Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/71e05456-0513-46be-a3c2-1659862be511.roa
File:                     71e05456-0513-46be-a3c2-1659862be511.roa (raw, json)
Hash identifier:          Omfvr9J2ugW93Yq+NaczIdAmS1wg+e8/w75rrgbYPoc=
Subject key identifier:   62:C8:3C:E9:2E:51:88:3B:31:32:F2:5F:55:62:10:94:C7:12:43:37
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       47CD34B718BFA8837AE447825ABEB9C9E7AF8CC8
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/71e05456-0513-46be-a3c2-1659862be511.roa
Signing time:             Fri 19 Sep 2025 17:32:03 +0000
ROA not before:           Fri 19 Sep 2025 17:32:03 +0000
ROA not after:            Fri 24 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.243.32.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:cd:34:b7:18:bf:a8:83:7a:e4:47:82:5a:be:b9:c9:e7:af:8c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 19 17:32:03 2025 GMT
            Not After : Oct 24 23:59:59 2025 GMT
        Subject: serialNumber=92861000359632e3a4aadb6b4f356aaf859e3f847f41bcfd38c5844b829c0e69, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8e:1d:85:4b:7e:08:72:88:a2:58:f1:03:02:
                    e8:20:15:98:2a:b5:bf:e6:5e:60:cb:2b:ea:3e:40:
                    5d:e4:77:a3:d7:52:77:51:5e:7b:b4:33:7c:c1:29:
                    b5:3c:2a:b5:ea:79:90:c9:2b:5b:39:2e:27:79:32:
                    b2:9a:d0:36:e4:f7:a9:02:14:04:0b:57:ab:57:25:
                    d9:f5:73:ad:74:f8:53:fe:37:25:40:5f:da:43:92:
                    f8:5b:0b:85:39:b1:a4:6c:95:a1:91:02:8d:c9:04:
                    5a:bd:04:33:9d:1e:14:c5:d8:38:03:5b:14:db:fb:
                    13:e3:47:0b:73:bc:3c:d5:da:e4:9b:01:fa:f7:8d:
                    7e:d5:41:50:0d:49:33:5c:b1:a8:65:df:9c:51:9d:
                    b7:8a:c3:5c:10:c7:b6:72:08:cc:c0:48:b0:3f:60:
                    dd:9c:4d:30:7d:eb:65:d7:74:81:7a:c7:e2:ff:52:
                    e1:49:41:4f:95:9d:53:f4:57:2a:6b:78:24:2a:e0:
                    b6:d8:80:9b:f4:d3:57:89:1b:fa:15:0d:46:cd:0e:
                    af:37:e1:04:0a:98:04:cd:17:18:14:c9:f2:bb:b7:
                    03:ab:1a:61:1f:70:b9:55:80:4c:f2:d0:37:eb:79:
                    34:47:41:12:47:db:d8:d1:aa:91:71:a7:d8:97:01:
                    93:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:C8:3C:E9:2E:51:88:3B:31:32:F2:5F:55:62:10:94:C7:12:43:37
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/71e05456-0513-46be-a3c2-1659862be511.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.243.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         22:ea:53:4c:bf:51:a0:0a:1d:62:19:71:a1:9f:63:25:f7:25:
         87:0f:9c:10:37:9a:93:88:b7:a4:ea:06:27:f6:a3:93:97:9e:
         cc:4e:eb:b4:da:60:b9:7f:5d:cb:41:12:8f:72:9b:26:1b:17:
         ea:45:41:cf:77:66:4c:8c:4b:10:d7:41:e9:21:15:47:66:9b:
         1e:40:6d:12:31:b0:ea:59:51:65:0b:dc:34:66:b0:a4:0f:fa:
         6f:24:b5:d7:ab:8b:24:34:dd:97:91:5b:f5:e6:3d:4b:72:ba:
         17:74:29:82:82:af:54:d5:ea:b9:4b:f7:37:42:27:5e:8e:74:
         45:dd:9a:d5:dc:1b:14:30:7d:24:c9:44:60:b6:66:03:5a:b1:
         6c:5c:2c:9a:7b:72:d4:51:52:37:65:7f:ba:ad:79:24:0f:6a:
         90:03:52:05:7e:39:ec:e2:7c:95:0a:aa:be:c2:84:1f:29:29:
         e8:c6:80:7a:05:b1:92:a6:fd:ea:78:91:c7:d6:35:08:27:34:
         bc:91:86:c3:bb:24:49:80:71:0f:2c:a5:c5:ce:1d:71:81:2d:
         e8:3d:b9:d5:22:94:7f:7c:30:78:17:74:52:35:20:50:19:e0:
         44:8c:4b:79:03:3f:c3:c5:1a:f2:08:25:1b:e0:a8:85:34:8b:
         a0:0f:2e:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR800txi/qIN65EeCWr65yeevjMgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTE5MTczMjAzWhcNMjUxMDI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5Mjg2MTAwMDM1OTYzMmUzYTRhYWRiNmI0ZjM1NmFhZjg1
OWUzZjg0N2Y0MWJjZmQzOGM1ODQ0YjgyOWMwZTY5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcjh2FS34IcoiiWPEDAuggFZgqtb/mXmDLK+o+QF3kd6PX
UndRXnu0M3zBKbU8KrXqeZDJK1s5Lid5MrKa0Dbk96kCFAQLV6tXJdn1c610+FP+
NyVAX9pDkvhbC4U5saRslaGRAo3JBFq9BDOdHhTF2DgDWxTb+xPjRwtzvDzV2uSb
Afr3jX7VQVANSTNcsahl35xRnbeKw1wQx7ZyCMzASLA/YN2cTTB962XXdIF6x+L/
UuFJQU+VnVP0VypreCQq4LbYgJv001eJG/oVDUbNDq834QQKmATNFxgUyfK7twOr
GmEfcLlVgEzy0DfreTRHQRJH29jRqpFxp9iXAZOxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYsg86S5RiDsxMvJfVWIQlMcSQzcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcxZTA1NDU2LTA1MTMtNDZiZS1hM2MyLTE2NTk4NjJiZTUxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU28yAwDQYJKoZIhvcNAQELBQADggEBACLqU0y/UaAKHWIZcaGfYyX3JYcP
nBA3mpOIt6TqBif2o5OXnsxO67TaYLl/XctBEo9ymyYbF+pFQc93ZkyMSxDXQekh
FUdmmx5AbRIxsOpZUWUL3DRmsKQP+m8ktderiyQ03ZeRW/XmPUtyuhd0KYKCr1TV
6rlL9zdCJ16OdEXdmtXcGxQwfSTJRGC2ZgNasWxcLJp7ctRRUjdlf7qteSQPapAD
UgV+OezifJUKqr7ChB8pKejGgHoFsZKm/ep4kcfWNQgnNLyRhsO7JEmAcQ8spcXO
HXGBLeg9udUilH98MHgXdFI1IFAZ4ESMS3kDP8PFGvIIJRvgqIU0i6APLkg=
-----END CERTIFICATE-----