Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2a70875c-0472-4922-83fa-e090b3e027b9.roa
File:                     2a70875c-0472-4922-83fa-e090b3e027b9.roa (raw, json)
Hash identifier:          JNVLcuod4VmbJISfuN6Fh+uXWsLtgBFkRDi+KCXcufQ=
Subject key identifier:   18:DF:D8:4B:11:A9:16:00:07:A8:67:8A:B1:2E:26:98:1A:EC:3F:1F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0BFF2B7C43DDEF9CB8D5A7F19F6F47D9EECF18
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2a70875c-0472-4922-83fa-e090b3e027b9.roa
Signing time:             Wed 24 Sep 2025 20:06:54 +0000
ROA not before:           Wed 24 Sep 2025 20:06:54 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.224.244.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:ff:2b:7c:43:dd:ef:9c:b8:d5:a7:f1:9f:6f:47:d9:ee:cf:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 20:06:54 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=06a10f48084abd6aa0e256face1862b474d67c4330245a8db177aecd0792f012, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:99:46:76:65:54:b8:19:ce:ec:a8:b6:59:7b:
                    23:71:51:51:0e:61:19:92:c8:f6:4e:39:4e:aa:c3:
                    8c:cb:b1:73:ad:1d:5f:45:f8:88:c8:3a:44:82:f0:
                    07:88:7a:45:b6:8d:64:60:b7:2c:ed:19:3c:29:1e:
                    d0:39:c9:c7:4a:cb:3b:0d:9a:d0:83:71:c8:05:d1:
                    a9:02:b6:1e:8f:5d:7d:bc:62:d8:66:33:60:98:3c:
                    7b:a1:3a:35:9b:76:a5:5e:13:84:6a:7b:03:cb:28:
                    32:0d:53:11:a4:dd:2a:76:e3:45:f1:9b:cf:4f:4f:
                    08:cc:32:fd:73:b4:b1:47:94:b3:6a:91:c2:49:28:
                    34:66:9f:de:4b:0f:3c:e5:d0:d9:bb:a9:db:cc:6f:
                    ee:1e:c3:13:02:1b:74:b1:7b:d3:e0:45:d1:a3:cf:
                    4d:d5:b3:a0:b1:c9:df:e5:ad:11:dd:a4:ca:38:2b:
                    dc:e2:63:88:6c:94:0c:8d:09:c5:7d:1b:66:19:8f:
                    3c:5c:7b:64:39:8a:5b:83:09:90:55:6c:52:72:6b:
                    39:6f:2a:86:34:4c:be:7f:01:6c:cb:14:d2:c1:d0:
                    72:34:6d:e0:12:4d:0b:99:a7:bd:27:1f:03:f0:c1:
                    b9:0d:bf:d2:54:a2:fb:4b:22:ea:61:f8:82:21:3b:
                    f0:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:DF:D8:4B:11:A9:16:00:07:A8:67:8A:B1:2E:26:98:1A:EC:3F:1F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2a70875c-0472-4922-83fa-e090b3e027b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.224.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:19:22:c4:5b:8d:03:3e:ec:b8:fb:d2:23:66:3a:40:c4:24:
         80:fa:e7:6c:b6:38:98:4e:82:35:b4:57:8b:69:11:e0:bd:a3:
