Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1574a154-06e2-4355-b76b-c13d37862fea.roa
File:                     1574a154-06e2-4355-b76b-c13d37862fea.roa (raw, json)
Hash identifier:          IujfsoMRBnTzcs0h/yc1YiEVe9Ie2MXHrqI7HRRbcKE=
Subject key identifier:   A9:FC:06:17:3C:D7:35:9E:A3:25:D6:81:4B:68:0C:74:4E:75:CC:C4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       62C2A90181731BFE29F46E605CE234AD8F629947
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1574a154-06e2-4355-b76b-c13d37862fea.roa
Signing time:             Wed 24 Sep 2025 21:14:52 +0000
ROA not before:           Wed 24 Sep 2025 21:14:52 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.64.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:c2:a9:01:81:73:1b:fe:29:f4:6e:60:5c:e2:34:ad:8f:62:99:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:14:52 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=ca15fc711de7f3c5c1dfdeb303b523728b84920faa54e0b45868843bbf65aecb, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ad:a6:f7:64:18:61:0a:91:5c:66:06:1c:f3:
                    9c:d1:ea:ec:dc:80:53:23:1a:0d:ca:3a:01:5d:68:
                    2f:e7:9f:a9:39:5f:0d:82:69:5d:fd:8c:9c:d5:46:
                    c5:45:73:0d:5b:2c:42:58:eb:75:41:86:24:53:91:
                    53:8f:0a:77:db:99:39:a8:04:15:2f:d2:5b:40:3b:
                    4d:75:f3:98:98:e1:ec:f5:d1:22:01:46:e7:f0:71:
                    d1:9c:bb:76:a9:35:7a:44:70:30:bf:90:4c:52:ec:
                    46:cc:a9:17:80:b5:50:7f:eb:ad:74:dc:5a:16:54:
                    cf:17:5a:a1:9a:c1:51:26:e7:e0:25:75:94:83:e0:
                    54:c4:2d:d0:0c:f1:ad:cf:3f:26:cb:fe:bb:dc:4e:
                    e7:37:d5:73:80:23:57:94:08:5f:33:fc:f5:03:65:
                    6d:e0:d6:3c:24:f1:f6:0c:c8:e6:11:91:ce:a7:73:
                    f5:8f:0e:8e:1e:7b:e1:7c:0f:a8:37:76:4f:d0:c0:
                    0b:e9:5c:53:fa:cc:fc:74:bd:c9:21:72:e6:b4:fe:
                    3a:63:55:66:b7:b6:be:d3:73:f8:ba:02:40:f5:f3:
                    95:c6:41:30:d8:85:44:ac:e1:3c:85:b1:8c:fe:ef:
                    ff:0c:8a:9f:4f:d9:b5:22:64:2b:e2:c8:35:4d:3f:
                    86:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:FC:06:17:3C:D7:35:9E:A3:25:D6:81:4B:68:0C:74:4E:75:CC:C4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1574a154-06e2-4355-b76b-c13d37862fea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.64.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:15:cf:4b:a3:60:62:76:8d:b0:31:56:bf:1d:1e:ca:94:b2:
         19:14:3f:1f:dc:aa:bd:87:f7:4f:59:44:ed:70:e2:0f:02:21:
         d0:f8:36:ba:da:61:55:4d:f4:21:02:2d:c9:36:91:9a:a7:84:
         b4:81:48:2d:fb:0c:88:7f:41:d2:87:d7:95:7b:c7:20:d1:7e:
         da:c5:78:a2:59:35:36:8a:b4:5a:49:7b:b2:fa:47:a0:fd:49:
         f3:5d:94:f8:61:e2:4e:20:76:2e:a8:01:0c:09:02:02:95:2a:
         86:53:d7:d0:3a:56:f3:26:be:b8:ff:79:fa:4d:4f:7d:5b:12:
         bf:00:ea:4e:c0:7a:4f:64:f9:ad:a3:46:14:f5:b7:e1:35:c2:
         9a:48:10:67:19:14:fa:7f:f7:c4:1e:09:4b:d8:67:a4:00:9c:
         b7:02:ae:01:e1:04:5d:6e:58:31:31:da:5a:02:cb:39:57:b2:
         0a:54:27:a6:26:5b:34:9d:a6:31:e0:a0:9c:81:8a:1f:3c:40:
         a7:92:85:11:31:f3:10:c1:22:17:2e:64:33:e7:70:97:75:b6:
         75:7a:04:5b:02:e2:1c:96:01:be:6f:2f:a0:c7:14:cd:7a:e8:
         6d:e6:77:22:60:ca:5b:2e:14:96:24:49:5f:a3:ba:bd:c9:f3:
         b8:15:c0:0a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYsKpAYFzG/4p9G5gXOI0rY9imUcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjExNDUyWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYTE1ZmM3MTFkZTdmM2M1YzFkZmRlYjMwM2I1MjM3Mjhi
ODQ5MjBmYWE1NGUwYjQ1ODY4ODQzYmJmNjVhZWNiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7rab3ZBhhCpFcZgYc85zR6uzcgFMjGg3KOgFdaC/nn6k5
Xw2CaV39jJzVRsVFcw1bLEJY63VBhiRTkVOPCnfbmTmoBBUv0ltAO01185iY4ez1
0SIBRufwcdGcu3apNXpEcDC/kExS7EbMqReAtVB/66103FoWVM8XWqGawVEm5+Al
dZSD4FTELdAM8a3PPybL/rvcTuc31XOAI1eUCF8z/PUDZW3g1jwk8fYMyOYRkc6n
c/WPDo4ee+F8D6g3dk/QwAvpXFP6zPx0vckhcua0/jpjVWa3tr7Tc/i6AkD185XG
QTDYhUSs4TyFsYz+7/8Mip9P2bUiZCviyDVNP4YZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqfwGFzzXNZ6jJdaBS2gMdE51zMQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE1NzRhMTU0LTA2ZTItNDM1NS1iNzZiLWMxM2QzNzg2MmZlYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQOYwDQYJKoZIhvcNAQELBQADggEBABgVz0ujYGJ2jbAxVr8dHsqUshkU
Px/cqr2H909ZRO1w4g8CIdD4NrraYVVN9CECLck2kZqnhLSBSC37DIh/QdKH15V7
xyDRftrFeKJZNTaKtFpJe7L6R6D9SfNdlPhh4k4gdi6oAQwJAgKVKoZT19A6VvMm
vrj/efpNT31bEr8A6k7Aek9k+a2jRhT1t+E1wppIEGcZFPp/98QeCUvYZ6QAnLcC
rgHhBF1uWDEx2loCyzlXsgpUJ6YmWzSdpjHgoJyBih88QKeShREx8xDBIhcuZDPn
cJd1tnV6BFsC4hyWAb5vL6DHFM166G3mdyJgylsuFJYkSV+jur3J87gVwAo=
-----END CERTIFICATE-----