Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0e801142-3078-40fe-ac68-c9cd31dd0803.roa
File:                     0e801142-3078-40fe-ac68-c9cd31dd0803.roa (raw, json)
Hash identifier:          nykkgpIiy9pGx7YBVaOWqu3i9y3LDLpw23OGT4ZocKE=
Subject key identifier:   EA:48:62:90:0B:CA:BB:EF:12:48:C0:B3:1D:97:0A:DF:1D:CA:F3:5B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1F6E7B92CB0EF17A710CC0F9B480D30E6A91AFAD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0e801142-3078-40fe-ac68-c9cd31dd0803.roa
Signing time:             Sun 19 Oct 2025 04:51:25 +0000
ROA not before:           Sun 19 Oct 2025 04:51:25 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.161.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:6e:7b:92:cb:0e:f1:7a:71:0c:c0:f9:b4:80:d3:0e:6a:91:af:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 04:51:25 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=cc065c471a090937a32e97ee905b111fa5b1b96d117857bbb46bce55493c4e21, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:65:52:9e:20:4e:af:57:52:8d:4a:3e:b0:49:
                    03:ba:0c:c4:45:cd:5a:d5:a5:6b:50:f1:2b:61:e6:
                    f1:28:7c:c1:0a:6e:36:c3:f0:b7:80:00:fa:5f:65:
                    30:42:fc:63:bd:cc:ce:30:1c:7d:e0:fd:0c:3b:7b:
                    95:2f:4b:51:42:78:c5:28:38:6c:b3:34:ad:38:ce:
                    fe:e7:63:e9:90:6a:ed:61:bb:20:7e:17:74:7e:b7:
                    a3:03:a4:d4:3d:ff:61:af:8a:2a:e4:05:f9:37:ed:
                    03:7a:48:04:81:3c:6d:6b:99:86:2e:5e:29:2f:b1:
                    56:5d:b7:cf:5d:9b:46:80:c0:50:39:c2:91:14:c2:
                    6f:5f:d2:79:18:f3:77:a9:cb:f6:15:db:8a:f0:6b:
                    ae:ff:86:59:67:63:62:b4:fb:e2:6b:92:e2:f4:d4:
                    2f:b6:4d:ae:c5:29:ef:b9:c3:9e:9c:f1:e3:88:9c:
                    17:a0:08:c4:2c:57:fc:ef:c1:26:cb:64:57:16:17:
                    d3:a4:c0:8f:cc:2b:64:e2:bf:b9:26:05:f4:a0:08:
                    00:9b:2f:90:23:6e:4a:e2:0c:01:0a:5f:ad:fb:19:
                    dd:2f:9c:16:a6:71:10:57:e9:7a:1e:ae:e0:1b:f9:
                    ac:d0:c7:02:65:02:e2:1e:2e:43:72:34:d5:8e:cf:
                    79:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:48:62:90:0B:CA:BB:EF:12:48:C0:B3:1D:97:0A:DF:1D:CA:F3:5B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0e801142-3078-40fe-ac68-c9cd31dd0803.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.161.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:4d:ca:4a:62:af:79:a6:c6:c9:0f:6d:ec:60:77:77:7d:c9:
         01:d0:5e:da:c9:42:d1:29:f8:83:b7:7a:47:18:52:53:ca:1f:
         89:d4:1c:2e:8b:01:81:9a:2e:0b:bd:46:a3:8a:34:88:d2:6c:
         fa:1f:53:19:39:ea:5e:95:8e:6c:09:84:f7:36:4c:bb:12:d2:
         c3:31:fd:d5:e3:4e:f2:cd:20:0a:51:f5:eb:1d:e2:d1:4d:34:
         00:56:fb:b2:e5:8a:e7:b1:60:a5:14:20:3e:b6:39:fe:b4:4c:
         f9:3e:ac:dc:b1:ed:5a:96:78:4c:52:f7:42:01:e1:32:eb:00:
         4c:69:b3:5f:31:64:51:78:52:aa:b5:30:15:35:2a:1d:fe:66:
         db:7d:cf:0b:4c:44:26:58:29:5e:cd:b1:31:44:8b:e5:d3:2a:
         11:6a:65:be:43:c0:e0:d5:3a:91:be:96:8f:8a:d5:b0:7e:7a:
         4e:ec:7e:6e:2f:00:63:7b:8b:26:30:97:61:8b:53:f9:73:16:
         6c:16:b2:f7:ea:48:3c:2e:3e:08:cc:a1:d8:fa:60:55:3b:bc:
         8e:57:d8:85:f5:0b:60:34:4a:c1:90:ad:2c:76:9f:ec:68:08:
         e8:9d:27:c2:b2:45:31:d0:89:f1:ef:93:79:79:b1:c4:e3:aa:
         32:19:ac:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH257kssO8XpxDMD5tIDTDmqRr60wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDQ1MTI1WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYzA2NWM0NzFhMDkwOTM3YTMyZTk3ZWU5MDViMTExZmE1
YjFiOTZkMTE3ODU3YmJiNDZiY2U1NTQ5M2M0ZTIxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4ZVKeIE6vV1KNSj6wSQO6DMRFzVrVpWtQ8Sth5vEofMEK
bjbD8LeAAPpfZTBC/GO9zM4wHH3g/Qw7e5UvS1FCeMUoOGyzNK04zv7nY+mQau1h
uyB+F3R+t6MDpNQ9/2GviirkBfk37QN6SASBPG1rmYYuXikvsVZdt89dm0aAwFA5
wpEUwm9f0nkY83epy/YV24rwa67/hllnY2K0++JrkuL01C+2Ta7FKe+5w56c8eOI
nBegCMQsV/zvwSbLZFcWF9OkwI/MK2Tiv7kmBfSgCACbL5AjbkriDAEKX637Gd0v
nBamcRBX6XoeruAb+azQxwJlAuIeLkNyNNWOz3nrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6khikAvKu+8SSMCzHZcK3x3K81swHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBlODAxMTQyLTMwNzgtNDBmZS1hYzY4LWM5Y2QzMWRkMDgwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASoUMwDQYJKoZIhvcNAQELBQADggEBAKFNykpir3mmxskPbexgd3d9yQHQ
XtrJQtEp+IO3ekcYUlPKH4nUHC6LAYGaLgu9RqOKNIjSbPofUxk56l6VjmwJhPc2
TLsS0sMx/dXjTvLNIApR9esd4tFNNABW+7LliuexYKUUID62Of60TPk+rNyx7VqW
eExS90IB4TLrAExps18xZFF4Uqq1MBU1Kh3+Ztt9zwtMRCZYKV7NsTFEi+XTKhFq
Zb5DwODVOpG+lo+K1bB+ek7sfm4vAGN7iyYwl2GLU/lzFmwWsvfqSDwuPgjModj6
YFU7vI5X2IX1C2A0SsGQrSx2n+xoCOidJ8KyRTHQifHvk3l5scTjqjIZrCY=
-----END CERTIFICATE-----