Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00ddac45-6ff3-44c5-b626-9a354eb9d483.roa
File:                     00ddac45-6ff3-44c5-b626-9a354eb9d483.roa (raw, json)
Hash identifier:          kIddcWegIkY0bW4PvEyIeMsdB9KZ5i6Zvs6LfOUne14=
Subject key identifier:   48:90:05:AB:06:EB:09:A1:12:E0:F5:B8:5D:00:E7:71:63:F3:81:A6
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6F958A4F34125D50B619FA333FED62151996491D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00ddac45-6ff3-44c5-b626-9a354eb9d483.roa
Signing time:             Tue 19 Aug 2025 15:11:41 +0000
ROA not before:           Tue 19 Aug 2025 15:11:41 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        3.248.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:95:8a:4f:34:12:5d:50:b6:19:fa:33:3f:ed:62:15:19:96:49:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 19 15:11:41 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=5499fb2e2ba5d1d144f482d6a05e35e655c4b7a586a6f5428520962904ef686e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:72:59:05:9a:09:47:70:39:2d:8e:24:b7:8f:
                    19:cf:48:71:57:d9:84:8f:ef:9f:c8:61:e0:09:88:
                    06:92:c9:c4:c1:b6:38:ab:e1:52:2d:f4:aa:ad:62:
                    1f:9f:9c:f4:3e:55:01:f6:6e:5f:47:ba:2d:be:8b:
                    68:79:01:ed:65:7f:dc:3f:69:9c:79:35:84:ac:0b:
                    90:fd:e9:e5:16:2a:e0:c2:f3:2a:29:aa:66:84:67:
                    13:ae:69:62:fb:b4:bb:d2:b2:db:66:15:fe:fd:03:
                    5a:07:bb:9f:63:4a:03:e3:db:94:e5:68:0f:c9:20:
                    2d:ef:55:b0:ab:d5:68:da:58:ab:67:ce:ed:df:f3:
                    4d:e6:ec:3d:e2:26:09:8f:a4:2c:ff:c2:a1:f7:28:
                    bb:ae:ce:07:a1:1f:f6:52:6a:b2:fe:7a:ed:04:43:
                    45:97:dd:8c:ca:0e:14:b1:06:5b:a8:df:29:a2:c7:
                    32:11:7e:cf:45:91:ee:8b:c3:c6:b5:f4:a3:62:02:
                    dc:75:0d:42:99:11:90:af:05:ba:d6:cf:9f:db:e4:
                    75:f1:07:cb:a8:55:e8:90:5d:3e:84:99:b9:82:bb:
                    70:e7:d3:81:bf:ea:b0:1c:df:6d:f4:63:f2:61:4f:
                    73:b6:6f:2c:54:5b:6e:f4:fd:fa:52:51:f2:e7:c8:
                    6f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:90:05:AB:06:EB:09:A1:12:E0:F5:B8:5D:00:E7:71:63:F3:81:A6
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/00ddac45-6ff3-44c5-b626-9a354eb9d483.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.248.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         4a:63:2d:b9:ea:4b:0f:89:7a:0f:e3:db:36:3f:99:48:6a:70:
         9c:1b:30:28:93:15:29:99:4d:ba:3a:0e:0f:b2:9b:10:66:f1:
         3a:97:11:24:80:22:46:37:bb:59:d4:de:ca:35:24:18:31:48:
         57:32:4e:0d:80:b5:a1:68:0f:c7:16:f4:45:c3:22:a0:fc:39:
         0e:1b:e7:2f:35:16:db:d1:b4:86:27:01:60:09:3c:72:85:5b:
         83:76:ea:7d:b2:d8:24:85:45:33:5b:a2:1b:14:3f:eb:6d:d4:
         7a:db:85:e2:d0:20:22:b5:1f:1c:dd:0b:3d:bc:bb:92:0d:c9:
         81:bc:1d:91:2e:54:56:04:63:a5:e4:e9:b4:0f:01:23:26:36:
         46:73:a6:99:85:67:f7:60:3d:fc:11:a8:d3:d2:f7:fe:2b:c7:
         d2:64:eb:96:93:c1:18:68:c2:f2:f5:d8:1e:59:15:1d:41:f5:
         5d:77:7b:56:7f:a4:84:4f:f0:99:15:d9:39:b2:16:7d:16:d1:
         f4:a4:b2:bc:a6:7a:5b:7e:f0:3d:fe:be:38:ed:85:ea:77:4b:
         65:fa:7a:5c:96:13:8c:ef:a7:3d:1a:8c:f9:d8:7b:5f:9c:1c:
         08:32:22:a7:21:2b:3a:4b:f1:99:b6:56:ad:05:4c:43:86:36:
         23:f5:d8:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb5WKTzQSXVC2GfozP+1iFRmWSR0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE5MTUxMTQxWhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NDk5ZmIyZTJiYTVkMWQxNDRmNDgyZDZhMDVlMzVlNjU1
YzRiN2E1ODZhNmY1NDI4NTIwOTYyOTA0ZWY2ODZlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9clkFmglHcDktjiS3jxnPSHFX2YSP75/IYeAJiAaSycTB
tjir4VIt9KqtYh+fnPQ+VQH2bl9Hui2+i2h5Ae1lf9w/aZx5NYSsC5D96eUWKuDC
8yopqmaEZxOuaWL7tLvSsttmFf79A1oHu59jSgPj25TlaA/JIC3vVbCr1WjaWKtn
zu3f803m7D3iJgmPpCz/wqH3KLuuzgehH/ZSarL+eu0EQ0WX3YzKDhSxBluo3ymi
xzIRfs9Fke6Lw8a19KNiAtx1DUKZEZCvBbrWz5/b5HXxB8uoVeiQXT6EmbmCu3Dn
04G/6rAc3230Y/JhT3O2byxUW270/fpSUfLnyG8FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSJAFqwbrCaES4PW4XQDncWPzgaYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAwZGRhYzQ1LTZmZjMtNDRjNS1iNjI2LTlhMzU0ZWI5ZDQ4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYD+IAwDQYJKoZIhvcNAQELBQADggEBAEpjLbnqSw+Jeg/j2zY/mUhqcJwb
MCiTFSmZTbo6Dg+ymxBm8TqXESSAIkY3u1nU3so1JBgxSFcyTg2AtaFoD8cW9EXD
IqD8OQ4b5y81FtvRtIYnAWAJPHKFW4N26n2y2CSFRTNbohsUP+tt1HrbheLQICK1
HxzdCz28u5INyYG8HZEuVFYEY6Xk6bQPASMmNkZzppmFZ/dgPfwRqNPS9/4rx9Jk
65aTwRhowvL12B5ZFR1B9V13e1Z/pIRP8JkV2TmyFn0W0fSksrymelt+8D3+vjjt
hep3S2X6elyWE4zvpz0ajPnYe1+cHAgyIqchKzpL8Zm2Vq0FTEOGNiP12K8=
-----END CERTIFICATE-----