Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a14221b0-833f-4f91-8470-2a1788dd495e.roa
File:                     a14221b0-833f-4f91-8470-2a1788dd495e.roa (raw, json)
Hash identifier:          9CmQJQCNLAExAZSqVpnh0/QzdawmYcJXiDvLFtlG5f0=
Subject key identifier:   15:F9:43:AE:C7:5C:FB:6F:F1:3F:00:E1:C5:79:8C:55:AB:3B:3E:80
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6F954010ABFA77689713D483D86701950505472B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a14221b0-833f-4f91-8470-2a1788dd495e.roa
Signing time:             Mon 22 Sep 2025 17:10:13 +0000
ROA not before:           Mon 22 Sep 2025 17:10:13 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.154.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:95:40:10:ab:fa:77:68:97:13:d4:83:d8:67:01:95:05:05:47:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 17:10:13 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=10c52f2ac59507b96be0a20d7fbccf82455562f85a9ea4a097d1e60d11d4db1d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:06:31:8c:23:4d:ac:01:d3:b3:f3:1f:4c:ea:
                    9d:cb:1a:16:87:42:c5:ae:50:c5:4f:2e:f5:cb:23:
                    d3:0f:43:fa:58:4f:a4:26:19:37:b8:2d:4c:ea:cb:
                    e0:4c:93:a1:d4:9e:08:b1:2f:56:8f:39:4a:30:6c:
                    97:c3:8d:e3:af:98:67:e9:e9:39:c6:45:10:30:50:
                    e5:e1:21:9f:1d:98:3c:c3:35:12:0f:9d:68:d5:d5:
                    5c:d1:99:b3:cd:d5:42:34:58:34:c1:74:04:22:ec:
                    29:b9:a7:b3:81:fe:9d:3f:16:28:3f:38:46:35:1f:
                    62:82:ae:7f:e0:45:6f:16:13:7e:31:b4:27:5a:46:
                    52:b4:db:cd:a3:d6:4b:84:c8:ab:23:43:a0:1c:46:
                    b1:5e:e5:c1:9e:58:3f:4a:de:41:23:b6:cf:41:c8:
                    72:ae:8e:0c:eb:3b:9e:7c:10:a5:e2:ad:14:6d:b1:
                    40:ea:15:da:11:ee:92:87:5f:9c:83:8f:2e:ef:12:
                    23:e1:00:7a:ca:22:ad:9c:04:e7:6f:e0:27:28:4e:
                    7f:41:97:10:c4:9f:a8:71:b6:a7:d6:75:1d:5d:99:
                    82:87:64:e0:9c:5f:43:e3:07:da:78:a9:8d:fa:a8:
                    f1:6d:d3:eb:f9:94:2a:08:d6:1c:4a:c5:5e:9f:a1:
                    a9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:F9:43:AE:C7:5C:FB:6F:F1:3F:00:E1:C5:79:8C:55:AB:3B:3E:80
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a14221b0-833f-4f91-8470-2a1788dd495e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.154.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:a0:4b:d1:fc:22:2d:88:e6:db:30:19:00:7b:d2:8e:5d:33:
         8c:b7:a5:de:2c:28:df:6b:bb:a7:1c:54:60:b3:e3:a0:7d:85:
         85:99:f8:39:a6:da:6f:59:00:a6:f3:a6:5d:3e:9c:52:ca:5a:
         de:9d:98:23:e4:6c:f1:ac:64:3a:7f:2f:15:7c:6a:ce:1e:93:
         12:4e:90:f1:0a:f2:e9:6f:5f:9d:cb:01:99:ee:eb:e6:36:90:
         26:de:23:0e:49:d9:2b:d2:bb:fd:6c:cf:63:13:19:b2:2e:f6:
         d4:c4:88:dc:d9:6d:71:c0:b9:ee:ce:e8:1a:6e:5c:8f:24:75:
         06:b2:71:52:07:8e:72:48:aa:38:d7:63:0d:39:f2:00:5b:4e:
         e4:67:e3:ba:6d:5d:7b:e2:00:2c:18:9d:e7:53:18:13:90:ff:
         b4:7b:78:0d:a1:08:1c:74:e3:99:1b:03:bc:9b:67:c6:af:7c:
         ce:b7:0b:52:ca:81:a4:f4:67:25:fe:75:d2:3f:78:1d:23:71:
         c9:13:e9:55:83:3f:0b:1a:c8:1e:d1:02:36:a3:4b:76:04:1d:
         ae:21:7c:b0:ce:9f:34:64:d5:e2:b7:f9:14:97:85:36:dd:dd:
         ae:0e:65:f7:f8:3b:72:1b:1b:ff:21:b6:05:64:96:fd:ee:b4:
         7c:aa:d2:37
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb5VAEKv6d2iXE9SD2GcBlQUFRyswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTcxMDEzWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMGM1MmYyYWM1OTUwN2I5NmJlMGEyMGQ3ZmJjY2Y4MjQ1
NTU2MmY4NWE5ZWE0YTA5N2QxZTYwZDExZDRkYjFkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTBjGMI02sAdOz8x9M6p3LGhaHQsWuUMVPLvXLI9MPQ/pY
T6QmGTe4LUzqy+BMk6HUngixL1aPOUowbJfDjeOvmGfp6TnGRRAwUOXhIZ8dmDzD
NRIPnWjV1VzRmbPN1UI0WDTBdAQi7Cm5p7OB/p0/Fig/OEY1H2KCrn/gRW8WE34x
tCdaRlK0282j1kuEyKsjQ6AcRrFe5cGeWD9K3kEjts9ByHKujgzrO558EKXirRRt
sUDqFdoR7pKHX5yDjy7vEiPhAHrKIq2cBOdv4CcoTn9BlxDEn6hxtqfWdR1dmYKH
ZOCcX0PjB9p4qY36qPFt0+v5lCoI1hxKxV6foan7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFflDrsdc+2/xPwDhxXmMVas7PoAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ExNDIyMWIwLTgzM2YtNGY5MS04NDcwLTJhMTc4OGRkNDk1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASmpUwDQYJKoZIhvcNAQELBQADggEBAJagS9H8Ii2I5tswGQB70o5dM4y3
pd4sKN9ru6ccVGCz46B9hYWZ+Dmm2m9ZAKbzpl0+nFLKWt6dmCPkbPGsZDp/LxV8
as4ekxJOkPEK8ulvX53LAZnu6+Y2kCbeIw5J2SvSu/1sz2MTGbIu9tTEiNzZbXHA
ue7O6BpuXI8kdQaycVIHjnJIqjjXYw058gBbTuRn47ptXXviACwYnedTGBOQ/7R7
eA2hCBx045kbA7ybZ8avfM63C1LKgaT0ZyX+ddI/eB0jcckT6VWDPwsayB7RAjaj
S3YEHa4hfLDOnzRk1eK3+RSXhTbd3a4OZff4O3IbG/8htgVklv3utHyq0jc=
-----END CERTIFICATE-----