Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/177cb749-177e-45dc-abd6-ce5c8a8643a5.roa
File:                     177cb749-177e-45dc-abd6-ce5c8a8643a5.roa (raw, json)
Hash identifier:          wUzSxPkDvFuZMVe6DoTpe1jjoQz4C1Ah/4Jm4USWIC4=
Subject key identifier:   BE:55:E9:D4:FA:22:9A:57:C0:07:CB:70:E9:C1:2F:F9:4F:C4:69:EC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5DBC76D2EF3C6AC14666CDDA215DA5A385160CE8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/177cb749-177e-45dc-abd6-ce5c8a8643a5.roa
Signing time:             Mon 22 Sep 2025 21:47:40 +0000
ROA not before:           Mon 22 Sep 2025 21:47:40 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.239.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:bc:76:d2:ef:3c:6a:c1:46:66:cd:da:21:5d:a5:a3:85:16:0c:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 21:47:40 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=fa929cd092f76edce46609fea03f520ee9122448652ee229352439f4184d0aa1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:56:4b:11:e4:b0:c2:6f:c6:de:00:f8:5a:a0:
                    58:15:57:73:12:3f:d7:db:c8:43:65:e5:37:37:d3:
                    a1:80:1a:86:74:16:1c:5c:0a:73:d9:ed:e8:49:1d:
                    a2:75:99:33:21:fe:39:10:d5:f1:04:63:8c:d8:ec:
                    55:11:7b:33:83:96:f3:d2:04:ae:6a:9e:72:b0:51:
                    83:26:d0:65:55:da:2d:20:6b:fc:67:37:84:3d:c3:
                    47:ab:15:64:45:40:14:9e:26:2c:59:53:ab:22:b3:
                    99:d6:16:d6:b7:e6:f1:83:de:7a:3b:45:ff:ce:59:
                    f0:47:8c:a9:b4:b6:c2:68:48:a1:a8:ac:0f:e6:0b:
                    0e:aa:f0:09:bc:ba:6d:24:97:06:04:4c:de:84:eb:
                    78:63:32:cd:61:ed:75:e5:cf:63:fc:25:a2:cd:89:
                    8e:45:f0:4f:ea:e8:88:45:be:74:ad:87:9c:34:18:
                    b6:a8:71:bf:f6:da:bf:5c:37:34:ef:03:15:81:8b:
                    9b:0e:43:12:c0:9f:d7:0f:98:08:63:f5:4d:87:64:
                    b0:51:c3:51:ab:52:16:c7:0f:25:79:ef:a6:78:f2:
                    d3:df:fd:32:c7:5c:81:b2:df:15:04:3e:6b:8c:76:
                    35:1e:ea:34:5f:07:c0:c0:d8:0b:2f:23:70:80:3a:
                    ef:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:55:E9:D4:FA:22:9A:57:C0:07:CB:70:E9:C1:2F:F9:4F:C4:69:EC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/177cb749-177e-45dc-abd6-ce5c8a8643a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.239.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:90:78:6f:64:06:cb:f0:3d:02:49:35:e0:20:83:2f:5d:1a:
         bd:c5:cc:dd:1c:55:b6:7c:a0:84:74:fb:71:84:db:54:e9:8d:
         26:84:50:3b:0c:85:a9:e3:0f:dc:90:1b:76:e7:54:71:b1:3c:
         c6:5d:5d:fd:c2:8f:66:48:90:9d:b1:78:b1:cf:34:aa:a3:c1:
         f0:f3:20:eb:de:53:7c:cc:b2:46:0b:83:55:6c:85:a8:d2:c8:
         d7:87:21:f8:a0:b0:22:d3:bd:79:f1:7c:ae:be:8b:5f:4b:fb:
         6a:be:5a:79:59:3c:fa:d8:c3:e2:b0:17:36:29:61:01:4d:23:
         41:fd:2b:43:96:d0:d1:6d:ce:9a:1e:a6:cf:6c:a3:02:1c:63:
         97:85:dd:bb:af:d2:11:b3:e9:b2:3b:c7:9c:e9:f0:c5:9c:df:
         25:59:67:e1:57:d1:c3:d1:e7:5a:ba:22:57:93:61:61:3a:26:
         d9:cf:a4:98:f2:29:a0:94:2e:50:d4:e6:6d:6b:98:3e:86:9e:
         29:e1:19:9f:18:1d:9b:f4:05:37:4d:1a:2f:5c:bb:ac:d2:43:
         1e:12:6d:de:19:20:ad:80:84:5a:79:ae:c7:bf:80:0e:06:99:
         a3:74:c7:ae:e7:2f:d9:23:22:7d:3d:45:75:2e:6f:77:d4:6b:
         34:e9:bc:37
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXbx20u88asFGZs3aIV2lo4UWDOgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjE0NzQwWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYTkyOWNkMDkyZjc2ZWRjZTQ2NjA5ZmVhMDNmNTIwZWU5
MTIyNDQ4NjUyZWUyMjkzNTI0MzlmNDE4NGQwYWExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFVksR5LDCb8beAPhaoFgVV3MSP9fbyENl5Tc306GAGoZ0
FhxcCnPZ7ehJHaJ1mTMh/jkQ1fEEY4zY7FURezODlvPSBK5qnnKwUYMm0GVV2i0g
a/xnN4Q9w0erFWRFQBSeJixZU6sis5nWFta35vGD3no7Rf/OWfBHjKm0tsJoSKGo
rA/mCw6q8Am8um0klwYETN6E63hjMs1h7XXlz2P8JaLNiY5F8E/q6IhFvnSth5w0
GLaocb/22r9cNzTvAxWBi5sOQxLAn9cPmAhj9U2HZLBRw1GrUhbHDyV576Z48tPf
/TLHXIGy3xUEPmuMdjUe6jRfB8DA2AsvI3CAOu9fAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvlXp1PoimlfAB8tw6cEv+U/EaewwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE3N2NiNzQ5LTE3N2UtNDVkYy1hYmQ2LWNlNWM4YTg2NDNhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS778wDQYJKoZIhvcNAQELBQADggEBAGCQeG9kBsvwPQJJNeAggy9dGr3F
zN0cVbZ8oIR0+3GE21TpjSaEUDsMhanjD9yQG3bnVHGxPMZdXf3Cj2ZIkJ2xeLHP
NKqjwfDzIOveU3zMskYLg1VshajSyNeHIfigsCLTvXnxfK6+i19L+2q+WnlZPPrY
w+KwFzYpYQFNI0H9K0OW0NFtzpoeps9sowIcY5eF3buv0hGz6bI7x5zp8MWc3yVZ
Z+FX0cPR51q6IleTYWE6JtnPpJjyKaCULlDU5m1rmD6GninhGZ8YHZv0BTdNGi9c
u6zSQx4Sbd4ZIK2AhFp5rse/gA4GmaN0x67nL9kjIn09RXUub3fUazTpvDc=
-----END CERTIFICATE-----