Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d98c3d5a-de07-4648-aa24-9ca3a9c428ce.roa
File:                     d98c3d5a-de07-4648-aa24-9ca3a9c428ce.roa (raw, json)
Hash identifier:          +EsYT0ppT9PuMwHuuqoV0AFthK3wmVokdCGGnsXgAew=
Subject key identifier:   EE:19:E8:BA:43:2D:45:4B:1A:2E:3B:34:96:0E:2C:74:B8:F6:E9:E3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       37389EFE82CAF58D288570E9A353B232F0528B74
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d98c3d5a-de07-4648-aa24-9ca3a9c428ce.roa
Signing time:             Tue 05 Aug 2025 15:52:02 +0000
ROA not before:           Tue 05 Aug 2025 15:52:02 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        153.49.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 22 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:38:9e:fe:82:ca:f5:8d:28:85:70:e9:a3:53:b2:32:f0:52:8b:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  5 15:52:02 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=1d85d4cb5804299311a023bf0c0b70b646bb353ca3458a2f05030bba8069f4b5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:30:84:24:54:d0:d8:f6:67:5a:da:1e:22:64:
                    71:90:0e:6a:f5:10:ca:f1:e2:b9:17:4b:7a:bd:14:
                    68:03:78:16:e1:9a:35:d5:98:2b:d8:87:b1:41:f3:
                    5d:e9:b2:87:98:c0:6b:4f:b5:c3:eb:3f:ae:34:40:
                    c8:ef:4b:de:b7:3b:9b:22:c3:63:a4:4c:aa:a1:97:
                    40:6a:de:f2:0e:b4:c5:7d:73:0c:dd:b5:85:ef:20:
                    6d:03:08:6d:c6:11:84:66:2a:f8:ef:c5:4b:9c:9d:
                    76:e8:5a:1f:8c:7f:5e:29:c4:3c:01:e9:bc:9f:d9:
                    4f:fb:36:6f:3f:11:39:28:ad:95:b4:d4:d8:7d:26:
                    c9:92:c5:42:f6:bc:12:43:d4:2c:b5:75:85:11:dc:
                    48:ee:aa:7e:3d:f1:3a:dc:0f:bc:a5:83:88:07:99:
                    74:b8:c2:34:27:6c:07:12:86:76:fe:bb:fd:c1:b0:
                    84:6c:bd:1c:40:d1:2f:58:4e:73:b7:f6:eb:47:53:
                    c0:12:2a:96:4a:83:f9:50:bf:4b:bf:af:a6:69:7b:
                    e4:c9:ad:6d:cf:8e:78:db:6d:a9:06:d2:2d:a5:47:
                    a7:67:df:51:c4:c5:73:ef:ae:e0:8a:87:09:b8:99:
                    8d:e2:92:2d:86:12:ae:13:97:fb:26:3a:11:59:67:
                    4a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:19:E8:BA:43:2D:45:4B:1A:2E:3B:34:96:0E:2C:74:B8:F6:E9:E3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d98c3d5a-de07-4648-aa24-9ca3a9c428ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.49.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5b:a5:df:c7:97:b1:ab:2c:f3:69:b2:b0:e5:15:de:fb:ae:a9:
         82:00:fb:ab:e9:f2:5c:02:d0:5b:38:13:ea:d2:9a:83:8f:38:
         59:a0:21:5f:0e:d5:87:9b:44:0c:d0:9a:25:02:91:1a:16:4e:
         af:8c:c7:be:be:c1:b7:47:11:18:dd:06:6b:90:9a:6b:cd:36:
         18:03:47:2e:78:c9:bd:82:35:7d:ac:d0:f8:d5:b4:c5:6a:0a:
         98:19:96:23:65:c3:a7:3b:39:97:99:63:ed:90:1b:b4:f9:c2:
         26:96:84:84:e7:58:d6:db:b8:f0:2e:cd:49:f1:9e:52:c4:eb:
         88:46:3f:9c:80:51:31:ac:47:a2:70:72:0f:bc:4f:0c:47:11:
         8f:62:73:25:40:61:be:cc:28:03:fb:39:6a:17:80:7e:77:e7:
         5d:91:35:65:d2:16:82:5e:99:3a:75:55:5e:99:99:b9:07:c9:
         69:c0:2b:38:0a:d6:73:69:45:be:be:bc:08:66:3d:a8:96:fb:
         ff:36:21:bf:e9:02:55:03:18:5c:2c:bf:b0:ea:4d:0c:f9:81:
         0e:82:0d:ee:04:73:0b:8f:4c:36:f9:55:ae:8c:e9:3f:e2:d9:
         d4:83:4c:ea:13:7a:c3:5f:d7:bc:2f:d8:85:05:55:0c:80:1e:
         bc:cc:ce:97
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNzie/oLK9Y0ohXDpo1OyMvBSi3QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA1MTU1MjAyWhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZDg1ZDRjYjU4MDQyOTkzMTFhMDIzYmYwYzBiNzBiNjQ2
YmIzNTNjYTM0NThhMmYwNTAzMGJiYTgwNjlmNGI1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKMIQkVNDY9mda2h4iZHGQDmr1EMrx4rkXS3q9FGgDeBbh
mjXVmCvYh7FB813psoeYwGtPtcPrP640QMjvS963O5siw2OkTKqhl0Bq3vIOtMV9
cwzdtYXvIG0DCG3GEYRmKvjvxUucnXboWh+Mf14pxDwB6byf2U/7Nm8/ETkorZW0
1Nh9JsmSxUL2vBJD1Cy1dYUR3Ejuqn498TrcD7ylg4gHmXS4wjQnbAcShnb+u/3B
sIRsvRxA0S9YTnO39utHU8ASKpZKg/lQv0u/r6Zpe+TJrW3PjnjbbakG0i2lR6dn
31HExXPvruCKhwm4mY3iki2GEq4Tl/smOhFZZ0olAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7hnoukMtRUsaLjs0lg4sdLj26eMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Q5OGMzZDVhLWRlMDctNDY0OC1hYTI0LTljYTNhOWM0MjhjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCZMTANBgkqhkiG9w0BAQsFAAOCAQEAW6Xfx5exqyzzabKw5RXe+66pggD7
q+nyXALQWzgT6tKag484WaAhXw7Vh5tEDNCaJQKRGhZOr4zHvr7Bt0cRGN0Ga5Ca
a802GANHLnjJvYI1fazQ+NW0xWoKmBmWI2XDpzs5l5lj7ZAbtPnCJpaEhOdY1tu4
8C7NSfGeUsTriEY/nIBRMaxHonByD7xPDEcRj2JzJUBhvswoA/s5aheAfnfnXZE1
ZdIWgl6ZOnVVXpmZuQfJacArOArWc2lFvr68CGY9qJb7/zYhv+kCVQMYXCy/sOpN
DPmBDoIN7gRzC49MNvlVrozpP+LZ1INM6hN6w1/XvC/YhQVVDIAevMzOlw==
-----END CERTIFICATE-----