Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/438fcf67-83bb-4f63-9d76-8a5762741184.roa
File:                     438fcf67-83bb-4f63-9d76-8a5762741184.roa (raw, json)
Hash identifier:          Ge2iUKQ6AiLQjWYMtApx3WWyMY3m5yXHaJy95HutRm8=
Subject key identifier:   FA:D4:99:60:09:C5:B6:87:4C:7F:90:2E:56:29:31:4E:10:3A:04:F0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2C8A386C5000AB01697910B6DBECE65F409508A6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/438fcf67-83bb-4f63-9d76-8a5762741184.roa
Signing time:             Mon 22 Sep 2025 21:02:49 +0000
ROA not before:           Mon 22 Sep 2025 21:02:49 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.173.106.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:8a:38:6c:50:00:ab:01:69:79:10:b6:db:ec:e6:5f:40:95:08:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 21:02:49 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=bb6d663a6ca52703fe5c87dce925021f01ee71b694cf0ae141fd4896bc21f38e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a7:d4:17:2a:fe:59:58:99:24:21:d6:fb:7b:
                    04:51:79:0d:ad:8d:12:ff:f1:48:39:f1:b1:e8:14:
                    ca:12:34:07:04:98:08:5f:df:ce:42:91:84:3d:ef:
                    6d:17:2e:c0:65:04:df:d0:d0:88:c1:d6:5b:9e:03:
                    ea:90:7b:a0:22:25:b5:cb:8f:be:32:c6:a5:9b:e3:
                    69:90:c5:49:9b:c8:51:1f:84:12:03:f6:4f:94:e9:
                    4f:a7:87:1f:14:39:db:a5:08:b0:00:f8:8f:b4:2e:
                    2c:af:0e:be:0f:ec:04:cb:40:0a:6c:54:be:bf:1b:
                    ca:bd:45:81:00:3d:72:28:e3:86:36:0b:5f:6f:9a:
                    74:8e:ca:37:a8:2f:84:39:f5:c9:8d:a9:ea:8a:32:
                    d2:6f:a4:fd:da:60:6f:e5:9f:aa:ac:46:57:4a:41:
                    22:f0:e7:8c:80:7f:b1:c7:9d:e5:33:fe:d1:c4:c1:
                    73:36:d1:f4:43:a7:78:66:64:4c:6d:74:01:db:ad:
                    f4:cb:41:a2:59:9b:cf:3b:98:43:94:8e:43:70:e6:
                    14:f3:5a:45:38:24:7c:d3:0c:3a:c2:e5:2f:d1:3c:
                    15:dc:65:9c:fc:7b:77:d9:c0:6b:4b:ed:ac:f7:b8:
                    ee:43:7d:64:36:0f:bd:ba:0f:61:24:73:74:5a:9d:
                    1f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:D4:99:60:09:C5:B6:87:4C:7F:90:2E:56:29:31:4E:10:3A:04:F0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/438fcf67-83bb-4f63-9d76-8a5762741184.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.173.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9f:04:be:aa:1c:3c:5e:e6:46:59:2a:8b:da:fd:15:da:ee:bc:
         6b:5c:72:21:79:ad:4c:c0:6f:fe:4c:da:47:96:93:41:aa:2c:
         66:60:c8:ec:10:6f:03:dd:d6:35:c6:b8:d4:2c:5d:16:0e:14:
         ad:5e:10:b7:95:d9:de:fa:30:c6:6f:00:80:1b:b9:98:44:fe:
         af:f7:a2:34:40:ea:35:76:65:fd:00:6a:53:d8:78:c1:e5:86:
         3d:58:83:16:f6:52:a0:9b:2f:75:41:a2:fe:6e:3e:34:62:ec:
         82:ef:c0:91:3a:1c:2e:95:74:00:2e:cc:4c:2c:47:01:07:e6:
         6d:94:34:8b:dd:a1:fc:2f:ee:d5:d7:83:07:76:5d:af:66:f0:
         73:e5:62:ed:c2:70:00:d1:c4:36:0a:32:b4:d2:48:ef:e0:70:
         11:6d:13:5b:fe:0f:ea:a6:89:67:48:eb:25:e0:56:5c:81:23:
         2d:e8:d8:4f:e0:6c:a5:fa:be:02:9a:70:57:fa:9b:29:0d:6c:
         b8:60:51:a0:3b:95:68:57:35:7c:5c:c4:5b:68:ec:1c:dd:73:
         ba:04:40:0c:6e:23:3c:0b:78:bf:ff:da:20:79:37:21:eb:5e:
         fe:70:8b:d0:28:88:6d:d9:16:a3:23:5f:f7:04:34:76:1b:67:
         88:9d:b6:fb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULIo4bFAAqwFpeRC22+zmX0CVCKYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjEwMjQ5WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYjZkNjYzYTZjYTUyNzAzZmU1Yzg3ZGNlOTI1MDIxZjAx
ZWU3MWI2OTRjZjBhZTE0MWZkNDg5NmJjMjFmMzhlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9p9QXKv5ZWJkkIdb7ewRReQ2tjRL/8Ug58bHoFMoSNAcE
mAhf385CkYQ9720XLsBlBN/Q0IjB1lueA+qQe6AiJbXLj74yxqWb42mQxUmbyFEf
hBID9k+U6U+nhx8UOdulCLAA+I+0LiyvDr4P7ATLQApsVL6/G8q9RYEAPXIo44Y2
C19vmnSOyjeoL4Q59cmNqeqKMtJvpP3aYG/ln6qsRldKQSLw54yAf7HHneUz/tHE
wXM20fRDp3hmZExtdAHbrfTLQaJZm887mEOUjkNw5hTzWkU4JHzTDDrC5S/RPBXc
ZZz8e3fZwGtL7az3uO5DfWQ2D726D2Ekc3RanR9pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+tSZYAnFtodMf5AuVikxThA6BPAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQzOGZjZjY3LTgzYmItNGY2My05ZDc2LThhNTc2Mjc0MTE4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESrWowDQYJKoZIhvcNAQELBQADggEBAJ8EvqocPF7mRlkqi9r9FdruvGtc
ciF5rUzAb/5M2keWk0GqLGZgyOwQbwPd1jXGuNQsXRYOFK1eELeV2d76MMZvAIAb
uZhE/q/3ojRA6jV2Zf0AalPYeMHlhj1Ygxb2UqCbL3VBov5uPjRi7ILvwJE6HC6V
dAAuzEwsRwEH5m2UNIvdofwv7tXXgwd2Xa9m8HPlYu3CcADRxDYKMrTSSO/gcBFt
E1v+D+qmiWdI6yXgVlyBIy3o2E/gbKX6vgKacFf6mykNbLhgUaA7lWhXNXxcxFto
7Bzdc7oEQAxuIzwLeL//2iB5NyHrXv5wi9AoiG3ZFqMjX/cENHYbZ4idtvs=
-----END CERTIFICATE-----
Generated at Sat Oct 18 05:08:40 2025 by rpki-client