Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/90be638b-725a-43d3-9ff7-90e4f3480735.roa
File:                     90be638b-725a-43d3-9ff7-90e4f3480735.roa (raw, json)
Hash identifier:          Nx6aI3HZGnwqkFG8XXBkyj/LmPOhCEsdMCLHB86L2bs=
Subject key identifier:   25:44:4B:3F:50:D9:4F:A6:B1:7A:97:39:2D:8A:48:DA:71:2E:60:7A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       410643DD9F85913FF58DA4BD8CDC4D97D53E6E30
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/90be638b-725a-43d3-9ff7-90e4f3480735.roa
Signing time:             Wed 24 Sep 2025 23:07:06 +0000
ROA not before:           Wed 24 Sep 2025 23:07:06 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.67.56.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:06:43:dd:9f:85:91:3f:f5:8d:a4:bd:8c:dc:4d:97:d5:3e:6e:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 23:07:06 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=121f924148a991bb576fd84209b7c0038a690fb13215f9bd0f9f0ab722870050, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8e:cf:0b:a4:4e:7f:cc:50:5a:98:60:29:84:
                    f7:8d:dd:bf:4f:0e:fb:e3:d2:75:16:a8:5a:46:93:
                    7e:5b:e8:63:ac:be:6d:e5:1e:3d:4d:a0:5d:ac:48:
                    0a:36:25:d3:14:b1:a5:e2:bf:1e:38:e7:45:c8:b0:
                    8e:fe:e1:e7:9b:57:b1:ca:68:95:04:c7:d1:82:a4:
                    0d:65:3b:89:e8:11:1c:e5:2d:e7:36:1c:54:98:48:
                    94:3d:49:ea:16:85:7d:aa:ed:2f:d8:a3:95:44:5f:
                    1e:4e:b3:62:92:1d:b1:37:13:66:af:dc:6a:5c:e1:
                    19:59:5a:c0:71:8a:0c:97:7e:0e:a4:f0:00:0a:69:
                    86:5d:f8:25:58:24:e4:c0:bc:30:ef:64:62:87:6e:
                    3c:a1:21:80:b0:7f:70:9f:61:50:ee:2b:45:c4:59:
                    ef:91:2e:47:87:bf:eb:5c:99:69:72:fd:3d:ff:c7:
                    5b:e1:9b:86:6b:f5:65:73:0b:a7:8b:0f:b2:7e:7c:
                    dc:3a:a6:a5:30:6c:ad:83:ef:e9:48:3f:ce:6a:d5:
                    3b:74:3a:18:b4:82:ff:ef:82:9b:38:c5:ff:20:47:
                    21:86:34:9f:c8:3b:65:5e:e7:1a:2f:4f:ea:b3:11:
                    be:66:33:40:11:b7:19:43:ef:7c:e2:6f:c8:6b:03:
                    6c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:44:4B:3F:50:D9:4F:A6:B1:7A:97:39:2D:8A:48:DA:71:2E:60:7A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/90be638b-725a-43d3-9ff7-90e4f3480735.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.67.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8e:40:5b:b8:5a:01:13:6c:59:44:59:5f:98:dd:1a:7a:af:9f:
         7e:e7:64:2e:20:53:dc:4f:a1:a7:e1:0d:7e:8d:4c:22:71:31:
         ed:21:40:35:5f:0b:de:b1:75:20:2b:90:cf:4e:ae:fc:37:74:
         f5:7e:c6:3b:20:7e:7f:5e:47:59:06:0e:c8:7d:4f:b7:3b:43:
         41:b8:5a:e3:41:49:a3:49:6a:60:e1:26:69:30:57:4c:88:4d:
         b5:55:a0:d2:3f:f8:23:fe:d4:f6:f3:a5:f2:75:b2:0a:06:25:
         e9:d8:89:93:0f:e4:df:bb:02:5e:be:87:16:be:29:ad:b3:2c:
         0b:d8:cb:e7:a7:4d:d7:04:69:c9:63:64:bc:d9:13:01:b9:bf:
         69:67:8f:18:bd:33:c0:1b:ce:7b:5c:e0:e6:6b:50:4c:43:70:
         21:26:36:26:63:67:ba:ae:d8:96:7c:49:16:31:a8:10:f4:cc:
         af:08:7e:31:87:47:b3:c2:64:47:5a:b9:f9:8b:46:ce:19:e5:
         aa:d1:64:5b:b2:53:e1:96:d5:2a:d7:0d:3c:f0:5b:23:1f:4c:
         09:bf:60:80:00:c4:0d:cb:f5:e7:0e:24:65:d8:91:ed:eb:82:
         0e:e9:b4:51:ff:82:68:91:ea:5f:a5:48:81:75:20:c2:18:8b:
         cb:44:26:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQQZD3Z+FkT/1jaS9jNxNl9U+bjAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjMwNzA2WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMjFmOTI0MTQ4YTk5MWJiNTc2ZmQ4NDIwOWI3YzAwMzhh
NjkwZmIxMzIxNWY5YmQwZjlmMGFiNzIyODcwMDUwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7js8LpE5/zFBamGAphPeN3b9PDvvj0nUWqFpGk35b6GOs
vm3lHj1NoF2sSAo2JdMUsaXivx4450XIsI7+4eebV7HKaJUEx9GCpA1lO4noERzl
Lec2HFSYSJQ9SeoWhX2q7S/Yo5VEXx5Os2KSHbE3E2av3Gpc4RlZWsBxigyXfg6k
8AAKaYZd+CVYJOTAvDDvZGKHbjyhIYCwf3CfYVDuK0XEWe+RLkeHv+tcmWly/T3/
x1vhm4Zr9WVzC6eLD7J+fNw6pqUwbK2D7+lIP85q1Tt0Ohi0gv/vgps4xf8gRyGG
NJ/IO2Ve5xovT+qzEb5mM0ARtxlD73zib8hrA2xTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJURLP1DZT6axepc5LYpI2nEuYHowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzkwYmU2MzhiLTcyNWEtNDNkMy05ZmY3LTkwZTRmMzQ4MDczNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMSQzgwDQYJKoZIhvcNAQELBQADggEBAI5AW7haARNsWURZX5jdGnqvn37n
ZC4gU9xPoafhDX6NTCJxMe0hQDVfC96xdSArkM9Orvw3dPV+xjsgfn9eR1kGDsh9
T7c7Q0G4WuNBSaNJamDhJmkwV0yITbVVoNI/+CP+1PbzpfJ1sgoGJenYiZMP5N+7
Al6+hxa+Ka2zLAvYy+enTdcEacljZLzZEwG5v2lnjxi9M8Abzntc4OZrUExDcCEm
NiZjZ7qu2JZ8SRYxqBD0zK8IfjGHR7PCZEdaufmLRs4Z5arRZFuyU+GW1SrXDTzw
WyMfTAm/YIAAxA3L9ecOJGXYke3rgg7ptFH/gmiR6l+lSIF1IMIYi8tEJgM=
-----END CERTIFICATE-----