Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3aac9b51-770b-43ac-8531-40aa5b11f301.roa
File:                     3aac9b51-770b-43ac-8531-40aa5b11f301.roa (raw, json)
Hash identifier:          DHgocyx5Qfwk3Dec+UhT171s0UzoPHiDxww2SLX3LnE=
Subject key identifier:   6D:D6:39:5D:D8:FE:C3:5C:EA:0B:1A:7D:50:AB:08:50:AB:3C:BA:33
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       246EC55311E96E65F3915462C71D7077CDFA01A0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3aac9b51-770b-43ac-8531-40aa5b11f301.roa
Signing time:             Wed 24 Sep 2025 21:26:22 +0000
ROA not before:           Wed 24 Sep 2025 21:26:22 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.65.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:6e:c5:53:11:e9:6e:65:f3:91:54:62:c7:1d:70:77:cd:fa:01:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:26:22 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=763834ccdec01848998ee61cabd4ad29ef8b8b1ebcabdaf206918febe79ba48c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:26:a0:b1:41:a8:d0:cd:4d:f6:59:6f:ef:52:
                    bc:bf:01:59:63:1b:df:ac:e0:1f:3f:c6:ed:9f:ed:
                    ff:69:4f:48:22:ab:05:5a:81:05:0e:89:f5:fe:9b:
                    ef:0a:f8:ff:a5:03:ac:53:aa:07:b9:1c:b6:ab:eb:
                    b2:e4:de:dd:10:8d:54:ef:09:40:11:61:e0:58:ab:
                    13:db:d2:b7:04:fe:ba:d8:92:3c:c8:e3:7f:37:d2:
                    ec:63:e2:53:5c:04:c3:d6:30:54:f8:7b:36:06:f0:
                    c3:be:7e:5e:7e:7a:f3:43:84:01:7e:49:a3:57:b2:
                    bf:bf:bb:5f:05:89:eb:72:b7:f1:9a:ac:e8:ab:e1:
                    dd:58:6d:ec:d4:06:82:fd:78:de:8c:1f:b7:e6:02:
                    03:e6:35:e7:30:b8:b0:4a:54:1e:c7:52:1f:9d:69:
                    75:d7:ac:79:a9:8f:c9:03:af:d5:16:44:43:14:54:
                    d5:d4:29:a4:93:92:a1:ff:7b:43:fd:c7:51:dc:39:
                    f3:41:b3:6e:20:53:b2:3c:f8:1a:90:87:60:69:3c:
                    9b:18:09:c0:89:c5:67:a8:ea:23:ae:9a:ef:d8:8b:
                    62:0f:bc:89:1e:e8:a8:e8:12:f1:06:5f:46:79:72:
                    55:47:dc:3e:a6:78:d1:79:b3:a8:b0:fa:0e:93:9d:
                    93:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:D6:39:5D:D8:FE:C3:5C:EA:0B:1A:7D:50:AB:08:50:AB:3C:BA:33
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3aac9b51-770b-43ac-8531-40aa5b11f301.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.65.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:f5:df:a8:a1:d6:23:7b:42:97:6c:83:66:1b:78:7a:49:49:
         87:2d:0b:57:92:3f:e1:19:3d:38:b2:0f:45:2f:de:86:49:37:
         26:a9:67:38:1d:fd:67:54:d1:b1:a8:92:11:cf:2b:a7:2e:bb:
         26:32:a6:e7:f5:fa:b3:48:51:63:a1:b3:c0:5d:8b:c2:cf:74:
         ad:11:bd:43:88:80:e7:50:b3:3a:cd:af:04:13:ec:f6:5e:bc:
         6d:1a:73:a4:7c:5f:ae:59:a3:6a:e0:c2:1f:61:82:d2:9b:8f:
         e0:f2:b7:fa:ba:2e:78:bb:1f:7d:60:93:51:dc:33:a6:d4:8c:
         80:ba:4d:6c:e3:ac:9c:5e:47:69:a5:b5:54:0c:c1:73:8d:2a:
         fb:78:12:cf:1a:e6:af:5e:6e:66:35:84:60:ac:27:87:c4:b3:
         88:85:80:d6:37:1e:c6:86:49:3d:29:00:30:72:f5:28:d4:ad:
         1e:10:ac:d9:37:fd:3c:3c:37:99:92:82:e4:b6:14:53:87:66:
         fc:39:58:bc:0f:fd:a2:f4:cf:d6:23:a8:2a:d3:fe:57:63:de:
         95:b8:74:54:22:e3:11:65:ba:cc:67:44:da:98:50:ea:ef:fa:
         23:de:fc:02:a7:9d:60:be:ec:62:0f:81:a3:63:da:eb:c8:70:
         ec:de:f1:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJG7FUxHpbmXzkVRixx1wd836AaAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjEyNjIyWhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NjM4MzRjY2RlYzAxODQ4OTk4ZWU2MWNhYmQ0YWQyOWVm
OGI4YjFlYmNhYmRhZjIwNjkxOGZlYmU3OWJhNDhjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMJqCxQajQzU32WW/vUry/AVljG9+s4B8/xu2f7f9pT0gi
qwVagQUOifX+m+8K+P+lA6xTqge5HLar67Lk3t0QjVTvCUARYeBYqxPb0rcE/rrY
kjzI43830uxj4lNcBMPWMFT4ezYG8MO+fl5+evNDhAF+SaNXsr+/u18Fietyt/Ga
rOir4d1YbezUBoL9eN6MH7fmAgPmNecwuLBKVB7HUh+daXXXrHmpj8kDr9UWREMU
VNXUKaSTkqH/e0P9x1HcOfNBs24gU7I8+BqQh2BpPJsYCcCJxWeo6iOumu/Yi2IP
vIke6KjoEvEGX0Z5clVH3D6meNF5s6iw+g6TnZOdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbdY5Xdj+w1zqCxp9UKsIUKs8ujMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNhYWM5YjUxLTc3MGItNDNhYy04NTMxLTQwYWE1YjExZjMwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQZAwDQYJKoZIhvcNAQELBQADggEBAFr136ih1iN7Qpdsg2YbeHpJSYct
C1eSP+EZPTiyD0Uv3oZJNyapZzgd/WdU0bGokhHPK6cuuyYypuf1+rNIUWOhs8Bd
i8LPdK0RvUOIgOdQszrNrwQT7PZevG0ac6R8X65Zo2rgwh9hgtKbj+Dyt/q6Lni7
H31gk1HcM6bUjIC6TWzjrJxeR2mltVQMwXONKvt4Es8a5q9ebmY1hGCsJ4fEs4iF
gNY3HsaGST0pADBy9SjUrR4QrNk3/Tw8N5mSguS2FFOHZvw5WLwP/aL0z9YjqCrT
/ldj3pW4dFQi4xFlusxnRNqYUOrv+iPe/AKnnWC+7GIPgaNj2uvIcOze8f8=
-----END CERTIFICATE-----