Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ad02644-60fe-41b8-bdc5-7402a3456a23.roa
File:                     3ad02644-60fe-41b8-bdc5-7402a3456a23.roa (raw, json)
Hash identifier:          Zs0woRuW6/6/umcX6w39A5o/Sc1oVTeXi2Z8pJqL+9s=
Subject key identifier:   A3:38:28:3F:4F:FB:91:E0:91:E5:FB:96:DD:79:2D:F2:DC:0D:72:01
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1E3339E44FAB534595314E9D7141FFEEFAD0EEDF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ad02644-60fe-41b8-bdc5-7402a3456a23.roa
Signing time:             Thu 16 Oct 2025 19:26:23 +0000
ROA not before:           Thu 16 Oct 2025 19:26:23 +0000
ROA not after:            Thu 20 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.94.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:33:39:e4:4f:ab:53:45:95:31:4e:9d:71:41:ff:ee:fa:d0:ee:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 16 19:26:23 2025 GMT
            Not After : Nov 20 23:59:59 2025 GMT
        Subject: serialNumber=c1d1f036de43040d3f7f1ca2fee98bd442e46ce2d566fff5b5bf227db616ce72, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:b3:d5:27:20:40:ac:31:85:e7:93:bf:cc:fc:
                    f2:9d:ab:11:f5:3e:fb:f0:a7:b6:4e:c9:25:94:99:
                    41:1e:90:ff:47:3b:bc:72:2f:ab:38:8c:22:e3:ee:
                    c5:da:74:61:c7:e3:6b:f7:f5:a4:ba:b3:b3:69:3c:
                    6d:82:11:2f:f1:5a:68:7c:f8:fd:ed:e7:ad:c3:99:
                    03:e1:7b:74:1e:30:fc:52:a8:81:27:45:cd:08:e3:
                    f0:9a:7a:35:d4:5d:d2:ef:f7:6e:b9:b4:bf:76:c9:
                    6f:c7:34:82:ee:8e:dd:2a:bd:3b:d8:ef:d8:0c:11:
                    5d:eb:08:a9:31:dd:e2:98:30:f9:a0:04:ea:5b:0d:
                    e0:72:a0:f7:ad:9e:ee:7c:9e:19:0a:d7:6c:57:6e:
                    6c:c7:4d:1c:31:a7:fd:78:cb:2e:aa:75:d3:15:a7:
                    0d:36:3b:1d:50:26:de:a3:46:71:1d:57:34:7b:6f:
                    72:5a:1f:d2:27:34:94:5b:b4:ed:77:33:a7:f3:36:
                    32:a6:2c:11:33:82:55:ca:37:f7:02:95:9e:38:1d:
                    ff:bc:97:a4:9c:7e:60:a6:28:a9:6b:79:32:df:20:
                    d0:bd:6f:26:e9:f0:06:57:28:f9:f0:d1:39:4a:a8:
                    5e:70:65:c3:ae:35:9a:5b:c3:da:95:1f:e1:82:0f:
                    4b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:38:28:3F:4F:FB:91:E0:91:E5:FB:96:DD:79:2D:F2:DC:0D:72:01
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ad02644-60fe-41b8-bdc5-7402a3456a23.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:68:04:3f:83:5f:7e:93:db:a0:9d:3c:68:f9:70:71:1b:e3:
         0b:ca:f7:d7:7d:07:49:3c:bf:0a:1a:61:c4:13:9b:82:4f:6a:
         99:46:ac:62:48:53:9a:c1:e3:06:8d:21:d9:52:7c:ce:63:5e:
         ab:bf:9e:1d:99:9a:2a:c4:51:10:04:a7:59:2c:6a:f6:05:ad:
         c2:af:0d:fa:72:b0:2a:4d:0a:2a:73:6a:43:f2:52:ea:49:ad:
         45:fd:d7:92:6c:60:53:16:68:e0:e4:a0:8f:30:ec:eb:1c:09:
         f4:08:1a:f9:22:ee:aa:56:1e:fa:aa:62:07:16:3a:c6:fc:d3:
         93:ab:4f:bd:d6:8f:1e:8a:ad:de:0e:d5:e8:b2:3d:81:78:4c:
         d8:18:ea:34:11:bd:21:d3:46:cb:fe:1a:31:5e:92:55:de:f7:
         e8:cb:5d:af:af:6a:da:b7:0e:4e:fd:57:4a:8d:c0:0d:c7:60:
         4e:16:7d:23:1d:65:02:e0:49:76:87:80:91:a7:42:df:c8:21:
         2e:97:b7:f4:a8:90:42:5e:eb:06:b1:37:b6:88:e1:04:cc:0c:
         92:88:a2:5b:b9:b1:51:7f:e7:d0:54:0b:80:63:2e:a6:2f:94:
         ca:d3:b2:13:e1:2d:36:8c:91:51:7f:22:5d:69:dd:0e:61:c6:
         eb:5c:e1:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHjM55E+rU0WVMU6dcUH/7vrQ7t8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE2MTkyNjIzWhcNMjUxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMWQxZjAzNmRlNDMwNDBkM2Y3ZjFjYTJmZWU5OGJkNDQy
ZTQ2Y2UyZDU2NmZmZjViNWJmMjI3ZGI2MTZjZTcyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRs9UnIECsMYXnk7/M/PKdqxH1Pvvwp7ZOySWUmUEekP9H
O7xyL6s4jCLj7sXadGHH42v39aS6s7NpPG2CES/xWmh8+P3t563DmQPhe3QeMPxS
qIEnRc0I4/CaejXUXdLv9265tL92yW/HNILujt0qvTvY79gMEV3rCKkx3eKYMPmg
BOpbDeByoPetnu58nhkK12xXbmzHTRwxp/14yy6qddMVpw02Ox1QJt6jRnEdVzR7
b3JaH9InNJRbtO13M6fzNjKmLBEzglXKN/cClZ44Hf+8l6ScfmCmKKlreTLfINC9
bybp8AZXKPnw0TlKqF5wZcOuNZpbw9qVH+GCD0udAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUozgoP0/7keCR5fuW3Xkt8twNcgEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNhZDAyNjQ0LTYwZmUtNDFiOC1iZGM1LTc0MDJhMzQ1NmEyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XpMwDQYJKoZIhvcNAQELBQADggEBAB5oBD+DX36T26CdPGj5cHEb4wvK
99d9B0k8vwoaYcQTm4JPaplGrGJIU5rB4waNIdlSfM5jXqu/nh2ZmirEURAEp1ks
avYFrcKvDfpysCpNCipzakPyUupJrUX915JsYFMWaODkoI8w7OscCfQIGvki7qpW
HvqqYgcWOsb805OrT73Wjx6Krd4O1eiyPYF4TNgY6jQRvSHTRsv+GjFeklXe9+jL
Xa+vatq3Dk79V0qNwA3HYE4WfSMdZQLgSXaHgJGnQt/IIS6Xt/SokEJe6waxN7aI
4QTMDJKIolu5sVF/59BUC4BjLqYvlMrTshPhLTaMkVF/Il1p3Q5hxutc4Zs=
-----END CERTIFICATE-----