Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/01102343-7c48-481f-851b-eae79ef9de55.roa
File:                     01102343-7c48-481f-851b-eae79ef9de55.roa (raw, json)
Hash identifier:          6MAxu8glBFu1TKSFUD2UZbouv2NspvW1ulWHgbF1sGs=
Subject key identifier:   2F:8C:E5:D4:13:1A:02:02:5E:79:46:F7:D3:DB:76:58:6C:06:F9:E5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4CE96FDA4216353C006A0DAD52AD50BE9DBA645E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/01102343-7c48-481f-851b-eae79ef9de55.roa
Signing time:             Mon 22 Sep 2025 22:08:45 +0000
ROA not before:           Mon 22 Sep 2025 22:08:45 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.239.134.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:e9:6f:da:42:16:35:3c:00:6a:0d:ad:52:ad:50:be:9d:ba:64:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 22:08:45 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=c0186dc58bd5d28ef99b82635311654c7acb6201a82e4d9b97400081cb76e553, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2d:f8:75:82:82:e4:cf:fa:c9:10:da:d6:20:
                    69:35:d9:ed:ef:71:62:ee:7b:26:48:aa:81:00:d9:
                    b1:6e:9b:04:bc:5b:6f:c6:20:f5:12:0f:3a:92:57:
                    4a:40:e1:de:d4:1a:78:07:08:97:97:57:b5:be:de:
                    d4:5b:54:dc:cc:f8:0e:f5:50:34:c9:99:8a:4d:85:
                    53:85:eb:8e:ec:a1:5a:d1:49:6f:1b:3e:48:df:05:
                    3e:23:bd:90:5c:1a:14:00:de:c5:32:03:52:7d:86:
                    78:b2:49:14:0f:1b:dc:38:bb:b6:4b:0a:40:f9:be:
                    14:8e:20:4a:fc:c4:d7:89:87:28:3a:f8:63:fc:42:
                    60:3d:4f:90:2b:3f:e2:5a:94:3e:c1:e1:80:50:93:
                    03:5b:d2:03:4d:fe:67:e5:19:4c:96:a6:c0:f2:82:
                    8f:17:0e:0b:68:b1:37:ae:e8:de:79:b6:5e:36:9f:
                    fd:73:d8:76:8e:4f:61:08:fd:3c:bc:e4:1e:8f:fd:
                    32:07:bd:04:fd:0b:bf:c5:e0:12:25:93:e7:94:a1:
                    6e:c1:06:95:6b:29:04:4c:0a:58:9e:1c:79:0e:a0:
                    1c:4e:e9:a0:43:17:03:5e:95:8f:22:a1:79:f3:5a:
                    da:58:41:47:99:75:2e:1a:57:7e:51:b8:23:8b:a9:
                    f0:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:8C:E5:D4:13:1A:02:02:5E:79:46:F7:D3:DB:76:58:6C:06:F9:E5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/01102343-7c48-481f-851b-eae79ef9de55.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.239.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:13:bf:05:3d:05:d7:29:97:78:26:5a:5c:74:33:b9:ba:c2:
         1b:0d:8b:1d:7c:44:cf:c0:e1:3a:33:1d:fb:5a:a9:f9:e2:99:
         bd:e6:1e:1a:7d:48:05:ec:b4:4d:b8:60:4c:06:01:7b:e7:a3:
         99:23:25:a0:72:7e:e5:28:3d:d2:7d:23:de:67:48:89:58:62:
         cf:c3:d5:99:f3:40:22:94:13:eb:85:96:af:77:04:c4:9f:3d:
         df:2d:8e:fc:7f:08:12:cd:f3:46:62:5a:20:cf:62:7f:2f:7c:
         66:c2:76:15:96:c0:d5:6b:ce:e3:95:99:45:cc:d8:c2:92:89:
         5a:f8:11:0c:c7:7c:d2:a4:5f:09:ab:63:00:10:7a:40:1e:ef:
         f9:49:03:1b:8d:2c:31:68:47:23:18:77:ca:61:25:61:ae:a4:
         c8:0a:78:30:77:ac:c9:81:aa:12:95:5b:cd:1f:b7:5f:62:e6:
         31:2e:6b:0e:35:1b:f5:09:28:35:80:da:0f:45:92:4c:45:0e:
         c3:1e:56:2a:32:92:c5:c7:b1:f0:ac:5f:64:16:4e:b5:cc:1f:
         de:36:b3:0d:c7:5a:e7:7b:ae:60:e6:2a:cf:29:04:3c:c0:78:
         f6:62:0e:36:68:94:57:11:5e:48:23:cc:41:66:a1:34:80:9c:
         d0:2a:26:d9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTOlv2kIWNTwAag2tUq1Qvp26ZF4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjIwODQ1WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMDE4NmRjNThiZDVkMjhlZjk5YjgyNjM1MzExNjU0Yzdh
Y2I2MjAxYTgyZTRkOWI5NzQwMDA4MWNiNzZlNTUzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyLfh1goLkz/rJENrWIGk12e3vcWLueyZIqoEA2bFumwS8
W2/GIPUSDzqSV0pA4d7UGngHCJeXV7W+3tRbVNzM+A71UDTJmYpNhVOF647soVrR
SW8bPkjfBT4jvZBcGhQA3sUyA1J9hniySRQPG9w4u7ZLCkD5vhSOIEr8xNeJhyg6
+GP8QmA9T5ArP+JalD7B4YBQkwNb0gNN/mflGUyWpsDygo8XDgtosTeu6N55tl42
n/1z2HaOT2EI/Ty85B6P/TIHvQT9C7/F4BIlk+eUoW7BBpVrKQRMClieHHkOoBxO
6aBDFwNelY8ioXnzWtpYQUeZdS4aV35RuCOLqfBXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUL4zl1BMaAgJeeUb309t2WGwG+eUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAxMTAyMzQzLTdjNDgtNDgxZi04NTFiLWVhZTc5ZWY5ZGU1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAES74YwDQYJKoZIhvcNAQELBQADggEBAAETvwU9Bdcpl3gmWlx0M7m6whsN
ix18RM/A4TozHftaqfnimb3mHhp9SAXstE24YEwGAXvno5kjJaByfuUoPdJ9I95n
SIlYYs/D1ZnzQCKUE+uFlq93BMSfPd8tjvx/CBLN80ZiWiDPYn8vfGbCdhWWwNVr
zuOVmUXM2MKSiVr4EQzHfNKkXwmrYwAQekAe7/lJAxuNLDFoRyMYd8phJWGupMgK
eDB3rMmBqhKVW80ft19i5jEuaw41G/UJKDWA2g9FkkxFDsMeVioyksXHsfCsX2QW
TrXMH942sw3HWud7rmDmKs8pBDzAePZiDjZolFcRXkgjzEFmoTSAnNAqJtk=
-----END CERTIFICATE-----