0V0ULWLe1s2y/apUb9lzA=
Subject key identifier:   6C:53:99:D4:6E:36:54:97:35:AF:0D:DB:AC:51:B6:A6:F5:5F:7A:58
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0381EDFAF3167B7D3501D50B995DCA573DE628C5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/64f378f9-7a94-4547-84f2-5af018b1ceca.roa
Signing time:             Fri 19 Sep 2025 00:57:33 +0000
ROA not before:           Fri 19 Sep 2025 00:57:33 +0000
ROA not after:            Fri 24 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.124.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 21 Sep 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:81:ed:fa:f3:16:7b:7d:35:01:d5:0b:99:5d:ca:57:3d:e6:28:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 19 00:57:33 2025 GMT
            Not After : Oct 24 23:59:59 2025 GMT
        Subject: serialNumber=00727e8590ecf29c43051e88f270479e3382ddf494f97df97e96c135b0e84e26, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:df:bd:be:da:6b:54:ec:4c:27:48:69:7a:69:
                    f9:22:ba:41:36:a1:63:ef:59:1f:e6:be:c4:f9:d4:
                    d0:3e:ca:7c:ff:6e:13:7b:9b:28:4a:1b:4b:95:7a:
                    f5:dd:33:0c:2f:f7:df:1b:cd:58:0f:54:c9:b7:cb:
                    5f:ee:cd:dd:77:da:47:cd:80:1c:b7:a5:35:2c:c4:
                    d9:52:5b:f6:2b:4f:ff:02:c4:93:19:01:0a:7f:38:
                    43:c4:c6:5b:2e:c2:4f:1c:ce:6f:49:c1:df:00:7c:
                    8d:e2:c5:63:d7:b3:ec:d6:20:c9:39:a5:85:8a:a1:
                    64:72:a8:d1:77:ed:e4:ea:84:4b:23:2a:e1:cc:5e:
                    3b:62:d5:63:fe:e8:ef:0b:30:75:c9:0e:87:42:4f:
                    ed:85:3a:09:4e:03:e5:91:23:d7:7f:e8:b5:6f:dc:
                    3c:57:55:b3:2c:3d:a2:48:c8:e8:e6:73:f5:67:f1:
                    a2:72:9e:4a:7e:85:cb:e0:ef:46:b6:b4:ad:d5:fe:
                    10:83:1f:90:18:a5:ac:86:63:ea:ee:7c:95:26:d4:
                    fd:fd:53:5f:d2:7c:fa:34:92:ac:4f:1e:02:36:4c:
                    47:b1:86:34:0e:08:8a:c4:6a:9f:9b:91:e5:04:43:
                    16:2e:24:f5:1b:58:b6:d9:ac:2e:41:b0:19:80:f1:
                    e2:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:53:99:D4:6E:36:54:97:35:AF:0D:DB:AC:51:B6:A6:F5:5F:7A:58
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/64f378f9-7a94-4547-84f2-5af018b1ceca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.124.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:06:3e:46:5b:fc:e8:9f:d3:e7:94:13:5a:83:e6:90:b8:42:
         46:8e:4f:ad:72:77:fe:13:8c:a2:61:f5:4b:cb:40:68:e7:56:
         81:fd:2f:4c:ce:ec:f1:54:86:1d:9f:dc:1c:53:56:b8:5f:84:
         14:88:b1:30:59:1b:67:82:b4:61:51:1b:a0:be:43:41:19:d4:
         cb:2b:bf:57:2f:e4:9f:34:f9:44:8c:cc:4a:47:0e:97:d1:0d:
         cd:2b:66:b9:d4:71:b3:ea:6c:69:0c:39:bd:de:7e:fd:5f:eb:
         85:bc:56:cb:78:6a:26:4e:5e:e7:fc:9a:b1:0c:28:18:aa:15:
         f1:0f:79:17:0c:69:ae:72:9a:17:91:ba:8f:37:51:d6:5e:63:
         7b:2c:f9:c8:41:f7:2b:a3:6f:4b:15:86:d2:fe:b8:8d:33:a0:
         16:60:a3:9a:6c:d1:cc:b8:16:3f:64:f2:5e:8b:f1:80:08:d9:
         fe:33:12:43:dd:ba:8d:8c:33:c5:81:44:1e:01:7c:05:3e:51:
         9b:73:41:b9:a8:0f:9d:41:18:e1:55:63:38:98:b2:6e:9e:a7:
         33:f1:7f:f4:94:38:2e:c5:5a:29:43:39:03:a0:10:93:4f:58:
         18:70:32:94:03:73:0d:44:36:79:e5:57:04:cd:2b:70:17:ed:
         d0:82:03:06
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA4Ht+vMWe301AdULmV3KVz3mKMUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTE5MDA1NzMzWhcNMjUxMDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMDcyN2U4NTkwZWNmMjljNDMwNTFlODhmMjcwNDc5ZTMz
ODJkZGY0OTRmOTdkZjk3ZTk2YzEzNWIwZTg0ZTI2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6372+2mtU7EwnSGl6afkiukE2oWPvWR/mvsT51NA+ynz/
bhN7myhKG0uVevXdMwwv998bzVgPVMm3y1/uzd132kfNgBy3pTUsxNlSW/YrT/8C
xJMZAQp/OEPExlsuwk8czm9Jwd8AfI3ixWPXs+zWIMk5pYWKoWRyqNF37eTqhEsj
KuHMXjti1WP+6O8LMHXJDodCT+2FOglOA+WRI9d/6LVv3DxXVbMsPaJIyOjmc/Vn
8aJynkp+hcvg70a2tK3V/hCDH5AYpayGY+rufJUm1P39U1/SfPo0kqxPHgI2TEex
hjQOCIrEap+bkeUEQxYuJPUbWLbZrC5BsBmA8eJrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbFOZ1G42VJc1rw3brFG2pvVfelgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY0ZjM3OGY5LTdhOTQtNDU0Ny04NGYyLTVhZjAxOGIxY2VjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0fN8wDQYJKoZIhvcNAQELBQADggEBAEEGPkZb/Oif0+eUE1qD5pC4QkaO
T61yd/4TjKJh9UvLQGjnVoH9L0zO7PFUhh2f3BxTVrhfhBSIsTBZG2eCtGFRG6C+
Q0EZ1Msrv1cv5J80+USMzEpHDpfRDc0rZrnUcbPqbGkMOb3efv1f64W8Vst4aiZO
Xuf8mrEMKBiqFfEPeRcMaa5ymheRuo83UdZeY3ss+chB9yujb0sVhtL+uI0zoBZg
o5ps0cy4Fj9k8l6L8YAI2f4zEkPduo2MM8WBRB4BfAU+UZtzQbmoD51BGOFVYziY
sm6epzPxf/SUOC7FWilDOQOgEJNPWBhwMpQDcw1ENnnlVwTNK3AX7dCCAwY=
-----END CERTIFICATE-----