Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/464c4327-2abd-4909-8c0c-44fb3daab897.roa
File:                     464c4327-2abd-4909-8c0c-44fb3daab897.roa (raw, json)
Hash identifier:          Q2vjMSvjO7vbHS9f5tqFiqxwMX+hpo0ZCJ/e4IoNLNY=
Subject key identifier:   A9:72:B6:A7:09:B5:72:C2:2B:D1:EE:D3:FC:EB:00:FF:A6:6C:90:AB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       62B39BE5BD8F2088FB74EF75EF4A1D38BCFCCD17
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/464c4327-2abd-4909-8c0c-44fb3daab897.roa
Signing time:             Tue 23 Sep 2025 00:02:37 +0000
ROA not before:           Tue 23 Sep 2025 00:02:37 +0000
ROA not after:            Tue 28 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.85.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:b3:9b:e5:bd:8f:20:88:fb:74:ef:75:ef:4a:1d:38:bc:fc:cd:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 23 00:02:37 2025 GMT
            Not After : Oct 28 23:59:59 2025 GMT
        Subject: serialNumber=2c280a15bd862ab344cff84ffe3cbce28c1be3a9dbfbe548ce598a82cbba3260, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:e6:17:e6:56:f5:ac:5d:0d:37:12:59:e3:c9:
                    c7:9d:52:f5:73:9b:8b:43:f0:97:c2:51:6b:bb:62:
                    a2:bc:9b:9e:ba:4d:2a:69:7e:94:66:f7:5f:15:0a:
                    2e:46:13:78:3d:3a:eb:05:ec:3b:01:c3:48:9b:5b:
                    eb:41:16:bb:4b:a1:dc:43:d7:e0:a3:ed:c7:f5:e8:
                    bf:6d:8c:05:86:c9:11:e0:1f:a1:39:a3:1f:71:f8:
                    74:fb:dc:9b:f3:73:20:c3:90:c4:b4:10:7c:f5:53:
                    d9:f1:1a:c2:6f:9b:76:ed:4c:e4:26:f4:f1:28:2a:
                    d5:2b:59:00:7c:cd:38:3c:35:37:bf:52:7a:64:de:
                    af:56:ae:eb:45:1c:66:b3:a3:13:1c:83:55:e9:c4:
                    20:02:bf:d5:21:28:fa:05:77:0e:8c:b6:2d:b9:86:
                    0b:3d:0f:71:d5:4c:b4:9a:b8:77:5d:e4:4f:2a:8d:
                    db:8e:13:ed:49:66:bb:6f:b1:12:03:dc:dd:28:ba:
                    bd:11:25:8f:62:10:37:64:a6:82:6d:46:c7:e0:44:
                    a2:ad:52:82:d9:ba:c7:c7:33:dd:e0:79:75:6e:28:
                    1d:9b:f6:8a:ec:c1:bf:17:77:c1:e8:0b:9f:f1:32:
                    a7:11:b6:20:ff:58:8d:b3:52:8a:37:ec:ab:8f:b4:
                    1c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:72:B6:A7:09:B5:72:C2:2B:D1:EE:D3:FC:EB:00:FF:A6:6C:90:AB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/464c4327-2abd-4909-8c0c-44fb3daab897.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.85.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:96:6d:84:3e:04:a3:6b:38:ab:96:14:24:6b:11:70:9f:59:
         09:80:98:fa:c3:30:da:86:8c:0a:7f:dc:e0:5e:63:17:aa:36:
         3c:62:4a:0e:0c:f9:ce:de:fd:5d:4a:91:3d:52:80:3f:96:32:
         bd:30:e7:8c:24:04:ba:11:94:ff:98:22:ed:e6:d5:ed:46:74:
         fd:3a:07:b1:d4:96:71:42:bc:73:12:bc:c5:33:ca:32:1c:6c:
         c7:1f:6b:ef:b2:72:89:3c:77:3b:09:8a:38:d7:1b:8e:68:1b:
         55:15:e1:c6:ef:bf:d5:c5:1e:4b:bc:e2:d9:9c:8b:a3:0d:c0:
         7c:bf:0c:bf:a8:2f:fc:06:74:b4:71:b6:eb:ad:2a:58:60:e2:
         d1:1b:10:23:e0:12:a2:c3:bd:e8:5f:7d:33:ff:c5:82:ec:67:
         01:15:de:e8:72:e5:ee:83:e9:dd:15:a1:2d:22:2a:ca:9c:3c:
         6b:7b:b7:ef:af:92:c6:b5:1a:7d:e8:a0:90:6c:40:36:59:63:
         06:31:aa:f7:e9:51:2f:3d:ee:46:22:77:9e:26:cb:3d:26:d7:
         23:00:5d:b3:68:08:50:a2:17:97:da:23:75:8f:8c:67:66:68:
         ca:49:88:28:ea:4a:b2:34:91:53:c5:e6:7b:f5:1e:3d:29:1d:
         aa:ca:dd:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYrOb5b2PIIj7dO9170odOLz8zRcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIzMDAwMjM3WhcNMjUxMDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzI4MGExNWJkODYyYWIzNDRjZmY4NGZmZTNjYmNlMjhj
MWJlM2E5ZGJmYmU1NDhjZTU5OGE4MmNiYmEzMjYwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCl5hfmVvWsXQ03ElnjycedUvVzm4tD8JfCUWu7YqK8m566
TSppfpRm918VCi5GE3g9OusF7DsBw0ibW+tBFrtLodxD1+Cj7cf16L9tjAWGyRHg
H6E5ox9x+HT73JvzcyDDkMS0EHz1U9nxGsJvm3btTOQm9PEoKtUrWQB8zTg8NTe/
Unpk3q9WrutFHGazoxMcg1XpxCACv9UhKPoFdw6Mti25hgs9D3HVTLSauHdd5E8q
jduOE+1JZrtvsRID3N0our0RJY9iEDdkpoJtRsfgRKKtUoLZusfHM93geXVuKB2b
9orswb8Xd8HoC5/xMqcRtiD/WI2zUoo37KuPtBzzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqXK2pwm1csIr0e7T/OsA/6ZskKswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ2NGM0MzI3LTJhYmQtNDkwOS04YzBjLTQ0ZmIzZGFhYjg5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0VakwDQYJKoZIhvcNAQELBQADggEBAIGWbYQ+BKNrOKuWFCRrEXCfWQmA
mPrDMNqGjAp/3OBeYxeqNjxiSg4M+c7e/V1KkT1SgD+WMr0w54wkBLoRlP+YIu3m
1e1GdP06B7HUlnFCvHMSvMUzyjIcbMcfa++ycok8dzsJijjXG45oG1UV4cbvv9XF
Hku84tmci6MNwHy/DL+oL/wGdLRxtuutKlhg4tEbECPgEqLDvehffTP/xYLsZwEV
3uhy5e6D6d0VoS0iKsqcPGt7t++vksa1Gn3ooJBsQDZZYwYxqvfpUS897kYid54m
yz0m1yMAXbNoCFCiF5faI3WPjGdmaMpJiCjqSrI0kVPF5nv1Hj0pHarK3aM=
-----END CERTIFICATE-----