Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c7e2cba-171f-4ab5-ac80-fa9d7bac408e.roa
File:                     6c7e2cba-171f-4ab5-ac80-fa9d7bac408e.roa (raw, json)
Hash identifier:          +OICWHeHidkdlN6azXkdvh4IDTgr8sWjuhUu/8ppNAQ=
Subject key identifier:   3E:5B:33:D8:34:B2:BB:DF:E7:EF:A9:2B:B9:34:90:CE:1B:B1:61:9F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0AD65AF550B1BC3444972172603F16E441FAFDD2
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c7e2cba-171f-4ab5-ac80-fa9d7bac408e.roa
Signing time:             Mon 22 Sep 2025 22:14:57 +0000
ROA not before:           Mon 22 Sep 2025 22:14:57 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.238.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:d6:5a:f5:50:b1:bc:34:44:97:21:72:60:3f:16:e4:41:fa:fd:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 22:14:57 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=dc99679593af028f87117e59289985af936bc2c0b819c90199915dd616e6e00e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1c:89:11:0e:0d:1c:c5:83:86:5f:68:09:1b:
                    3b:a1:e4:d3:d0:d1:45:bc:a3:a4:a4:8a:59:1d:df:
                    cb:5d:4c:48:72:9f:ae:2c:d6:b4:51:64:e8:13:4c:
                    b6:b5:f1:f8:a5:82:62:b1:0e:96:14:08:83:21:d4:
                    e3:40:fa:91:bb:ca:4f:85:5f:49:07:97:13:f7:3c:
                    98:fd:f9:7d:38:17:36:14:65:ca:a8:c7:11:d5:1e:
                    f2:b5:cb:01:a2:fc:e0:93:d0:97:6f:da:31:4a:af:
                    08:85:8c:31:f8:5e:62:c5:21:80:94:79:c8:17:6e:
                    ac:fa:17:09:77:cb:55:d8:c2:fd:db:e9:01:cd:70:
                    ac:34:c7:5e:4a:d8:b8:33:58:c6:45:f4:12:1f:6f:
                    37:ef:13:37:c7:24:50:a6:b0:4d:82:9d:5f:27:cb:
                    fe:5a:94:ed:bd:c5:75:0e:60:0f:1d:55:54:c1:76:
                    d3:bc:9e:60:c7:fb:37:09:c8:91:23:42:e2:13:bd:
                    46:23:0a:26:6e:db:70:59:54:0c:5f:22:cf:50:97:
                    01:12:15:c7:5c:98:74:f2:73:a1:20:02:40:b8:52:
                    af:62:75:1f:bb:4d:24:ba:3e:4b:45:20:1f:11:ab:
                    48:64:9a:20:f0:db:b4:77:2a:76:86:05:de:87:70:
                    77:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:5B:33:D8:34:B2:BB:DF:E7:EF:A9:2B:B9:34:90:CE:1B:B1:61:9F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c7e2cba-171f-4ab5-ac80-fa9d7bac408e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.238.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:99:39:ee:2d:44:fe:b9:31:4a:8b:b8:60:d0:f3:d9:2d:a1:
         70:88:84:32:2a:c0:e4:f9:41:79:56:a8:f3:19:d9:2d:bb:55:
         58:84:fc:ea:f6:6c:89:c2:38:6f:4a:3a:03:e4:36:24:78:e8:
         34:35:98:c1:48:23:7f:fb:74:89:d2:49:32:81:f9:95:05:77:
         87:d2:72:e8:e6:b1:22:34:f9:c9:e1:08:1d:64:f5:ed:22:e3:
         6c:2c:21:6a:ff:6c:c1:aa:0c:a7:bc:96:c7:c1:5d:6b:c0:cf:
         67:d9:e4:fe:cc:38:bb:55:22:1c:77:43:87:3a:d2:ab:20:2f:
         00:91:c1:c9:2b:2d:a4:07:04:6b:e5:1a:9e:1e:47:b9:15:7a:
         93:71:8e:3a:51:5f:65:29:6b:bb:42:c3:49:5f:89:0e:d8:ac:
         14:57:7c:64:1e:ef:01:01:6a:42:62:5c:a9:c6:45:7b:c9:ac:
         34:13:4c:81:e2:57:30:55:77:f6:95:89:4e:1c:0a:e1:cc:17:
         6b:de:c0:d7:71:0f:85:db:da:8a:a0:de:af:d7:74:fe:9e:21:
         bb:19:ce:79:d4:87:5e:5b:ec:3a:b2:dc:d8:2d:a0:24:99:0b:
         5e:c0:e2:c0:89:0b:27:18:45:80:b4:6b:59:c9:19:a6:e9:3c:
         8a:33:f9:62
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCtZa9VCxvDRElyFyYD8W5EH6/dIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjIxNDU3WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzk5Njc5NTkzYWYwMjhmODcxMTdlNTkyODk5ODVhZjkz
NmJjMmMwYjgxOWM5MDE5OTkxNWRkNjE2ZTZlMDBlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzHIkRDg0cxYOGX2gJGzuh5NPQ0UW8o6Skilkd38tdTEhy
n64s1rRRZOgTTLa18filgmKxDpYUCIMh1ONA+pG7yk+FX0kHlxP3PJj9+X04FzYU
ZcqoxxHVHvK1ywGi/OCT0Jdv2jFKrwiFjDH4XmLFIYCUecgXbqz6Fwl3y1XYwv3b
6QHNcKw0x15K2LgzWMZF9BIfbzfvEzfHJFCmsE2CnV8ny/5alO29xXUOYA8dVVTB
dtO8nmDH+zcJyJEjQuITvUYjCiZu23BZVAxfIs9QlwESFcdcmHTyc6EgAkC4Uq9i
dR+7TSS6PktFIB8Rq0hkmiDw27R3KnaGBd6HcHf5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPlsz2DSyu9/n76kruTSQzhuxYZ8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZjN2UyY2JhLTE3MWYtNGFiNS1hYzgwLWZhOWQ3YmFjNDA4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIS7pwwDQYJKoZIhvcNAQELBQADggEBAHWZOe4tRP65MUqLuGDQ89ktoXCI
hDIqwOT5QXlWqPMZ2S27VViE/Or2bInCOG9KOgPkNiR46DQ1mMFII3/7dInSSTKB
+ZUFd4fScujmsSI0+cnhCB1k9e0i42wsIWr/bMGqDKe8lsfBXWvAz2fZ5P7MOLtV
Ihx3Q4c60qsgLwCRwckrLaQHBGvlGp4eR7kVepNxjjpRX2Upa7tCw0lfiQ7YrBRX
fGQe7wEBakJiXKnGRXvJrDQTTIHiVzBVd/aViU4cCuHMF2vewNdxD4Xb2oqg3q/X
dP6eIbsZznnUh15b7Dqy3NgtoCSZC17A4sCJCycYRYC0a1nJGabpPIoz+WI=
-----END CERTIFICATE-----