Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2a36382-f498-42a3-a451-ac3e453e288b.roa
File:                     b2a36382-f498-42a3-a451-ac3e453e288b.roa (raw, json)
Hash identifier:          2c8vweJs544TJjb3vTP+UVXR2ZqzEpDzbBFV6j7t4xE=
Subject key identifier:   C4:DA:75:2C:F3:0C:24:34:8A:14:B8:91:05:D9:AC:9F:69:79:51:DB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       54D893F2631263756E1BE751047C9F1FEDACB5D9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2a36382-f498-42a3-a451-ac3e453e288b.roa
Signing time:             Mon 22 Sep 2025 17:15:31 +0000
ROA not before:           Mon 22 Sep 2025 17:15:31 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.154.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:d8:93:f2:63:12:63:75:6e:1b:e7:51:04:7c:9f:1f:ed:ac:b5:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 17:15:31 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=628f95799c5b5d99a024e0d2e1c3b9499dc9fd696655cb1c8f43141821e4c8c1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:fe:1a:43:db:60:ba:34:bd:56:f7:3f:c3:7a:
                    ee:84:22:2a:68:fc:72:58:00:ca:4e:5c:48:b8:44:
                    67:fc:a9:02:b2:d6:f6:2b:de:80:be:03:bd:46:2e:
                    e8:60:a3:82:f5:7e:f6:93:ad:ab:5a:2e:6b:cc:87:
                    9b:4e:4a:2a:1c:81:51:86:2a:e6:43:74:5f:a2:72:
                    ea:21:d1:26:f5:76:8f:35:09:3f:62:0b:21:fa:31:
                    99:42:9b:84:93:ab:18:f4:3b:ed:43:be:d7:99:a6:
                    74:1f:a2:83:76:e9:7d:77:1f:90:fb:1a:dd:cd:fd:
                    67:ae:cf:e6:71:94:1e:48:0d:6a:74:b3:33:94:69:
                    3b:3d:7a:62:f4:15:73:a2:b8:c8:d5:e1:58:d6:01:
                    b5:f4:d4:7e:42:71:53:4f:61:da:38:e3:89:8f:21:
                    ad:34:33:d2:e3:f4:73:fa:ef:6d:4c:5b:ed:de:c8:
                    27:48:40:e3:eb:d3:7c:b3:09:0e:88:3e:32:67:dc:
                    7e:7c:11:9f:16:a4:8a:76:f5:4d:9c:58:a0:30:8f:
                    f1:82:f6:8f:cc:41:33:a7:7c:0a:15:4c:d5:7a:19:
                    28:4a:e2:a2:ab:07:22:e6:be:fb:a5:c1:4b:8c:33:
                    0b:7a:3e:bb:41:9d:4f:89:94:a9:35:0a:d9:dc:02:
                    d3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:DA:75:2C:F3:0C:24:34:8A:14:B8:91:05:D9:AC:9F:69:79:51:DB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b2a36382-f498-42a3-a451-ac3e453e288b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.154.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:90:45:5a:56:75:24:1e:0e:d2:71:65:bb:24:a1:f1:2e:da:
         7a:6e:48:6b:5e:a1:ad:e0:d8:81:f8:b4:30:d1:2f:b3:2f:b0:
         0d:34:dd:1b:ce:19:24:a9:81:49:31:08:66:09:5f:b9:ca:94:
         ec:fd:02:d1:de:a8:a2:36:1e:91:84:47:31:94:47:a5:16:ea:
         32:59:80:05:3c:15:59:e8:80:42:9b:0e:2d:f8:5f:13:27:c6:
         ad:ff:af:98:f0:22:24:6d:e7:f2:d9:13:94:d4:cb:49:95:8e:
         6b:57:61:bb:71:e7:1d:35:1d:94:fb:76:3a:e4:c9:8f:d6:e8:
         83:00:7e:d6:2f:3a:cf:5c:f4:37:d1:fa:42:7a:8e:40:f8:62:
         0c:0d:5b:86:c8:56:e0:0f:47:02:0b:d6:5c:de:86:c3:e4:6b:
         a6:62:8f:c0:bf:ca:da:d4:54:2c:6d:89:7f:42:c0:70:4b:9c:
         67:62:c9:ff:c7:11:b2:18:31:71:4c:a8:df:52:f5:51:18:d1:
         c3:1e:94:df:a9:53:e1:7e:66:61:b3:61:e0:fe:c3:e2:93:66:
         f5:d6:99:34:c0:a6:fc:af:86:b2:ce:44:00:01:2d:33:ee:f6:
         94:11:45:5f:a2:72:30:94:01:79:21:5e:79:bb:2b:d7:33:d1:
         74:98:2d:5c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVNiT8mMSY3VuG+dRBHyfH+2stdkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMTcxNTMxWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MjhmOTU3OTljNWI1ZDk5YTAyNGUwZDJlMWMzYjk0OTlk
YzlmZDY5NjY1NWNiMWM4ZjQzMTQxODIxZTRjOGMxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9/hpD22C6NL1W9z/Deu6EIipo/HJYAMpOXEi4RGf8qQKy
1vYr3oC+A71GLuhgo4L1fvaTrataLmvMh5tOSiocgVGGKuZDdF+icuoh0Sb1do81
CT9iCyH6MZlCm4STqxj0O+1DvteZpnQfooN26X13H5D7Gt3N/Weuz+ZxlB5IDWp0
szOUaTs9emL0FXOiuMjV4VjWAbX01H5CcVNPYdo444mPIa00M9Lj9HP6721MW+3e
yCdIQOPr03yzCQ6IPjJn3H58EZ8WpIp29U2cWKAwj/GC9o/MQTOnfAoVTNV6GShK
4qKrByLmvvulwUuMMwt6PrtBnU+JlKk1CtncAtMBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxNp1LPMMJDSKFLiRBdmsn2l5UdswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IyYTM2MzgyLWY0OTgtNDJhMy1hNDUxLWFjM2U0NTNlMjg4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASmikwDQYJKoZIhvcNAQELBQADggEBAByQRVpWdSQeDtJxZbskofEu2npu
SGteoa3g2IH4tDDRL7MvsA003RvOGSSpgUkxCGYJX7nKlOz9AtHeqKI2HpGERzGU
R6UW6jJZgAU8FVnogEKbDi34XxMnxq3/r5jwIiRt5/LZE5TUy0mVjmtXYbtx5x01
HZT7djrkyY/W6IMAftYvOs9c9DfR+kJ6jkD4YgwNW4bIVuAPRwIL1lzehsPka6Zi
j8C/ytrUVCxtiX9CwHBLnGdiyf/HEbIYMXFMqN9S9VEY0cMelN+pU+F+ZmGzYeD+
w+KTZvXWmTTApvyvhrLORAABLTPu9pQRRV+icjCUAXkhXnm7K9cz0XSYLVw=
-----END CERTIFICATE-----