Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2ff9c4c-3e93-4f93-8bbd-d9e4ff52ae7c.roa
File:                     b2ff9c4c-3e93-4f93-8bbd-d9e4ff52ae7c.roa (raw, json)
Hash identifier:          IOBwzGI23HJXU62ScexQ+xHZlCodfEQ6sOFEHgUXykw=
Subject key identifier:   1D:8F:AA:1A:B8:07:FE:FE:B1:5E:CD:19:88:62:C7:82:B8:93:27:24
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3F96F3DF419E7EC88668EF0AF41110EBC92D632C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2ff9c4c-3e93-4f93-8bbd-d9e4ff52ae7c.roa
Signing time:             Mon 06 Oct 2025 17:02:31 +0000
ROA not before:           Mon 06 Oct 2025 17:02:31 +0000
ROA not after:            Mon 10 Nov 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        3.2.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 11 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:96:f3:df:41:9e:7e:c8:86:68:ef:0a:f4:11:10:eb:c9:2d:63:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct  6 17:02:31 2025 GMT
            Not After : Nov 10 23:59:59 2025 GMT
        Subject: serialNumber=5277f46259ffefaf992c029c391278a3b4cd54e9a8e05f6264ad19801395623a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:b9:ac:57:34:10:04:e5:4c:0c:44:2a:b3:d8:
                    78:36:1f:8c:e9:24:28:e5:b6:fb:43:dd:a9:14:96:
                    09:50:4c:a6:77:93:4e:6f:3a:77:b1:4e:bd:64:97:
                    73:6b:eb:e6:0a:93:0e:24:07:c0:f8:e7:12:e9:3b:
                    4e:87:b5:56:12:f0:37:42:35:b5:94:8f:51:88:3d:
                    fb:d5:d7:99:76:72:16:47:73:87:64:3c:d3:89:b9:
                    00:a9:3d:34:12:fe:00:d6:24:f0:3a:47:6b:80:06:
                    c6:5a:50:e0:b4:0a:3b:91:41:6d:05:01:31:6b:2b:
                    16:54:65:45:9d:8f:b3:f8:4a:0f:1d:d5:c7:43:9b:
                    93:7a:bb:d0:2d:7b:04:a2:dc:9e:f5:fa:d0:68:65:
                    3c:f0:d6:4c:f4:c0:56:90:ad:21:f9:57:d4:ea:12:
                    5b:2b:44:ff:43:6a:98:fb:71:7f:68:27:bc:1d:49:
                    9b:ae:ad:7f:3c:6e:97:8f:e3:50:67:cc:18:c5:07:
                    54:3c:74:0d:24:3c:52:a1:fc:30:36:99:bd:8b:03:
                    3d:a6:1a:b0:bd:d3:8a:cc:06:f8:24:10:95:30:eb:
                    aa:aa:7a:03:91:16:32:46:b4:58:5a:b4:78:56:be:
                    8f:08:70:41:8e:c6:dd:1b:e7:6b:9e:03:50:ff:00:
                    b0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:8F:AA:1A:B8:07:FE:FE:B1:5E:CD:19:88:62:C7:82:B8:93:27:24
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2ff9c4c-3e93-4f93-8bbd-d9e4ff52ae7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:ea:b4:2d:b4:66:ed:a3:0b:60:6d:ed:4e:9c:32:d9:d1:e7:
         86:40:15:13:89:14:ca:4f:e4:4c:73:dc:c5:61:ca:22:02:27:
         4a:c9:e9:00:f1:41:db:e4:9c:a3:55:a1:42:4e:d5:12:e6:2e:
         db:e2:28:a5:c3:06:48:63:85:7f:fe:82:4d:85:b6:7c:b4:70:
         a2:7e:8e:35:67:54:af:97:c0:66:ca:88:9c:19:8e:c6:ae:0a:
         96:57:86:cc:55:c9:4b:03:03:c5:2f:a4:33:5d:95:ca:54:36:
         7c:cf:21:36:77:8a:8b:e4:d9:5f:ef:35:14:de:91:0e:87:81:
         4a:93:cf:29:e7:84:a6:f6:79:79:8f:3c:aa:2e:9f:b7:d5:fe:
         a4:e9:60:d1:c6:3c:33:39:12:e1:c4:19:f2:62:2c:80:cc:c0:
         d4:06:c8:27:c4:1d:09:05:46:95:7f:0e:b2:18:d7:a2:7a:b2:
         a6:0e:42:47:ef:b7:90:fe:85:84:19:07:38:20:ea:23:bf:0b:
         3f:f6:be:60:7d:e3:44:02:4c:2e:0c:16:a1:5f:01:a7:6e:ac:
         82:63:f9:f1:7d:1a:8f:e3:b0:5c:61:4c:0f:bc:fc:b7:c2:00:
         11:ad:b5:b9:dd:66:09:5a:53:c9:16:09:89:40:7e:eb:a1:92:
         6a:9e:76:42
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP5bz30GefsiGaO8K9BEQ68ktYywwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDA2MTcwMjMxWhcNMjUxMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1Mjc3ZjQ2MjU5ZmZlZmFmOTkyYzAyOWMzOTEyNzhhM2I0
Y2Q1NGU5YThlMDVmNjI2NGFkMTk4MDEzOTU2MjNhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCKuaxXNBAE5UwMRCqz2Hg2H4zpJCjltvtD3akUlglQTKZ3
k05vOnexTr1kl3Nr6+YKkw4kB8D45xLpO06HtVYS8DdCNbWUj1GIPfvV15l2chZH
c4dkPNOJuQCpPTQS/gDWJPA6R2uABsZaUOC0CjuRQW0FATFrKxZUZUWdj7P4Sg8d
1cdDm5N6u9AtewSi3J71+tBoZTzw1kz0wFaQrSH5V9TqElsrRP9Dapj7cX9oJ7wd
SZuurX88bpeP41BnzBjFB1Q8dA0kPFKh/DA2mb2LAz2mGrC904rMBvgkEJUw66qq
egORFjJGtFhatHhWvo8IcEGOxt0b52ueA1D/ALCHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHY+qGrgH/v6xXs0ZiGLHgriTJyQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IyZmY5YzRjLTNlOTMtNGY5My04YmJkLWQ5ZTRmZjUyYWU3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAmEwDQYJKoZIhvcNAQELBQADggEBAAPqtC20Zu2jC2Bt7U6cMtnR54ZA
FROJFMpP5Exz3MVhyiICJ0rJ6QDxQdvknKNVoUJO1RLmLtviKKXDBkhjhX/+gk2F
tny0cKJ+jjVnVK+XwGbKiJwZjsauCpZXhsxVyUsDA8UvpDNdlcpUNnzPITZ3iovk
2V/vNRTekQ6HgUqTzynnhKb2eXmPPKoun7fV/qTpYNHGPDM5EuHEGfJiLIDMwNQG
yCfEHQkFRpV/DrIY16J6sqYOQkfvt5D+hYQZBzgg6iO/Cz/2vmB940QCTC4MFqFf
AadurIJj+fF9Go/jsFxhTA+8/LfCABGttbndZglaU8kWCYlAfuuhkmqedkI=
-----END CERTIFICATE-----