Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0c5be2da-ccb4-465a-b0a1-1151979c0998.roa
File:                     0c5be2da-ccb4-465a-b0a1-1151979c0998.roa (raw, json)
Hash identifier:          iNLBegeRS8hMoj+NXiWQnHVoQVSE3XCRbLJDBuzXG8E=
Subject key identifier:   31:A2:6A:AF:0A:2D:2B:71:5D:D7:4D:BC:8C:F9:D5:30:77:6D:19:44
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5F55A679183F3D6C504191793A97A778D61CC178
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0c5be2da-ccb4-465a-b0a1-1151979c0998.roa
Signing time:             Fri 26 Sep 2025 16:07:25 +0000
ROA not before:           Fri 26 Sep 2025 16:07:25 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     22394
IP address blocks:        155.146.96.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:55:a6:79:18:3f:3d:6c:50:41:91:79:3a:97:a7:78:d6:1c:c1:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 16:07:25 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=344df7a913b50a7e31beaab561ee637e0a63f38c460363d270010674abb6f4b0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:03:83:e0:82:c6:fc:58:c6:41:ed:bc:af:86:
                    a1:ab:9a:d4:0f:a9:6a:72:01:c5:64:53:3c:f8:97:
                    97:41:da:12:53:cb:69:03:ff:44:1f:4e:b5:cf:3a:
                    c2:3d:cd:8c:54:03:cc:e9:e4:e2:98:fc:26:e5:6d:
                    49:d0:f1:63:fe:24:88:72:d3:0b:42:6e:9e:19:29:
                    c6:dc:d2:a4:d4:62:6d:36:0d:04:8a:6f:4f:37:45:
                    0c:de:fa:f0:14:42:1c:eb:0c:b8:47:2b:cc:61:cd:
                    3d:7b:cd:99:6e:a4:29:67:e9:3b:58:69:c5:51:fe:
                    9c:ee:13:32:04:91:0d:36:a3:a9:b7:7d:72:94:47:
                    15:94:35:a8:cc:08:27:34:11:b5:2f:95:82:a6:b4:
                    6c:f4:6f:ad:1c:bc:10:6b:28:ae:19:fe:f4:dd:1b:
                    f4:64:09:ac:3c:06:ba:c9:3d:9f:e6:48:5c:2e:18:
                    d7:9b:36:b2:ca:8f:d3:e8:ad:fc:d1:4c:48:e7:5a:
                    b0:93:7d:dd:70:fb:99:ba:a1:f0:f3:c5:ab:9f:8b:
                    bb:0b:06:94:8c:78:25:bf:40:90:56:22:98:58:c6:
                    32:0a:9e:e8:23:6f:ea:cd:f8:03:fe:9d:ad:f8:e1:
                    dc:e6:9c:9e:6c:3f:42:cf:82:02:f6:d0:6d:80:44:
                    31:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:A2:6A:AF:0A:2D:2B:71:5D:D7:4D:BC:8C:F9:D5:30:77:6D:19:44
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0c5be2da-ccb4-465a-b0a1-1151979c0998.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.146.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b1:93:95:0f:83:10:0b:43:c8:21:8d:93:9c:25:f9:54:8d:01:
         2a:de:6a:d7:52:18:17:a8:c2:70:25:ba:da:77:a1:b6:42:72:
         19:99:98:90:76:64:bc:66:81:52:56:01:d8:4b:15:81:7d:6f:
         08:74:f7:5d:af:bf:8e:b1:43:76:3d:18:c0:48:be:a7:08:38:
         4f:0f:20:fa:6d:35:db:6d:c4:be:4c:93:41:74:be:67:0a:8d:
         2a:f4:4b:98:18:60:7f:ae:f6:44:24:cc:97:3d:10:ad:30:95:
         62:ce:39:29:c9:25:d3:2c:ca:10:12:b9:9b:05:cb:05:e5:e8:
         38:5f:bf:d9:51:77:8c:51:dd:a7:72:f8:d3:20:d4:bf:d5:c7:
         ec:33:20:1d:63:82:67:cb:79:4b:94:bd:ee:85:26:da:8b:05:
         34:fe:2b:76:6f:ed:a0:58:7e:d1:24:cb:a9:57:ef:b0:79:11:
         ad:d3:13:af:63:f0:78:81:86:c5:ce:78:b6:7e:d6:56:88:e5:
         87:4c:05:34:d7:e5:61:ed:cb:18:5a:fa:5e:47:2b:0e:40:8a:
         a7:5c:42:ec:d2:40:42:96:9b:af:bf:58:6b:38:94:d0:81:9e:
         84:7e:be:d5:26:90:6c:41:76:d2:5a:bc:c3:68:ff:3b:fc:dd:
         e0:08:9a:13
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUX1WmeRg/PWxQQZF5OpeneNYcwXgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTYwNzI1WhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDRkZjdhOTEzYjUwYTdlMzFiZWFhYjU2MWVlNjM3ZTBh
NjNmMzhjNDYwMzYzZDI3MDAxMDY3NGFiYjZmNGIwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvA4Pggsb8WMZB7byvhqGrmtQPqWpyAcVkUzz4l5dB2hJT
y2kD/0QfTrXPOsI9zYxUA8zp5OKY/CblbUnQ8WP+JIhy0wtCbp4ZKcbc0qTUYm02
DQSKb083RQze+vAUQhzrDLhHK8xhzT17zZlupCln6TtYacVR/pzuEzIEkQ02o6m3
fXKURxWUNajMCCc0EbUvlYKmtGz0b60cvBBrKK4Z/vTdG/RkCaw8BrrJPZ/mSFwu
GNebNrLKj9PorfzRTEjnWrCTfd1w+5m6ofDzxaufi7sLBpSMeCW/QJBWIphYxjIK
nugjb+rN+AP+na344dzmnJ5sP0LPggL20G2ARDG9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMaJqrwotK3Fd1028jPnVMHdtGUQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBjNWJlMmRhLWNjYjQtNDY1YS1iMGExLTExNTE5NzljMDk5OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASbkmAwDQYJKoZIhvcNAQELBQADggEBALGTlQ+DEAtDyCGNk5wl+VSNASre
atdSGBeownAlutp3obZCchmZmJB2ZLxmgVJWAdhLFYF9bwh0912vv46xQ3Y9GMBI
vqcIOE8PIPptNdttxL5Mk0F0vmcKjSr0S5gYYH+u9kQkzJc9EK0wlWLOOSnJJdMs
yhASuZsFywXl6Dhfv9lRd4xR3ady+NMg1L/Vx+wzIB1jgmfLeUuUve6FJtqLBTT+
K3Zv7aBYftEky6lX77B5Ea3TE69j8HiBhsXOeLZ+1laI5YdMBTTX5WHtyxha+l5H
Kw5AiqdcQuzSQEKWm6+/WGs4lNCBnoR+vtUmkGxBdtJavMNo/zv83eAImhM=
-----END CERTIFICATE-----