Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8d87c600-6e0e-47a7-b20f-1274d0c7a45c.roa
File:                     8d87c600-6e0e-47a7-b20f-1274d0c7a45c.roa (raw, json)
Hash identifier:          1QPNI3G4M/6XH5Jz4jsrtcxGe1IuT1hK7JDsdE0neBo=
Subject key identifier:   D1:7B:F7:9D:30:58:2B:C7:08:65:5D:6B:99:A6:80:43:BC:4D:FB:56
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       51EE8D4E2C2B4C6FFDE5CE8FAA21C100454AD8BE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8d87c600-6e0e-47a7-b20f-1274d0c7a45c.roa
Signing time:             Wed 15 Oct 2025 18:46:34 +0000
ROA not before:           Wed 15 Oct 2025 18:46:34 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.204.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:ee:8d:4e:2c:2b:4c:6f:fd:e5:ce:8f:aa:21:c1:00:45:4a:d8:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 15 18:46:34 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=8e17c04c668a7aea7c01a63802188520cb645469701f1dacfcd03759916c0494, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:b7:ee:f1:a5:91:6e:b5:51:e7:5b:cb:3f:26:
                    7b:04:4c:3c:3f:4e:f3:50:22:2e:4d:6c:9c:f1:bd:
                    36:6b:83:78:77:1d:1b:30:b6:09:d1:f2:8a:e9:26:
                    0b:08:64:46:71:fe:cb:29:06:04:bf:7c:1e:75:5e:
                    b5:0b:43:13:2e:1a:09:9b:cb:b8:34:f7:9f:45:1e:
                    27:12:45:b7:40:97:d4:0c:36:2b:06:67:eb:50:82:
                    eb:bd:ea:36:aa:31:f1:38:c2:a4:e7:de:f2:14:17:
                    03:b3:64:96:af:f9:d1:04:15:2a:52:3b:31:19:4f:
                    07:ca:d0:36:48:2a:60:2c:e5:ea:b4:09:ec:27:6e:
                    ad:3f:b3:05:bd:54:de:a9:01:98:81:0e:7c:1d:c0:
                    55:60:c6:a8:7c:96:d0:d5:d5:e1:98:68:4e:57:f0:
                    69:45:45:62:8a:d8:b4:53:aa:11:b7:1f:98:45:70:
                    24:c9:f0:b7:f2:a5:63:17:b6:49:11:1f:25:07:e8:
                    6f:c5:b6:b2:91:ff:e2:c7:f1:d4:d4:3d:56:5c:e5:
                    3b:96:4b:78:cc:cd:e0:bf:3e:a7:01:76:10:d0:a5:
                    8a:ef:84:c0:f4:b7:e8:2f:cb:87:aa:92:bf:8c:e0:
                    e2:fc:42:77:3c:f6:4d:9a:8e:9b:7a:40:64:84:d5:
                    bd:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:7B:F7:9D:30:58:2B:C7:08:65:5D:6B:99:A6:80:43:BC:4D:FB:56
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8d87c600-6e0e-47a7-b20f-1274d0c7a45c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.204.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:e1:1f:29:c4:0e:6e:32:fa:0d:e6:dc:6e:ae:6f:46:d2:95:
         5f:21:63:75:42:d8:0e:ae:b2:dc:5c:48:92:b0:26:f1:de:5e:
         f7:64:64:5d:e3:f6:99:c7:fe:1e:2d:1a:78:10:d1:7f:1b:bf:
         a2:ed:bb:92:92:d5:5c:b6:cf:0d:39:4e:43:1e:f2:03:c4:c0:
         61:5c:82:d7:cd:a4:fa:08:fc:f0:b8:25:66:42:c9:c5:fd:64:
         8f:e3:b2:d4:1b:0c:cb:78:98:c1:10:c8:db:71:47:e3:50:ce:
         46:19:29:c9:30:ef:16:77:3d:3f:d9:d4:87:fa:9f:81:84:87:
         0f:e7:d1:4d:d0:6c:92:42:e6:1b:71:61:82:0d:cf:a3:cb:4a:
         4f:33:1d:20:1e:87:95:b9:79:9b:17:b3:ac:74:6c:a4:89:74:
         dc:86:f7:60:c5:cf:27:27:a3:63:9d:c0:70:19:55:f4:80:41:
         c9:2f:07:8c:c8:58:f7:f5:4c:39:d6:1d:f4:14:5e:f5:b1:78:
         58:03:ec:73:21:f3:44:b9:2c:d1:54:76:dd:e5:c3:37:d8:16:
         c9:aa:71:81:bc:70:4a:9a:7f:01:fb:10:74:ee:99:9e:71:b5:
         51:b0:0e:65:47:d8:92:58:4c:cc:26:9f:d7:4e:0e:f1:93:e1:
         30:dd:79:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUe6NTiwrTG/95c6PqiHBAEVK2L4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE1MTg0NjM0WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZTE3YzA0YzY2OGE3YWVhN2MwMWE2MzgwMjE4ODUyMGNi
NjQ1NDY5NzAxZjFkYWNmY2QwMzc1OTkxNmMwNDk0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRt+7xpZFutVHnW8s/JnsETDw/TvNQIi5NbJzxvTZrg3h3
HRswtgnR8orpJgsIZEZx/sspBgS/fB51XrULQxMuGgmby7g0959FHicSRbdAl9QM
NisGZ+tQguu96jaqMfE4wqTn3vIUFwOzZJav+dEEFSpSOzEZTwfK0DZIKmAs5eq0
Cewnbq0/swW9VN6pAZiBDnwdwFVgxqh8ltDV1eGYaE5X8GlFRWKK2LRTqhG3H5hF
cCTJ8LfypWMXtkkRHyUH6G/FtrKR/+LH8dTUPVZc5TuWS3jMzeC/PqcBdhDQpYrv
hMD0t+gvy4eqkr+M4OL8Qnc89k2ajpt6QGSE1b17AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0Xv3nTBYK8cIZV1rmaaAQ7xN+1YwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhkODdjNjAwLTZlMGUtNDdhNy1iMjBmLTEyNzRkMGM3YTQ1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACPzGcwDQYJKoZIhvcNAQELBQADggEBAA3hHynEDm4y+g3m3G6ub0bSlV8h
Y3VC2A6ustxcSJKwJvHeXvdkZF3j9pnH/h4tGngQ0X8bv6Ltu5KS1Vy2zw05TkMe
8gPEwGFcgtfNpPoI/PC4JWZCycX9ZI/jstQbDMt4mMEQyNtxR+NQzkYZKckw7xZ3
PT/Z1If6n4GEhw/n0U3QbJJC5htxYYINz6PLSk8zHSAeh5W5eZsXs6x0bKSJdNyG
92DFzycno2OdwHAZVfSAQckvB4zIWPf1TDnWHfQUXvWxeFgD7HMh80S5LNFUdt3l
wzfYFsmqcYG8cEqafwH7EHTumZ5xtVGwDmVH2JJYTMwmn9dODvGT4TDdeX8=
-----END CERTIFICATE-----