Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1a7e413e-b3c7-47e4-8285-754fa9c75772.roa
File:                     1a7e413e-b3c7-47e4-8285-754fa9c75772.roa (raw, json)
Hash identifier:          tiudsGxC212HyjvNXGzluIpn2PXsoKkFflxenI+RsY4=
Subject key identifier:   1A:EF:97:23:48:AA:1A:26:7C:36:85:ED:68:6E:FE:51:E8:CB:EF:B3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3C119BD405123C9BC195053AED3B3391C26A9849
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1a7e413e-b3c7-47e4-8285-754fa9c75772.roa
Signing time:             Fri 07 Nov 2025 01:41:34 +0000
ROA not before:           Fri 07 Nov 2025 01:41:34 +0000
ROA not after:            Fri 12 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.158.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 08 Nov 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:11:9b:d4:05:12:3c:9b:c1:95:05:3a:ed:3b:33:91:c2:6a:98:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  7 01:41:34 2025 GMT
            Not After : Dec 12 23:59:59 2025 GMT
        Subject: serialNumber=ff68afd227aacbb531599d7a4604cb97a6510834eb08201b5696f584d4d89cf7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:68:2c:75:bc:f4:1d:06:98:b3:e5:e8:0c:46:
                    1e:27:27:3a:c4:a8:b4:60:ff:3b:b6:72:b2:b2:9e:
                    8f:4c:2b:6b:52:c2:c9:56:5d:52:45:99:50:e4:35:
                    b5:be:17:04:c6:be:1e:23:e3:58:69:8a:1b:a5:5d:
                    d0:03:fd:27:1f:53:7f:2c:42:f8:7f:11:78:ec:08:
                    75:76:ab:85:7c:52:f8:5e:76:7d:b8:73:0c:de:9c:
                    d5:ec:b4:d5:11:26:5e:c6:3c:e4:93:69:c9:4f:e3:
                    04:ea:4d:11:b6:1c:22:07:36:19:55:66:a9:05:c3:
                    29:f7:23:54:1f:55:88:84:6c:c6:81:9c:0e:34:4d:
                    e9:bc:08:64:be:dd:df:57:21:67:5f:60:ee:8e:34:
                    d7:ab:0c:3c:d0:13:bb:1f:5e:1a:89:83:f8:f1:cc:
                    f1:fc:11:f2:48:35:4b:c9:15:04:fc:84:90:5b:84:
                    d6:dd:11:40:a9:28:f2:ff:bd:35:aa:36:9f:78:2d:
                    63:31:38:4c:c8:62:5e:a5:c0:9e:57:18:e0:3a:f7:
                    8b:97:68:3e:bf:1e:05:57:97:ee:f0:4b:48:21:00:
                    7f:0b:5e:bc:22:9a:84:d6:eb:10:ba:aa:99:98:ac:
                    92:b4:52:55:da:54:ea:85:d8:46:48:75:d1:7b:e5:
                    f1:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:EF:97:23:48:AA:1A:26:7C:36:85:ED:68:6E:FE:51:E8:CB:EF:B3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1a7e413e-b3c7-47e4-8285-754fa9c75772.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.158.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:e1:96:26:4b:96:5c:57:69:1c:c8:d3:10:c2:f2:83:4e:43:
         0b:52:7f:63:92:c8:37:4a:b8:a0:c9:a5:ad:6d:6b:45:3c:81:
         0e:a0:ae:e0:d9:3b:a2:9e:63:65:61:1a:e7:73:5e:23:fd:c1:
         6f:40:fa:b9:7c:82:9f:f3:9f:c8:7e:bb:5d:dc:d8:d1:75:43:
         dd:a3:47:df:e2:3a:b3:96:ca:93:4a:7d:53:e1:59:e6:ac:3c:
         08:da:c7:1e:10:15:cd:45:d3:27:0e:3c:fe:f2:49:15:60:c3:
         07:cc:c9:15:25:09:5f:38:36:e8:7f:1c:ff:07:65:9d:96:c8:
         4c:47:c3:9b:0e:04:f8:a6:67:ef:e0:06:af:b7:f2:9e:b8:ae:
         04:fd:55:28:aa:a7:50:1b:2f:a2:88:0c:3b:25:3b:f8:13:24:
         d1:b7:ba:c7:39:7f:2b:6b:cc:bf:2f:50:a4:31:8b:01:b9:9e:
         f8:28:b2:b6:3e:dc:de:2b:4d:24:8d:26:fa:03:13:b0:5b:bb:
         9b:e9:a2:da:c0:07:15:6f:be:22:3d:15:23:59:87:29:df:37:
         99:97:02:bd:91:e9:ee:27:6c:c9:4a:3a:f0:b4:1a:28:35:75:
         1e:41:d2:37:45:d4:ce:c1:2b:a0:5c:dc:2f:9d:9c:51:fc:2c:
         dd:f2:62:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPBGb1AUSPJvBlQU67TszkcJqmEkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA3MDE0MTM0WhcNMjUxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjY4YWZkMjI3YWFjYmI1MzE1OTlkN2E0NjA0Y2I5N2E2
NTEwODM0ZWIwODIwMWI1Njk2ZjU4NGQ0ZDg5Y2Y3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYaCx1vPQdBpiz5egMRh4nJzrEqLRg/zu2crKyno9MK2tS
wslWXVJFmVDkNbW+FwTGvh4j41hpihulXdAD/ScfU38sQvh/EXjsCHV2q4V8Uvhe
dn24cwzenNXstNURJl7GPOSTaclP4wTqTRG2HCIHNhlVZqkFwyn3I1QfVYiEbMaB
nA40Tem8CGS+3d9XIWdfYO6ONNerDDzQE7sfXhqJg/jxzPH8EfJINUvJFQT8hJBb
hNbdEUCpKPL/vTWqNp94LWMxOEzIYl6lwJ5XGOA694uXaD6/HgVXl+7wS0ghAH8L
XrwimoTW6xC6qpmYrJK0UlXaVOqF2EZIddF75fFNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGu+XI0iqGiZ8NoXtaG7+UejL77MwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFhN2U0MTNlLWIzYzctNDdlNC04Mjg1LTc1NGZhOWM3NTc3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPnuowDQYJKoZIhvcNAQELBQADggEBADnhliZLllxXaRzI0xDC8oNOQwtS
f2OSyDdKuKDJpa1ta0U8gQ6gruDZO6KeY2VhGudzXiP9wW9A+rl8gp/zn8h+u13c
2NF1Q92jR9/iOrOWypNKfVPhWeasPAjaxx4QFc1F0ycOPP7ySRVgwwfMyRUlCV84
Nuh/HP8HZZ2WyExHw5sOBPimZ+/gBq+38p64rgT9VSiqp1AbL6KIDDslO/gTJNG3
usc5fytrzL8vUKQxiwG5nvgosrY+3N4rTSSNJvoDE7Bbu5vpotrABxVvviI9FSNZ
hynfN5mXAr2R6e4nbMlKOvC0Gig1dR5B0jdF1M7BK6Bc3C+dnFH8LN3yYhU=
-----END CERTIFICATE-----
Generated at Fri Nov 7 20:22:59 2025 by rpki-client