         75:09:5d:78:96:95:f7:7f:08:54:dc:38:67:82:77:bf:c5:9a:
         11:10:0b:88:f4:6c:0d:4c:f4:3a:ed:c1:de:8e:d9:7f:77:75:
         17:f9:14:92:94:e2:73:53:24:66:1d:df:be:0e:51:32:cb:27:
         b9:2d:05:41:e0:c6:a1:db:39:02:1c:27:8a:fb:27:b6:eb:8b:
         68:46:5e:dc:17:16:04:fa:0c:b7:61:85:5d:1d:0c:11:8b:9c:
         ce:21:c0:e6:c7:90:6d:2b:60:38:ee:cf:5f:8e:28:1f:a9:ee:
         f2:aa:64:01:32:97:96:eb:55:cd:a5:75:61:88:68:99:54:1d:
         6f:f6:7b:a3:2a:32:09:36:68:ca:b9:ab:4b:e7:5c:51:d7:df:
         64:7e:10:c8:8f:96:ef:5d:bc:14:df:6d:09:7c:43:55:ca:e9:
         07:ea:84:99:74:81:ee:34:7c:f3:73:17:09:48:32:58:d6:16:
         eb:cc:56:35:0a:87:94:de:42:b6:40:c3:ad:be:d3:59:47:d9:
         b5:31:12:4a:3f:b1:ef:b3:94:d3:bb:67:50:49:5f:3e:25:a2:
         4b:2b:17:ad
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITC/8rfEPd75y41afxn29H2e7PGDANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzJkZjZmM2IzYTM0YjYzODZkMWEzMmQ4ZjRmYTMxNzhlZjMx
ODg3ZDhiNDI4ZGZhYTQ3NjAeFw0yNTA5MjQyMDA2NTRaFw0yNTEwMjkyMzU5NTla
MHoxSTBHBgNVBAUTQDA2YTEwZjQ4MDg0YWJkNmFhMGUyNTZmYWNlMTg2MmI0NzRk
NjdjNDMzMDI0NWE4ZGIxNzdhZWNkMDc5MmYwMTIxLTArBgNVBAMTJDVmMjc2MDQ1
LTViOWYtNDVlZi05MjNkLWYzZmNlMjRhNjIyNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKiZRnZlVLgZzuyotll7I3FRUQ5hGZLI9k45TqrDjMuxc60d
X0X4iMg6RILwB4h6RbaNZGC3LO0ZPCke0DnJx0rLOw2a0INxyAXRqQK2Ho9dfbxi
2GYzYJg8e6E6NZt2pV4ThGp7A8soMg1TEaTdKnbjRfGbz09PCMwy/XO0sUeUs2qR
wkkoNGaf3ksPPOXQ2bup28xv7h7DEwIbdLF70+BF0aPPTdWzoLHJ3+WtEd2kyjgr
3OJjiGyUDI0JxX0bZhmPPFx7ZDmKW4MJkFVsUnJrOW8qhjRMvn8BbMsU0sHQcjRt
4BJNC5mnvScfA/DBuQ2/0lSi+0si6mH4giE78A0CAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBQY39hLEakWAAeoZ4qxLiaYGuw/HzAfBgNVHSMEGDAWgBQlrdNCsB63pY6t
GZAmiLVLP4H0uDAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzg1MWNlZjE3LTEz
MmEtNDMzNy1iN2QxLWJmMTZhNTJmZmQwMy9kZjZmM2IzYTM0YjYzODZkMWEzMmQ4
ZjRmYTMxNzhlZjMxODg3ZDhiNDI4ZGZhYTQ3Ni5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9mNzAzNjk2ZS1lNDdiLTRjMjAtYmQ5My02Zjgw
OTA0ZTQyZDIvMmE3MDg3NWMtMDQ3Mi00OTIyLTgzZmEtZTA5MGIzZTAyN2I5LnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMt
NmY4MDkwNGU0MmQyL3RqaHRHakxZOVBveGVPOHhpSDJMUW8zNnBIWS5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEAQ3g9DANBgkqhkiG9w0BAQsFAAOCAQEATBkixFuNAz7suPvSI2Y6QMQkgPrn
bLY4mE6CNbRXi2kR4L2jdQldeJaV938IVNw4Z4J3v8WaERALiPRsDUz0Ou3B3o7Z
f3d1F/kUkpTic1MkZh3fvg5RMssnuS0FQeDGods5AhwnivsntuuLaEZe3BcWBPoM
t2GFXR0MEYucziHA5seQbStgOO7PX44oH6nu8qpkATKXlutVzaV1YYhomVQdb/Z7
oyoyCTZoyrmrS+dcUdffZH4QyI+W7128FN9tCXxDVcrpB+qEmXSB7jR883MXCUgy
WNYW68xWNQqHlN5CtkDDrb7TWUfZtTESSj+x77OU07tnUElfPiWiSysXrQ==
-----END CERTIFICATE-----