Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8e7c307f-a97b-4a36-bd58-8f30539e688b.roa
File:                     8e7c307f-a97b-4a36-bd58-8f30539e688b.roa (raw, json)
Hash identifier:          wYfpIN7hXzpBrzq+vzrCz1cGn4VK3BPga2tld7GjCMs=
Subject key identifier:   98:CB:E6:75:A2:2A:0F:86:7E:01:4B:B3:B2:24:93:E0:8B:4D:1C:DE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       74023C31EFF5BEECD2EA19E3A83AEDD827BF2185
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8e7c307f-a97b-4a36-bd58-8f30539e688b.roa
Signing time:             Wed 24 Sep 2025 20:24:24 +0000
ROA not before:           Wed 24 Sep 2025 20:24:24 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.226.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:02:3c:31:ef:f5:be:ec:d2:ea:19:e3:a8:3a:ed:d8:27:bf:21:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 20:24:24 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=a1b27eb12cee69754ecab767f681f8e64a4a6843e4f540c046d2eadc6a60d68e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:77:7b:88:04:c8:9c:a2:0a:12:4d:a8:eb:e5:
                    39:3f:19:ac:1c:42:d2:74:37:6c:72:53:a6:1d:a6:
                    53:99:70:cb:39:fd:f6:97:ad:34:3d:7d:1e:8a:4a:
                    6e:2a:33:75:c9:df:ac:1d:7f:38:e5:d2:00:6b:77:
                    09:b9:8a:94:de:f8:00:ac:3e:a8:35:75:d4:7d:f3:
                    24:1e:09:fc:85:00:15:2d:13:ef:78:42:0e:be:b9:
                    2d:53:3c:63:16:d6:bc:39:a7:13:cd:f2:6e:ab:42:
                    92:5e:41:75:f9:c0:f8:a2:fe:01:8b:11:28:cf:d9:
                    97:fe:9f:c7:11:be:18:c2:6f:80:fd:11:4d:0a:84:
                    1b:49:76:e3:df:ec:43:27:ba:c3:a7:b5:9c:45:d3:
                    29:ef:37:cc:9b:7c:47:67:02:b8:22:fb:89:df:d3:
                    27:a3:5f:26:86:e9:3e:74:e0:45:56:be:44:17:22:
                    15:1c:4f:8d:46:9f:0c:1e:d4:3b:dc:93:e1:b2:b5:
                    4c:2c:b4:19:85:7f:c7:0b:01:20:fd:a3:89:69:2b:
                    3d:ff:21:14:e0:b5:e5:d9:00:65:c0:d9:d4:ff:1d:
                    0f:a5:76:a4:b2:d2:dc:54:68:70:46:72:a9:86:17:
                    8b:ea:e5:f1:9a:90:6c:3a:88:0f:cc:9c:79:7c:52:
                    0d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:CB:E6:75:A2:2A:0F:86:7E:01:4B:B3:B2:24:93:E0:8B:4D:1C:DE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8e7c307f-a97b-4a36-bd58-8f30539e688b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.226.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:90:70:0c:95:22:9f:e7:0a:67:00:df:f6:3e:c9:10:69:5f:
         58:f3:94:03:50:7d:78:ce:15:09:de:e8:73:69:93:d1:06:56:
         67:1b:25:da:02:1e:ff:f2:dc:9b:47:30:00:37:fb:02:73:a2:
         f4:3c:2d:6e:c0:36:dd:4e:6a:56:71:96:a1:94:61:d3:b4:0b:
         c1:86:a2:d3:1c:75:bb:04:11:fc:dc:37:7d:77:54:bf:24:a6:
         8e:25:6b:f0:c8:be:59:58:70:f4:07:94:b3:89:b3:90:cd:2f:
         c4:79:47:d7:4a:bc:3c:a5:e8:f7:7e:9a:9f:77:39:e3:ea:dc:
         c7:49:f1:39:dc:5b:6d:b4:f2:c7:d9:6a:c7:34:47:78:b6:73:
         ad:91:21:eb:98:d6:06:07:c2:6f:01:5c:83:d9:ec:0b:6b:3d:
         bd:fe:42:8b:a9:77:dd:32:d4:a8:20:db:d6:33:eb:85:ae:2b:
         f7:e0:19:10:38:6c:c4:21:ec:d0:a4:c4:30:20:83:7e:cc:91:
         ab:df:f7:77:60:f6:e2:b3:00:f8:4d:ab:e4:db:67:4e:c2:a4:
         bb:58:da:ef:70:6b:03:5c:9d:5c:5a:21:63:12:29:c3:4e:38:
         0d:25:37:23:cd:01:0a:8f:4d:6e:2d:8c:b5:22:07:37:27:fa:
         b7:3e:3f:44
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdAI8Me/1vuzS6hnjqDrt2Ce/IYUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjAyNDI0WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMWIyN2ViMTJjZWU2OTc1NGVjYWI3NjdmNjgxZjhlNjRh
NGE2ODQzZTRmNTQwYzA0NmQyZWFkYzZhNjBkNjhlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEd3uIBMicogoSTajr5Tk/GawcQtJ0N2xyU6YdplOZcMs5
/faXrTQ9fR6KSm4qM3XJ36wdfzjl0gBrdwm5ipTe+ACsPqg1ddR98yQeCfyFABUt
E+94Qg6+uS1TPGMW1rw5pxPN8m6rQpJeQXX5wPii/gGLESjP2Zf+n8cRvhjCb4D9
EU0KhBtJduPf7EMnusOntZxF0ynvN8ybfEdnArgi+4nf0yejXyaG6T504EVWvkQX
IhUcT41Gnwwe1Dvck+GytUwstBmFf8cLASD9o4lpKz3/IRTgteXZAGXA2dT/HQ+l
dqSy0txUaHBGcqmGF4vq5fGakGw6iA/MnHl8Ug1DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmMvmdaIqD4Z+AUuzsiST4ItNHN4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhlN2MzMDdmLWE5N2ItNGEzNi1iZDU4LThmMzA1MzllNjg4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEN4kwwDQYJKoZIhvcNAQELBQADggEBADaQcAyVIp/nCmcA3/Y+yRBpX1jz
lANQfXjOFQne6HNpk9EGVmcbJdoCHv/y3JtHMAA3+wJzovQ8LW7ANt1OalZxlqGU
YdO0C8GGotMcdbsEEfzcN313VL8kpo4la/DIvllYcPQHlLOJs5DNL8R5R9dKvDyl
6Pd+mp93OePq3MdJ8TncW2208sfZasc0R3i2c62RIeuY1gYHwm8BXIPZ7AtrPb3+
Qoupd90y1Kgg29Yz64WuK/fgGRA4bMQh7NCkxDAgg37Mkavf93dg9uKzAPhNq+Tb
Z07CpLtY2u9wawNcnVxaIWMSKcNOOA0lNyPNAQqPTW4tjLUiBzcn+rc+P0Q=
-----END CERTIFICATE-----