Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4bee96e8-0a70-4122-9e72-dfc957e26376.roa
File:                     4bee96e8-0a70-4122-9e72-dfc957e26376.roa (raw, json)
Hash identifier:          DYxwahRZCWRrYCJk6XO7sEUh8BN5ZBcszcH3flTU540=
Subject key identifier:   1D:08:0A:C3:11:41:9A:0C:97:20:3E:82:A9:20:74:EA:61:46:92:DA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1C861A27CB360445AB2355D68A90D856E60FABCA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4bee96e8-0a70-4122-9e72-dfc957e26376.roa
Signing time:             Fri 26 Sep 2025 02:54:54 +0000
ROA not before:           Fri 26 Sep 2025 02:54:54 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.239.164.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:86:1a:27:cb:36:04:45:ab:23:55:d6:8a:90:d8:56:e6:0f:ab:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 02:54:54 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=7e42d1d5f05f5b3b970137439ab821338fa19daa62cef2231050a055a7ec0625, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d0:bb:75:fc:d3:be:82:28:2c:02:38:27:04:
                    48:e1:63:9f:3e:06:b4:76:3b:0c:4f:f1:df:1a:97:
                    cc:70:9e:c5:72:7c:27:8a:ea:0d:f2:b0:fb:43:13:
                    c5:49:d4:be:06:90:6c:d2:be:ef:ab:4b:68:60:2e:
                    de:54:30:fd:a5:68:1e:cb:40:8e:93:75:df:05:78:
                    b5:79:fd:e6:eb:2d:4a:c0:d4:7a:7b:6b:04:a0:a2:
                    ed:2f:e9:3c:e3:24:b3:b3:49:e6:a4:2d:6a:56:0b:
                    32:55:9c:c9:4c:24:e3:5b:e8:51:22:7e:64:d1:ad:
                    e0:c7:60:f6:a3:14:f6:30:44:41:e9:a7:f2:90:5b:
                    11:69:10:ce:43:2d:5f:87:4a:14:a7:41:66:73:b4:
                    bf:15:6c:ac:93:11:0b:0d:27:51:09:28:12:47:0a:
                    2a:be:ec:92:72:83:48:14:d3:08:79:c2:d1:5d:33:
                    80:f9:b8:ed:1a:05:d8:dc:40:ff:0c:75:94:fd:63:
                    fe:cc:88:46:d9:00:a9:10:30:6b:bb:73:bf:55:03:
                    03:ec:ac:34:70:49:33:46:3c:4b:45:d2:c2:57:72:
                    df:3a:09:df:c4:8d:de:00:13:f3:0d:c6:93:0b:13:
                    b5:ea:7a:81:d9:c2:0c:7a:ac:56:4e:a4:15:1e:5c:
                    da:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:08:0A:C3:11:41:9A:0C:97:20:3E:82:A9:20:74:EA:61:46:92:DA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4bee96e8-0a70-4122-9e72-dfc957e26376.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.239.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         10:28:53:5c:73:79:ac:ee:4a:2e:f1:17:37:87:4b:05:3f:3f:
         aa:b9:97:05:16:0e:64:ce:12:02:29:d8:2d:98:4a:5b:c0:41:
         dc:74:46:9e:af:22:e9:74:35:7e:7e:08:ad:9a:66:49:b7:1d:
         d3:33:b1:c7:2d:d1:df:f5:d5:a8:85:04:c1:df:71:c3:76:52:
         ba:36:62:9c:90:c1:e9:12:d6:df:7f:e7:b2:8f:66:dd:2f:66:
         52:7a:e4:54:b6:a3:5a:76:66:ab:4d:98:c8:03:71:4a:f6:9a:
         2d:41:00:ff:50:bd:5e:fc:25:1e:54:97:10:2f:24:9b:8f:e9:
         e0:e7:d1:d1:57:ad:ec:a7:e2:19:0b:e8:d8:74:02:0b:51:de:
         52:ce:fe:d1:1f:7c:8a:76:7f:92:5f:3e:43:c6:40:60:85:21:
         61:3a:25:c3:55:1a:59:a5:0d:11:78:72:22:3e:2e:0e:fd:92:
         03:09:f0:3b:72:9f:a7:6e:28:1b:2e:9c:2e:87:c0:19:13:1d:
         7f:2b:1a:eb:9a:5b:70:52:44:71:d1:31:d1:7d:86:0f:13:d9:
         96:ee:f0:b5:8c:f7:c7:1d:27:5a:e4:2e:4b:ba:87:2c:8e:5d:
         62:4f:e9:60:cd:4d:e9:d9:7b:75:0b:03:21:ca:8d:ae:0a:0a:
         01:ea:5b:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHIYaJ8s2BEWrI1XWipDYVuYPq8owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MDI1NDU0WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZTQyZDFkNWYwNWY1YjNiOTcwMTM3NDM5YWI4MjEzMzhm
YTE5ZGFhNjJjZWYyMjMxMDUwYTA1NWE3ZWMwNjI1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC00Lt1/NO+gigsAjgnBEjhY58+BrR2OwxP8d8al8xwnsVy
fCeK6g3ysPtDE8VJ1L4GkGzSvu+rS2hgLt5UMP2laB7LQI6Tdd8FeLV5/ebrLUrA
1Hp7awSgou0v6TzjJLOzSeakLWpWCzJVnMlMJONb6FEifmTRreDHYPajFPYwREHp
p/KQWxFpEM5DLV+HShSnQWZztL8VbKyTEQsNJ1EJKBJHCiq+7JJyg0gU0wh5wtFd
M4D5uO0aBdjcQP8MdZT9Y/7MiEbZAKkQMGu7c79VAwPsrDRwSTNGPEtF0sJXct86
Cd/Ejd4AE/MNxpMLE7XqeoHZwgx6rFZOpBUeXNpJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHQgKwxFBmgyXID6CqSB06mFGktowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRiZWU5NmU4LTBhNzAtNDEyMi05ZTcyLWRmYzk1N2UyNjM3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE276QwDQYJKoZIhvcNAQELBQADggEBABAoU1xzeazuSi7xFzeHSwU/P6q5
lwUWDmTOEgIp2C2YSlvAQdx0Rp6vIul0NX5+CK2aZkm3HdMzscct0d/11aiFBMHf
ccN2Uro2YpyQwekS1t9/57KPZt0vZlJ65FS2o1p2ZqtNmMgDcUr2mi1BAP9QvV78
JR5UlxAvJJuP6eDn0dFXreyn4hkL6Nh0AgtR3lLO/tEffIp2f5JfPkPGQGCFIWE6
JcNVGlmlDRF4ciI+Lg79kgMJ8Dtyn6duKBsunC6HwBkTHX8rGuuaW3BSRHHRMdF9
hg8T2Zbu8LWM98cdJ1rkLku6hyyOXWJP6WDNTenZe3ULAyHKja4KCgHqWyU=
-----END CERTIFICATE-----