Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27e9f1c6-cde1-4ddc-a9bc-ae0685542950.roa
File:                     27e9f1c6-cde1-4ddc-a9bc-ae0685542950.roa (raw, json)
Hash identifier:          cEmYDYk8Q+Izc++PWDyjjk7u8RQAd80IbP6CxZC43n4=
Subject key identifier:   FA:1E:0B:D9:C4:9E:20:09:9A:74:67:59:2C:27:F8:18:B9:0F:B5:A7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       518D2947BCA64BB8E31AB6B1AC48344F4E45714C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27e9f1c6-cde1-4ddc-a9bc-ae0685542950.roa
Signing time:             Wed 24 Sep 2025 19:02:38 +0000
ROA not before:           Wed 24 Sep 2025 19:02:38 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.224.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:8d:29:47:bc:a6:4b:b8:e3:1a:b6:b1:ac:48:34:4f:4e:45:71:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 19:02:38 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=e53f53df216c1a417efc7f1ed8809a2b2153b1c61d544e19fc31c66a9f364e89, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e3:7f:7a:4c:49:43:9f:1b:fe:ae:6d:e6:38:
                    83:e3:c1:61:81:c4:e2:e1:1b:66:f0:ae:9d:7d:3c:
                    c7:da:6b:93:05:3c:2e:d8:95:32:6b:1f:18:9d:20:
                    dd:09:e0:6a:dc:b3:fd:3a:f9:4e:c4:9e:46:f6:c3:
                    5a:23:ab:8d:a0:34:55:c8:b3:27:b7:e9:a5:d1:9b:
                    e7:8b:fa:76:f0:4b:8b:c0:d7:ab:4b:eb:12:9d:b7:
                    a4:85:cb:99:eb:0a:78:de:8e:50:64:2c:46:02:c5:
                    56:2b:38:41:3d:bd:1b:9d:f5:ac:18:4a:59:20:0d:
                    07:c0:fd:b6:11:3f:5a:43:a5:4e:30:03:be:df:28:
                    c0:6e:75:9d:23:9a:a0:21:ab:d6:2f:54:f4:e7:dd:
                    3d:b4:ce:ae:bd:b7:14:ae:1f:74:3d:ee:64:bf:18:
                    c0:0a:ed:76:11:5f:fb:23:96:da:19:d2:02:39:94:
                    23:0d:0b:e1:4a:9a:61:60:d3:93:3c:01:cd:64:2b:
                    3b:26:c3:ce:2d:fd:34:fe:11:3c:af:02:02:a5:3f:
                    de:59:14:15:84:5f:5a:e5:2d:94:ca:20:f1:04:1c:
                    1f:cf:4d:bb:fe:b2:d5:de:c8:e4:8c:86:62:7a:81:
                    a4:50:da:0c:80:64:1a:0e:79:df:51:da:ca:c9:7a:
                    a5:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:1E:0B:D9:C4:9E:20:09:9A:74:67:59:2C:27:F8:18:B9:0F:B5:A7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27e9f1c6-cde1-4ddc-a9bc-ae0685542950.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.224.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:e2:ea:3e:89:80:6d:0f:cd:f8:83:d0:f1:4d:1b:3e:97:36:
         5c:52:a4:1a:f9:2b:80:8d:13:fb:70:1f:62:76:4d:42:1c:d7:
         a2:39:7d:95:ac:64:4a:8e:ff:ef:99:9a:cb:ec:de:b4:94:a2:
         9a:2c:cf:90:46:c6:da:6b:05:17:00:e5:86:68:0f:ba:ae:c8:
         b5:a7:f6:e5:30:89:5e:eb:26:81:5b:8c:34:ac:ff:fa:3f:56:
         2b:78:4c:2f:a6:a5:62:41:69:0b:20:aa:bf:ce:ee:26:9c:e9:
         57:74:70:03:e2:4a:1d:4b:b1:a9:ac:3a:76:8a:84:05:f3:f9:
         6c:ca:5f:09:ad:04:71:47:5d:f1:6e:ed:91:62:d2:02:8c:33:
         e4:31:da:5b:9e:47:98:cb:65:79:52:09:69:61:79:0f:59:30:
         ca:ba:3a:3b:f0:65:18:73:da:18:9d:7d:e9:9b:1e:89:3c:da:
         b4:04:f1:95:6d:a0:50:71:c9:d8:2a:7c:79:51:09:21:2f:2c:
         db:0f:72:3a:64:6a:cb:2f:9a:66:d4:ab:69:58:00:92:50:9f:
         9d:7e:07:dd:0b:dd:b7:c8:cc:8d:4b:25:d0:08:ea:1e:e6:29:
         c8:db:84:05:1f:6f:34:ce:88:36:02:5e:68:13:96:c0:fe:33:
         4f:c8:8f:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUY0pR7ymS7jjGraxrEg0T05FcUwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MTkwMjM4WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTNmNTNkZjIxNmMxYTQxN2VmYzdmMWVkODgwOWEyYjIx
NTNiMWM2MWQ1NDRlMTlmYzMxYzY2YTlmMzY0ZTg5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCt4396TElDnxv+rm3mOIPjwWGBxOLhG2bwrp19PMfaa5MF
PC7YlTJrHxidIN0J4Grcs/06+U7Enkb2w1ojq42gNFXIsye36aXRm+eL+nbwS4vA
16tL6xKdt6SFy5nrCnjejlBkLEYCxVYrOEE9vRud9awYSlkgDQfA/bYRP1pDpU4w
A77fKMBudZ0jmqAhq9YvVPTn3T20zq69txSuH3Q97mS/GMAK7XYRX/sjltoZ0gI5
lCMNC+FKmmFg05M8Ac1kKzsmw84t/TT+ETyvAgKlP95ZFBWEX1rlLZTKIPEEHB/P
Tbv+stXeyOSMhmJ6gaRQ2gyAZBoOed9R2srJeqWlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+h4L2cSeIAmadGdZLCf4GLkPtacwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI3ZTlmMWM2LWNkZTEtNGRkYy1hOWJjLWFlMDY4NTU0Mjk1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN4K0wDQYJKoZIhvcNAQELBQADggEBAAji6j6JgG0PzfiD0PFNGz6XNlxS
pBr5K4CNE/twH2J2TUIc16I5fZWsZEqO/++Zmsvs3rSUoposz5BGxtprBRcA5YZo
D7quyLWn9uUwiV7rJoFbjDSs//o/Vit4TC+mpWJBaQsgqr/O7iac6Vd0cAPiSh1L
samsOnaKhAXz+WzKXwmtBHFHXfFu7ZFi0gKMM+Qx2lueR5jLZXlSCWlheQ9ZMMq6
OjvwZRhz2hidfembHok82rQE8ZVtoFBxydgqfHlRCSEvLNsPcjpkassvmmbUq2lY
AJJQn51+B90L3bfIzI1LJdAI6h7mKcjbhAUfbzTOiDYCXmgTlsD+M0/Ij1k=
-----END CERTIFICATE-----