Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5061d347-eb0b-4a12-a059-ea939d5d2896.roa
File:                     5061d347-eb0b-4a12-a059-ea939d5d2896.roa (raw, json)
Hash identifier:          dPJKc/YX5A+N4YfX4RKAnRt7H/gXZAlUCUSZuPSVrJc=
Subject key identifier:   26:26:CC:8E:DF:AC:A5:46:2D:D1:9C:C3:16:D5:37:8D:D8:F2:D7:C5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2B2FAC4DB83C2A523E1EC0DD4B0930106C40FBBB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5061d347-eb0b-4a12-a059-ea939d5d2896.roa
Signing time:             Mon 22 Sep 2025 18:01:42 +0000
ROA not before:           Mon 22 Sep 2025 18:01:42 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.155.80.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:2f:ac:4d:b8:3c:2a:52:3e:1e:c0:dd:4b:09:30:10:6c:40:fb:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 18:01:42 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=9ed53212b08ec1be894c333d3a24601cd855e4678686a6262f2b0938b7243c22, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:24:92:9b:0d:cb:3f:3a:e4:8d:54:19:d1:fb:
                    70:f6:89:31:73:93:15:49:d3:36:75:c9:3c:01:d3:
                    6f:39:7c:85:42:63:08:52:25:68:be:1e:e9:af:8e:
                    32:6c:8b:76:10:d2:82:1c:40:e5:a4:73:5e:7a:a7:
                    92:a9:b7:7a:55:19:5f:8d:ba:6e:84:0e:3e:93:be:
                    9c:b0:29:eb:13:32:7f:13:23:10:69:5b:c3:7e:48:
                    5b:34:06:e2:ad:61:d9:ce:14:b4:f1:02:1e:d5:08:
                    8d:61:6a:1a:b8:23:80:48:6c:19:60:ec:0f:45:3d:
                    42:0e:61:f1:3c:e4:0f:6f:b3:08:df:a6:63:4c:6f:
                    f9:fe:dc:13:b0:1c:50:a8:90:1f:36:a0:a7:56:b3:
                    7c:cd:17:4b:36:0a:06:a4:3b:1b:77:c7:a6:36:52:
                    48:fd:33:c7:06:6f:17:ec:98:5f:fa:77:a9:9e:da:
                    33:31:8e:47:fa:cd:52:a4:35:04:4a:b7:19:dc:c4:
                    14:33:84:6b:af:fc:b0:6b:d5:12:8d:fb:5a:dd:46:
                    d0:cb:b8:0b:8f:38:0b:e0:00:a5:93:0d:a4:90:79:
                    af:f0:df:b8:e1:fa:ef:cb:fc:2d:08:af:23:1f:1a:
                    44:6e:2f:24:c0:19:68:aa:07:20:f9:44:17:e3:b6:
                    0d:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:26:CC:8E:DF:AC:A5:46:2D:D1:9C:C3:16:D5:37:8D:D8:F2:D7:C5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5061d347-eb0b-4a12-a059-ea939d5d2896.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.155.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:55:76:09:d2:49:66:29:99:a7:80:c9:2e:62:5c:d8:bf:d5:
         66:4b:e0:a3:d0:d8:5e:0e:54:ba:db:66:fc:f8:f0:38:30:d5:
         29:03:19:14:ef:cf:fd:e0:55:91:2e:bd:9c:f5:61:06:ba:0a:
         89:29:80:ce:bb:52:7e:64:db:d7:86:07:06:9f:dc:b9:7d:93:
         7c:ac:38:5c:28:cf:c6:38:a5:b0:7d:bf:d9:3c:1f:81:62:3e:
         74:cd:20:30:1e:27:13:79:d5:e3:fa:13:fc:a1:fe:99:32:2a:
         f9:68:8d:9d:7c:c9:02:97:fd:01:60:83:4e:7c:79:52:72:47:
         58:a0:4e:9e:fe:53:c4:07:33:ff:ec:03:91:3b:b6:4c:ee:91:
         6e:14:24:02:41:84:96:c1:71:1e:20:74:4a:6e:55:f9:69:29:
         a8:1d:ab:f4:19:03:a7:6c:d5:b5:65:a9:6f:5c:5c:85:3d:81:
         08:a3:96:c6:ac:11:e4:4e:58:a0:0e:1b:9d:b2:f8:ab:88:c4:
         76:a8:b0:43:73:a0:7d:fe:69:f5:f6:11:d2:31:c6:ec:a1:fb:
         be:21:dd:34:e7:9c:9f:3d:9a:e2:2f:e1:47:3d:62:3e:82:66:
         83:96:0f:74:3f:41:b8:ba:6b:4c:5d:91:d2:aa:e2:7a:49:49:
         53:af:87:4b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKy+sTbg8KlI+HsDdSwkwEGxA+7swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTgwMTQyWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZWQ1MzIxMmIwOGVjMWJlODk0YzMzM2QzYTI0NjAxY2Q4
NTVlNDY3ODY4NmE2MjYyZjJiMDkzOGI3MjQzYzIyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrJJKbDcs/OuSNVBnR+3D2iTFzkxVJ0zZ1yTwB0285fIVC
YwhSJWi+HumvjjJsi3YQ0oIcQOWkc156p5Kpt3pVGV+Num6EDj6TvpywKesTMn8T
IxBpW8N+SFs0BuKtYdnOFLTxAh7VCI1hahq4I4BIbBlg7A9FPUIOYfE85A9vswjf
pmNMb/n+3BOwHFCokB82oKdWs3zNF0s2CgakOxt3x6Y2Ukj9M8cGbxfsmF/6d6me
2jMxjkf6zVKkNQRKtxncxBQzhGuv/LBr1RKN+1rdRtDLuAuPOAvgAKWTDaSQea/w
37jh+u/L/C0IryMfGkRuLyTAGWiqByD5RBfjtg3nAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJibMjt+spUYt0ZzDFtU3jdjy18UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUwNjFkMzQ3LWViMGItNGExMi1hMDU5LWVhOTM5ZDVkMjg5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAISm1AwDQYJKoZIhvcNAQELBQADggEBACNVdgnSSWYpmaeAyS5iXNi/1WZL
4KPQ2F4OVLrbZvz48Dgw1SkDGRTvz/3gVZEuvZz1YQa6CokpgM67Un5k29eGBwaf
3Ll9k3ysOFwoz8Y4pbB9v9k8H4FiPnTNIDAeJxN51eP6E/yh/pkyKvlojZ18yQKX
/QFgg058eVJyR1igTp7+U8QHM//sA5E7tkzukW4UJAJBhJbBcR4gdEpuVflpKagd
q/QZA6ds1bVlqW9cXIU9gQijlsasEeROWKAOG52y+KuIxHaosENzoH3+afX2EdIx
xuyh+74h3TTnnJ89muIv4Uc9Yj6CZoOWD3Q/Qbi6a0xdkdKq4npJSVOvh0s=
-----END CERTIFICATE-----