Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f9ceae71-7333-4d4f-b58e-4e1f954842a0.roa
File:                     f9ceae71-7333-4d4f-b58e-4e1f954842a0.roa (raw, json)
Hash identifier:          ABjj5skiiuoXaXg21/5VDanTpof/bz1n45MG13he85c=
Subject key identifier:   3F:65:40:87:0B:8C:7B:8B:5D:F5:FF:15:62:C8:1B:0B:1B:A7:60:FB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1CBB254C4A8966B3D1C397DCF80D13575CD47003
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f9ceae71-7333-4d4f-b58e-4e1f954842a0.roa
Signing time:             Tue 19 May 2026 02:30:52 +0000
ROA not before:           Tue 19 May 2026 02:30:52 +0000
ROA not after:            Mon 17 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        35.156.0.0/14 maxlen: 14
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 14 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:bb:25:4c:4a:89:66:b3:d1:c3:97:dc:f8:0d:13:57:5c:d4:70:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 19 02:30:52 2026 GMT
            Not After : Aug 17 23:59:59 2026 GMT
        Subject: serialNumber=b5b4f35c8bcd48d08ea8cbeb9b399573b4150418260df9873dcb8dbd31813e08, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fe:d5:c5:6c:90:9b:76:f4:af:0e:9c:bf:db:
                    c1:59:bf:72:2f:20:95:73:ff:e3:18:20:a4:26:47:
                    45:a7:10:d1:7b:a1:39:8a:02:f8:83:ff:0c:19:eb:
                    95:22:30:c0:bd:63:d0:14:8c:a3:c6:3f:a6:e6:6b:
                    65:1b:b1:88:16:96:98:9c:da:f2:0e:ea:07:19:d2:
                    61:df:71:3e:6f:42:f0:52:01:e1:93:6e:09:ea:d4:
                    bc:c6:55:41:cb:e6:2a:ed:48:29:35:a1:50:56:a1:
                    25:48:61:8a:c4:97:55:2e:33:1c:2d:7d:5a:93:7b:
                    3d:00:43:2d:0e:2d:52:b2:d3:08:28:0e:4c:16:08:
                    92:e5:c0:71:a2:08:b5:a7:9b:d0:b2:f0:a6:d1:a7:
                    1e:87:87:38:33:2c:b8:38:94:7a:b3:61:b4:27:68:
                    5c:66:ab:ed:73:dd:86:85:1f:4f:ee:6a:93:c6:31:
                    f1:e4:fc:7c:d3:e1:9f:64:a4:46:49:b2:54:09:2d:
                    5a:d1:61:9a:80:21:63:ff:01:61:d7:e5:94:74:cc:
                    68:df:f9:84:a2:ec:4e:01:dd:9d:9f:6e:51:37:f0:
                    ad:dc:40:5b:53:25:cc:c4:1f:a6:0c:ac:cf:4f:a6:
                    77:a7:f1:24:15:c3:08:6d:39:b9:46:13:9c:31:bd:
                    49:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:65:40:87:0B:8C:7B:8B:5D:F5:FF:15:62:C8:1B:0B:1B:A7:60:FB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f9ceae71-7333-4d4f-b58e-4e1f954842a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.156.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         48:18:d7:38:e2:72:97:a5:14:c1:42:6b:46:8d:b1:98:76:4b:
         b9:38:8d:e5:f3:a1:8c:12:24:83:57:16:a6:0e:7b:78:46:75:
         4e:4c:10:f1:d6:be:d6:a6:55:d2:cd:e5:16:8f:51:93:bf:da:
         9b:5b:fc:14:19:94:51:48:c7:55:45:7d:1e:38:38:61:e0:df:
         d9:d8:3a:90:f8:c9:71:7c:9d:69:84:d2:0a:80:f3:78:81:27:
         3e:6c:a0:86:56:b9:9d:3a:59:1d:4d:4b:3f:7f:d1:84:4a:df:
         05:6c:bf:5c:27:f1:8a:b5:23:64:17:96:13:2f:1d:3c:c1:1f:
         c7:31:48:96:be:30:32:96:5e:87:82:3d:95:85:d4:7c:ae:5c:
         1c:01:73:53:0a:48:e9:51:6f:0a:e8:d3:7d:20:d5:ba:76:a6:
         21:69:53:4e:a0:a0:5d:8f:93:09:04:61:b1:da:b6:ab:a1:b3:
         6d:5e:7d:32:ba:3f:ca:4a:35:41:a4:bd:57:6d:6a:e0:41:f5:
         17:38:c2:e9:7f:0c:30:23:e3:f2:d0:c7:46:53:df:82:fc:57:
         b9:37:80:cb:4e:0b:7f:8f:b1:2d:ba:a9:bf:84:e1:e0:6a:68:
         68:fc:8c:1f:69:8f:ec:60:83:30:e2:0b:c3:30:99:8c:8f:9e:
         ce:5b:78:64
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHLslTEqJZrPRw5fc+A0TV1zUcAMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTE5MDIzMDUyWhcNMjYwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNWI0ZjM1YzhiY2Q0OGQwOGVhOGNiZWI5YjM5OTU3M2I0
MTUwNDE4MjYwZGY5ODczZGNiOGRiZDMxODEzZTA4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCj/tXFbJCbdvSvDpy/28FZv3IvIJVz/+MYIKQmR0WnENF7
oTmKAviD/wwZ65UiMMC9Y9AUjKPGP6bma2UbsYgWlpic2vIO6gcZ0mHfcT5vQvBS
AeGTbgnq1LzGVUHL5irtSCk1oVBWoSVIYYrEl1UuMxwtfVqTez0AQy0OLVKy0wgo
DkwWCJLlwHGiCLWnm9Cy8KbRpx6HhzgzLLg4lHqzYbQnaFxmq+1z3YaFH0/uapPG
MfHk/HzT4Z9kpEZJslQJLVrRYZqAIWP/AWHX5ZR0zGjf+YSi7E4B3Z2fblE38K3c
QFtTJczEH6YMrM9Ppnen8SQVwwhtOblGE5wxvUmZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUP2VAhwuMe4td9f8VYsgbCxunYPswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y5Y2VhZTcxLTczMzMtNGQ0Zi1iNThlLTRlMWY5NTQ4NDJhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIjnDANBgkqhkiG9w0BAQsFAAOCAQEASBjXOOJyl6UUwUJrRo2xmHZLuTiN
5fOhjBIkg1cWpg57eEZ1TkwQ8da+1qZV0s3lFo9Rk7/am1v8FBmUUUjHVUV9Hjg4
YeDf2dg6kPjJcXydaYTSCoDzeIEnPmyghla5nTpZHU1LP3/RhErfBWy/XCfxirUj
ZBeWEy8dPMEfxzFIlr4wMpZeh4I9lYXUfK5cHAFzUwpI6VFvCujTfSDVunamIWlT
TqCgXY+TCQRhsdq2q6GzbV59Mro/yko1QaS9V21q4EH1FzjC6X8MMCPj8tDHRlPf
gvxXuTeAy04Lf4+xLbqpv4Th4GpoaPyMH2mP7GCDMOILwzCZjI+ezlt4ZA==
-----END CERTIFICATE-----