Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b0cbc273-41c7-4c56-b6fd-da27be391845.roa
File:                     b0cbc273-41c7-4c56-b6fd-da27be391845.roa (raw, json)
Hash identifier:          B0Xny3OBujyoTyBCyKK7cr9cyRLLkvXwG/+SEa690tE=
Subject key identifier:   70:93:DF:BD:B6:4A:7E:27:65:53:C7:B6:8C:AC:4A:D7:2C:E6:79:1F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0ADDE0E8A467F41AD0067B4CF61F86C55FEDC146
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b0cbc273-41c7-4c56-b6fd-da27be391845.roa
Signing time:             Mon 22 Sep 2025 18:45:15 +0000
ROA not before:           Mon 22 Sep 2025 18:45:15 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.160.148.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:dd:e0:e8:a4:67:f4:1a:d0:06:7b:4c:f6:1f:86:c5:5f:ed:c1:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 18:45:15 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=15ffbb98690304203069302d8b2030341af72feface51547e9b461641fd64da1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e5:87:a8:53:7e:d7:17:bd:42:9c:b3:6b:75:
                    67:0c:f4:d6:95:42:33:79:b6:1d:dc:37:36:b5:b3:
                    c0:40:87:dc:a1:99:21:17:62:3c:cb:0b:52:ac:af:
                    57:4c:71:1b:12:41:20:d3:f2:2a:68:c3:11:ea:df:
                    c3:42:97:58:43:b1:7a:b8:4c:d9:86:c8:0c:5b:46:
                    00:de:00:a7:0b:0e:70:9b:c1:e1:8f:5d:27:c9:4e:
                    b8:ea:51:f3:2b:b5:f5:49:ff:f0:c3:bc:a5:a2:1e:
                    49:b9:1e:62:8b:06:e1:59:20:3d:19:4c:ce:c3:4a:
                    c7:11:1b:d6:2c:9c:7d:43:3a:3b:5f:01:93:9d:da:
                    34:54:5a:8d:c2:c0:8d:40:c6:e1:e8:86:d1:5d:7b:
                    09:cc:fc:ca:af:d7:f7:af:8f:ac:0d:7b:06:44:13:
                    42:e1:fb:39:46:fb:60:6e:54:82:7b:e2:53:f6:85:
                    a7:58:08:c0:4d:d9:cc:c4:f5:74:ca:95:e0:69:cc:
                    0f:06:43:de:4c:2b:34:f6:20:e2:a4:33:82:90:8d:
                    18:94:23:36:f0:f0:00:32:c9:67:90:41:24:a2:24:
                    40:b3:97:cd:57:6a:31:89:41:ff:b4:21:2a:e6:02:
                    4c:76:b5:35:ef:ba:14:b3:75:3c:89:b6:91:a1:65:
                    c3:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:93:DF:BD:B6:4A:7E:27:65:53:C7:B6:8C:AC:4A:D7:2C:E6:79:1F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b0cbc273-41c7-4c56-b6fd-da27be391845.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.160.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:fd:12:28:65:44:6a:bc:e3:cf:c7:96:8f:3b:39:db:c1:bc:
         39:e8:07:8f:6a:19:eb:b6:63:8b:d9:3e:cd:43:11:f6:a0:14:
         d7:ef:ab:d8:ba:d4:0c:39:20:ad:78:f3:64:ed:47:4d:7c:85:
         8e:b6:93:a3:51:be:f4:ae:78:35:d4:f7:17:68:e4:ed:d3:35:
         5d:1d:d9:e0:6e:01:94:a8:8f:2a:0e:ff:cf:65:88:3d:62:51:
         0e:81:64:96:d7:ee:6a:af:ef:f8:77:8f:1f:67:f0:61:8e:b9:
         51:95:4d:65:cf:85:76:e9:6c:88:d9:c4:2f:fb:8d:e9:9b:dc:
         fb:aa:55:70:2f:c4:fb:31:53:7a:2f:54:90:b0:32:5a:ec:2c:
         92:a2:12:e0:ce:07:26:fc:98:26:39:cf:43:82:17:58:8a:44:
         4b:5e:62:97:a7:e4:34:8b:8e:dc:5a:f4:17:b8:2a:b4:88:26:
         9b:03:80:22:8f:c9:a7:da:39:45:3b:24:ec:c9:29:09:73:57:
         61:8f:78:bd:f3:19:c4:05:d8:3b:5a:1a:c9:51:3f:ed:7d:04:
         7d:ef:e4:5a:e9:96:3f:69:85:2d:7d:03:8d:75:f1:70:9b:fe:
         1f:19:fc:b8:1b:cc:e4:ec:eb:1f:ca:d0:d4:34:dd:cb:93:01:
         75:b6:25:16
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCt3g6KRn9BrQBntM9h+GxV/twUYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTg0NTE1WhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNWZmYmI5ODY5MDMwNDIwMzA2OTMwMmQ4YjIwMzAzNDFh
ZjcyZmVmYWNlNTE1NDdlOWI0NjE2NDFmZDY0ZGExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZ5YeoU37XF71CnLNrdWcM9NaVQjN5th3cNza1s8BAh9yh
mSEXYjzLC1Ksr1dMcRsSQSDT8ipowxHq38NCl1hDsXq4TNmGyAxbRgDeAKcLDnCb
weGPXSfJTrjqUfMrtfVJ//DDvKWiHkm5HmKLBuFZID0ZTM7DSscRG9YsnH1DOjtf
AZOd2jRUWo3CwI1AxuHohtFdewnM/Mqv1/evj6wNewZEE0Lh+zlG+2BuVIJ74lP2
hadYCMBN2czE9XTKleBpzA8GQ95MKzT2IOKkM4KQjRiUIzbw8AAyyWeQQSSiJECz
l81XajGJQf+0ISrmAkx2tTXvuhSzdTyJtpGhZcMZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcJPfvbZKfidlU8e2jKxK1yzmeR8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IwY2JjMjczLTQxYzctNGM1Ni1iNmZkLWRhMjdiZTM5MTg0NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESoJQwDQYJKoZIhvcNAQELBQADggEBAFT9EihlRGq848/Hlo87OdvBvDno
B49qGeu2Y4vZPs1DEfagFNfvq9i61Aw5IK1482TtR018hY62k6NRvvSueDXU9xdo
5O3TNV0d2eBuAZSojyoO/89liD1iUQ6BZJbX7mqv7/h3jx9n8GGOuVGVTWXPhXbp
bIjZxC/7jemb3PuqVXAvxPsxU3ovVJCwMlrsLJKiEuDOByb8mCY5z0OCF1iKREte
Ypen5DSLjtxa9Be4KrSIJpsDgCKPyafaOUU7JOzJKQlzV2GPeL3zGcQF2DtaGslR
P+19BH3v5Frplj9phS19A4118XCb/h8Z/LgbzOTs6x/K0NQ03cuTAXW2JRY=
-----END CERTIFICATE-----