Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a16b5665-12e6-4bed-ad56-bfa4488bd3f5.roa
File:                     a16b5665-12e6-4bed-ad56-bfa4488bd3f5.roa (raw, json)
Hash identifier:          L90O+saJO0jPUU4uaI35PvBvnnI8MYdBsmc8Bh9vX9g=
Subject key identifier:   2E:3F:63:15:D1:9F:8D:D6:F1:30:91:48:BC:D2:13:67:BD:9E:FA:07
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       55E0827C7C3A2498F2D333A45913414E97D2C1DF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a16b5665-12e6-4bed-ad56-bfa4488bd3f5.roa
Signing time:             Wed 24 Sep 2025 21:10:29 +0000
ROA not before:           Wed 24 Sep 2025 21:10:29 +0000
ROA not after:            Wed 29 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.64.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:e0:82:7c:7c:3a:24:98:f2:d3:33:a4:59:13:41:4e:97:d2:c1:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 24 21:10:29 2025 GMT
            Not After : Oct 29 23:59:59 2025 GMT
        Subject: serialNumber=a7151c20daba10c7f1f6393c6821feef348626eba3a65a04916ed383774397d7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bf:c7:18:a8:7f:16:9f:df:c4:55:99:fc:35:
                    52:ed:19:2e:ea:2e:1f:69:2e:1c:25:5c:73:4b:bc:
                    1c:2b:d7:5e:58:e5:a7:29:90:37:03:25:47:3e:ef:
                    41:9e:ae:74:aa:7d:c0:6d:1d:47:0d:45:57:ca:ec:
                    d3:da:38:fc:53:27:d8:14:2a:b0:bf:31:f0:02:af:
                    02:3f:9c:2e:b7:79:66:04:b8:27:a3:73:c3:ad:f5:
                    08:25:b0:b1:35:29:4f:c6:1d:74:60:70:88:a7:d1:
                    9b:1f:2b:52:c0:e1:e1:33:ab:e4:c8:ce:69:d9:59:
                    29:a5:d0:6f:db:80:8a:9e:ad:b5:83:f3:ab:03:c5:
                    ce:b5:cb:7c:f1:31:93:6c:ce:db:ec:d5:74:76:99:
                    57:20:fa:69:66:4e:5b:1c:eb:da:5e:3d:8c:0e:67:
                    4f:d8:4b:97:ef:64:c0:9f:fd:bc:dc:f8:87:95:57:
                    e2:7c:f2:51:9d:12:6a:4c:cc:0d:af:83:bc:eb:79:
                    76:a0:10:bd:60:1b:09:eb:27:9f:c0:b6:7d:4e:da:
                    3b:8a:e3:45:0d:1b:7e:88:a5:26:a2:3f:4a:4a:9b:
                    ad:af:29:ac:e9:a8:f3:a3:83:9b:35:66:ee:81:8a:
                    ce:59:c2:d6:24:ae:a9:4a:cc:40:77:01:1e:52:d2:
                    13:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:3F:63:15:D1:9F:8D:D6:F1:30:91:48:BC:D2:13:67:BD:9E:FA:07
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a16b5665-12e6-4bed-ad56-bfa4488bd3f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.64.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:c7:b9:c1:56:8b:3e:43:ac:ef:d0:47:76:52:2c:92:38:55:
         af:05:45:12:ef:28:ef:03:29:f8:ff:40:b5:c0:58:0a:8c:5b:
         14:c8:b2:2b:fa:d4:c3:3e:d3:dd:cf:65:f1:1f:aa:92:8d:41:
         02:00:c7:7b:32:45:ba:0d:52:e4:ae:ef:9d:a5:30:27:86:22:
         e5:27:11:ea:82:40:a4:52:c9:4e:11:de:6b:db:21:21:fa:c5:
         7a:c1:dd:b8:2b:a4:2d:f3:cf:c6:8c:f2:d3:9d:a3:72:ee:d2:
         07:fd:d0:72:80:44:e1:40:f4:58:b6:25:13:d9:f6:79:2f:1c:
         a5:7e:6d:96:54:44:b3:24:4b:a6:36:23:cc:51:64:33:57:79:
         c1:c0:a7:40:18:87:6c:6b:8a:69:85:a6:28:b7:bf:b2:69:fa:
         b3:45:7b:cf:ed:dc:07:4a:fe:a2:1b:2b:71:e2:7a:7e:c6:be:
         b0:f8:99:d8:69:2e:92:bb:74:3a:49:ad:cb:5c:6d:ac:6b:f2:
         94:c9:6e:df:7e:17:08:f8:85:39:e8:49:e3:e1:3f:6c:d3:5a:
         78:9e:09:76:94:a7:a1:05:95:22:29:ff:11:7c:0e:37:9a:77:
         7d:22:ea:59:bc:6b:6e:0a:d7:8b:5f:dd:55:ab:c0:82:4a:3f:
         4c:ce:da:58
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVeCCfHw6JJjy0zOkWRNBTpfSwd8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI0MjExMDI5WhcNMjUxMDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzE1MWMyMGRhYmExMGM3ZjFmNjM5M2M2ODIxZmVlZjM0
ODYyNmViYTNhNjVhMDQ5MTZlZDM4Mzc3NDM5N2Q3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzv8cYqH8Wn9/EVZn8NVLtGS7qLh9pLhwlXHNLvBwr115Y
5acpkDcDJUc+70GernSqfcBtHUcNRVfK7NPaOPxTJ9gUKrC/MfACrwI/nC63eWYE
uCejc8Ot9QglsLE1KU/GHXRgcIin0ZsfK1LA4eEzq+TIzmnZWSml0G/bgIqerbWD
86sDxc61y3zxMZNsztvs1XR2mVcg+mlmTlsc69pePYwOZ0/YS5fvZMCf/bzc+IeV
V+J88lGdEmpMzA2vg7zreXagEL1gGwnrJ5/Atn1O2juK40UNG36IpSaiP0pKm62v
KazpqPOjg5s1Zu6Bis5ZwtYkrqlKzEB3AR5S0hMlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULj9jFdGfjdbxMJFIvNITZ72e+gcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ExNmI1NjY1LTEyZTYtNGJlZC1hZDU2LWJmYTQ0ODhiZDNmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQBAwDQYJKoZIhvcNAQELBQADggEBAD/HucFWiz5DrO/QR3ZSLJI4Va8F
RRLvKO8DKfj/QLXAWAqMWxTIsiv61MM+093PZfEfqpKNQQIAx3syRboNUuSu752l
MCeGIuUnEeqCQKRSyU4R3mvbISH6xXrB3bgrpC3zz8aM8tOdo3Lu0gf90HKAROFA
9Fi2JRPZ9nkvHKV+bZZURLMkS6Y2I8xRZDNXecHAp0AYh2xrimmFpii3v7Jp+rNF
e8/t3AdK/qIbK3Hien7GvrD4mdhpLpK7dDpJrctcbaxr8pTJbt9+Fwj4hTnoSePh
P2zTWnieCXaUp6EFlSIp/xF8Djead30i6lm8a24K14tf3VWrwIJKP0zO2lg=
-----END CERTIFICATE-----