Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9c0738ab-0d59-4e7b-afb6-d15789d094de.roa
File:                     9c0738ab-0d59-4e7b-afb6-d15789d094de.roa (raw, json)
Hash identifier:          v6zFL4i/i9BxLk6Fxv8BRpYbWxhxyHww3ViHe32e9ps=
Subject key identifier:   F3:B6:60:91:8E:43:DB:8B:DB:D7:E2:21:F3:E9:2E:58:0D:8C:1D:43
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6426374F7DB8E7BD98A37C960455101717C97F6F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9c0738ab-0d59-4e7b-afb6-d15789d094de.roa
Signing time:             Fri 10 Oct 2025 16:48:50 +0000
ROA not before:           Fri 10 Oct 2025 16:48:50 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.214.224.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:26:37:4f:7d:b8:e7:bd:98:a3:7c:96:04:55:10:17:17:c9:7f:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 16:48:50 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=d831e04ff4f7841071a3f2ea4840e7e96b1fcfa64f0d436ba34135b18f0ed9e8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:6c:e0:9d:00:d8:04:82:03:d6:f0:eb:9e:69:
                    a7:1e:78:f3:5e:59:a1:27:fc:56:09:9b:32:06:12:
                    c5:d9:c9:fb:1b:0c:2c:1b:c6:45:ce:16:a5:d4:9c:
                    ac:6a:4a:dd:5d:01:53:4e:43:a4:ad:fe:d8:98:3c:
                    35:5c:23:a2:cc:f9:14:b8:da:8f:ee:5a:af:9c:4c:
                    c3:56:31:9a:42:4c:2f:3c:68:7f:d1:ef:75:f4:98:
                    98:4b:14:30:14:00:d9:80:ca:b0:c7:fa:6e:d3:bd:
                    73:7c:fc:6b:fa:9a:d3:db:d0:ae:93:8b:83:af:83:
                    bf:a0:a9:e6:73:56:3d:74:cd:86:74:0e:22:ec:cc:
                    50:ed:56:37:06:6e:6f:d1:04:60:44:bb:d6:fe:41:
                    b8:ce:37:34:31:4c:22:57:fc:03:87:7d:f0:ae:a0:
                    35:5f:fb:ea:de:5f:1b:ff:b2:93:dc:6e:1b:c4:28:
                    08:7a:08:cf:c1:aa:f3:54:16:1c:95:44:18:ad:1c:
                    da:75:e6:cf:f4:f4:44:b4:81:2c:61:1b:e0:2d:50:
                    1d:1b:dc:78:2a:cb:69:6b:9a:ab:15:e3:6e:cd:da:
                    74:72:13:e0:a6:49:f9:99:72:76:0b:6c:e4:55:bd:
                    72:89:25:f7:56:4e:7a:85:3c:39:93:0e:2d:b1:51:
                    a6:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:B6:60:91:8E:43:DB:8B:DB:D7:E2:21:F3:E9:2E:58:0D:8C:1D:43
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9c0738ab-0d59-4e7b-afb6-d15789d094de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.214.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7f:f5:82:8a:b9:d5:e8:7b:9d:67:f7:2a:48:b4:f2:a6:d0:8d:
         13:d2:e9:2e:91:6d:40:83:31:84:41:1d:6a:a1:6f:48:12:74:
         a1:7a:48:8c:1e:cf:89:38:26:26:6b:0c:12:c5:21:03:a4:7c:
         61:09:07:30:e0:5b:3c:bd:2e:09:58:18:b0:cb:b0:cb:05:55:
         6b:88:98:29:91:c2:3a:30:3e:ec:61:1e:fd:38:95:61:83:c6:
         3c:34:ae:03:ea:29:33:48:3e:34:44:5b:f1:db:20:86:2b:ab:
         de:bf:88:7a:6a:df:0c:6a:ce:65:5c:0a:54:3f:67:b5:35:39:
         15:fa:57:36:1d:6c:13:b5:f8:24:a7:a5:1c:cf:71:15:d3:d9:
         00:52:b0:48:31:b1:57:db:fd:f7:34:3a:16:25:c3:94:23:55:
         27:6f:84:3b:61:1a:f1:90:db:2f:8f:0b:84:b6:2d:52:0b:2f:
         4b:06:18:76:0b:cf:75:5e:c8:0e:76:c7:a3:3e:04:b3:06:5e:
         8c:35:d0:b4:40:93:d2:4b:6c:48:49:e3:1b:8e:19:03:81:27:
         32:9a:fe:25:84:87:e1:9c:88:c7:01:a1:0c:39:28:58:bf:11:
         4c:e3:f5:8d:cd:f1:b2:ad:15:bd:65:a3:3f:3e:33:05:0e:21:
         ba:7d:fe:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZCY3T324572Yo3yWBFUQFxfJf28wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTY0ODUwWhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkODMxZTA0ZmY0Zjc4NDEwNzFhM2YyZWE0ODQwZTdlOTZi
MWZjZmE2NGYwZDQzNmJhMzQxMzViMThmMGVkOWU4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJbOCdANgEggPW8OueaaceePNeWaEn/FYJmzIGEsXZyfsb
DCwbxkXOFqXUnKxqSt1dAVNOQ6St/tiYPDVcI6LM+RS42o/uWq+cTMNWMZpCTC88
aH/R73X0mJhLFDAUANmAyrDH+m7TvXN8/Gv6mtPb0K6Ti4Ovg7+gqeZzVj10zYZ0
DiLszFDtVjcGbm/RBGBEu9b+QbjONzQxTCJX/AOHffCuoDVf++reXxv/spPcbhvE
KAh6CM/BqvNUFhyVRBitHNp15s/09ES0gSxhG+AtUB0b3Hgqy2lrmqsV427N2nRy
E+CmSfmZcnYLbORVvXKJJfdWTnqFPDmTDi2xUaa3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU87ZgkY5D24vb1+Ih8+kuWA2MHUMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzljMDczOGFiLTBkNTktNGU3Yi1hZmI2LWQxNTc4OWQwOTRkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM21uAwDQYJKoZIhvcNAQELBQADggEBAH/1goq51eh7nWf3Kki08qbQjRPS
6S6RbUCDMYRBHWqhb0gSdKF6SIwez4k4JiZrDBLFIQOkfGEJBzDgWzy9LglYGLDL
sMsFVWuImCmRwjowPuxhHv04lWGDxjw0rgPqKTNIPjREW/HbIIYrq96/iHpq3wxq
zmVcClQ/Z7U1ORX6VzYdbBO1+CSnpRzPcRXT2QBSsEgxsVfb/fc0OhYlw5QjVSdv
hDthGvGQ2y+PC4S2LVILL0sGGHYLz3VeyA52x6M+BLMGXow10LRAk9JLbEhJ4xuO
GQOBJzKa/iWEh+GciMcBoQw5KFi/EUzj9Y3N8bKtFb1loz8+MwUOIbp9/k8=
-----END CERTIFICATE-----
Generated at Fri Oct 17 23:54:57 2025 by rpki-client