Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29f093ea-842e-4432-8f4f-4a326cfc8411.roa
File:                     29f093ea-842e-4432-8f4f-4a326cfc8411.roa (raw, json)
Hash identifier:          ToGIRSX6NW+jZY5qejzZlTr1PUwM8A4POqiG6VsqGOc=
Subject key identifier:   DA:01:35:95:78:C5:B3:35:F1:AC:35:96:50:B5:84:D3:7F:03:64:3A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7C0022881ADE46412B82F85E24D9C5D498D8D061
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29f093ea-842e-4432-8f4f-4a326cfc8411.roa
Signing time:             Fri 10 Oct 2025 15:47:06 +0000
ROA not before:           Fri 10 Oct 2025 15:47:06 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        34.240.0.0/13 maxlen: 13
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:00:22:88:1a:de:46:41:2b:82:f8:5e:24:d9:c5:d4:98:d8:d0:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 15:47:06 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=c0f80380da3d7abe1de96d6c0fe3e3be62dc75fa72cdc4f5761e13e069d0f5e6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:78:f7:57:ca:ad:84:d3:9b:f1:b6:49:92:c6:
                    2f:8d:b3:82:a0:8e:cd:31:fb:0f:78:97:ef:ef:eb:
                    13:33:06:d4:b6:dc:c4:d3:28:7e:e3:98:95:86:eb:
                    75:6f:e0:51:bb:11:1b:87:b7:ce:f3:95:b1:6d:7a:
                    45:9c:b7:33:f4:54:e1:ef:85:fc:31:12:d5:d2:ac:
                    ba:bd:ae:5d:8b:5a:f9:5a:13:a0:c4:cf:3d:96:d3:
                    7f:ee:90:3e:b8:17:3b:4c:d8:06:4a:64:1e:b9:de:
                    cd:0d:86:61:1f:a5:7c:a4:9e:01:46:32:64:b8:ec:
                    de:89:1e:21:74:8d:c6:59:9c:1f:80:4f:e3:cd:79:
                    d9:06:0e:40:01:61:2c:5c:9b:46:d6:22:1f:e2:b3:
                    45:d2:9a:6e:00:e1:8e:97:f4:fc:3d:c7:73:b2:4f:
                    7c:1f:30:8c:ff:c5:16:c4:eb:40:36:73:a8:c9:4b:
                    e2:10:f4:a8:fa:3e:5e:71:73:c6:33:d2:cc:d5:a0:
                    55:03:d9:62:03:62:84:20:9d:f3:31:d0:26:de:4a:
                    85:10:d6:8b:6c:0b:f7:11:10:b4:f2:5d:fa:cd:f5:
                    b3:bb:4e:61:6d:a9:69:67:31:64:d8:cc:76:72:f8:
                    cc:72:c0:75:7d:e8:ed:17:a2:be:1d:32:26:ae:fa:
                    b6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:01:35:95:78:C5:B3:35:F1:AC:35:96:50:B5:84:D3:7F:03:64:3A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/29f093ea-842e-4432-8f4f-4a326cfc8411.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.240.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         03:04:33:fe:de:eb:12:8e:17:f3:e2:b6:14:d8:35:2b:e3:fa:
         34:48:30:e3:ff:ce:1b:cd:6f:59:01:ce:56:8d:2f:cd:4d:d6:
         4b:1b:df:bb:32:82:0d:ca:64:61:ec:32:71:28:0f:23:fe:b3:
         bc:c0:ae:25:2f:e2:5a:07:fb:e3:e3:79:4e:04:6c:54:9f:2d:
         e4:86:09:a9:7d:f0:34:e4:9a:a0:fa:28:8c:3b:1e:24:9e:84:
         eb:86:42:0e:b2:f7:98:8c:16:ba:5a:88:ae:f1:d2:b8:29:6e:
         0f:18:f1:14:95:a1:ab:75:b9:e4:0d:5c:c2:8c:e0:74:ec:56:
         8a:ab:46:3e:4e:70:3d:66:42:d9:30:61:bc:51:07:e3:06:31:
         dc:2b:25:ad:77:95:9b:16:05:6d:f8:14:6f:6a:60:d2:df:09:
         46:e6:18:dc:34:59:45:ee:5a:34:33:a1:11:7c:fd:9c:30:2c:
         37:1b:24:fa:ce:b8:63:50:af:ff:af:15:ac:a5:a5:82:b4:07:
         40:1b:1a:be:57:1c:40:51:39:f2:52:d4:7b:34:2a:48:44:eb:
         28:fb:1b:9b:b4:ea:04:97:a0:6f:06:eb:a6:ee:b0:98:a2:6f:
         47:8b:97:df:38:b5:c8:d4:71:d8:32:fc:bf:ef:95:d7:02:8d:
         fe:eb:79:d3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfAAiiBreRkErgvheJNnF1JjY0GEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTU0NzA2WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMGY4MDM4MGRhM2Q3YWJlMWRlOTZkNmMwZmUzZTNiZTYy
ZGM3NWZhNzJjZGM0ZjU3NjFlMTNlMDY5ZDBmNWU2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNePdXyq2E05vxtkmSxi+Ns4Kgjs0x+w94l+/v6xMzBtS2
3MTTKH7jmJWG63Vv4FG7ERuHt87zlbFtekWctzP0VOHvhfwxEtXSrLq9rl2LWvla
E6DEzz2W03/ukD64FztM2AZKZB653s0NhmEfpXykngFGMmS47N6JHiF0jcZZnB+A
T+PNedkGDkABYSxcm0bWIh/is0XSmm4A4Y6X9Pw9x3OyT3wfMIz/xRbE60A2c6jJ
S+IQ9Kj6Pl5xc8Yz0szVoFUD2WIDYoQgnfMx0CbeSoUQ1otsC/cRELTyXfrN9bO7
TmFtqWlnMWTYzHZy+MxywHV96O0Xor4dMiau+rZBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2gE1lXjFszXxrDWWULWE038DZDowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI5ZjA5M2VhLTg0MmUtNDQzMi04ZjRmLTRhMzI2Y2ZjODQxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwMi8DANBgkqhkiG9w0BAQsFAAOCAQEAAwQz/t7rEo4X8+K2FNg1K+P6NEgw
4//OG81vWQHOVo0vzU3WSxvfuzKCDcpkYewycSgPI/6zvMCuJS/iWgf74+N5TgRs
VJ8t5IYJqX3wNOSaoPoojDseJJ6E64ZCDrL3mIwWulqIrvHSuCluDxjxFJWhq3W5
5A1cwozgdOxWiqtGPk5wPWZC2TBhvFEH4wYx3CslrXeVmxYFbfgUb2pg0t8JRuYY
3DRZRe5aNDOhEXz9nDAsNxsk+s64Y1Cv/68VrKWlgrQHQBsavlccQFE58lLUezQq
SETrKPsbm7TqBJegbwbrpu6wmKJvR4uX3zi1yNRx2DL8v++V1wKN/ut50w==
-----END CERTIFICATE-----