Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1f9ad744-aec7-4b50-a661-870cbf13be01.roa
File:                     1f9ad744-aec7-4b50-a661-870cbf13be01.roa (raw, json)
Hash identifier:          byPWtGU55WG3NCMcDYQbyRnWd5/HFamIy6WB06++ZYc=
Subject key identifier:   C2:4C:33:F3:DA:B3:B3:84:F5:15:E6:1D:A7:80:EA:57:77:C5:3C:6D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5B29CB281CB3EDDF50FBFE130AFB21C9371CBB60
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1f9ad744-aec7-4b50-a661-870cbf13be01.roa
Signing time:             Sun 19 Oct 2025 06:50:11 +0000
ROA not before:           Sun 19 Oct 2025 06:50:11 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.85.248.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:29:cb:28:1c:b3:ed:df:50:fb:fe:13:0a:fb:21:c9:37:1c:bb:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 06:50:11 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=7d5f865bd3c9b407c0edc0b691ff7491b518a3d341b07965cb93c42c98af0947, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:7e:51:e8:88:72:a6:83:c5:1d:38:5c:db:0e:
                    9d:46:4f:0c:6e:6d:9a:29:ca:d6:40:15:0d:88:79:
                    99:48:31:94:46:1f:61:ab:26:9b:15:53:71:4b:06:
                    d9:4d:09:63:29:59:9b:62:d0:a8:a1:5c:4d:86:96:
                    ba:22:3f:f1:3c:32:e5:d8:62:0b:2d:f2:0f:da:7a:
                    f9:40:6a:79:b1:96:c0:7f:2a:c6:bc:89:c8:30:d9:
                    de:85:34:e7:0e:3b:85:55:6b:b2:d1:21:77:56:2a:
                    64:e7:4c:9b:66:69:1f:30:fe:00:d2:f5:ab:d5:38:
                    3f:e2:75:36:c0:7d:c8:97:c6:ad:2b:6e:c8:9a:32:
                    96:bc:41:4c:36:76:b7:b9:4d:9a:c7:65:d8:c1:a6:
                    fb:07:5c:2f:b7:18:99:f0:05:f7:4f:e3:b6:dc:ba:
                    78:b5:1d:92:18:20:f8:54:af:1c:a3:d1:1c:77:4b:
                    fc:e8:42:a3:da:5b:fb:7a:ae:b4:d4:08:33:a9:e0:
                    7e:89:3d:ba:82:9b:93:62:d3:6f:e4:f2:64:63:21:
                    28:d8:00:ff:7d:3f:3b:b8:5e:8e:01:db:a1:ac:9a:
                    c4:eb:a8:09:33:ee:9b:69:13:21:87:c6:94:7f:80:
                    68:e3:1e:f0:ee:cd:7d:a0:3c:4c:23:0c:cf:6a:bc:
                    31:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:4C:33:F3:DA:B3:B3:84:F5:15:E6:1D:A7:80:EA:57:77:C5:3C:6D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1f9ad744-aec7-4b50-a661-870cbf13be01.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.85.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:f0:79:c8:40:1e:84:59:cc:50:d0:1d:c1:11:31:ad:26:ff:
         6d:b9:9d:ac:29:06:4f:80:0f:1c:c8:fe:1e:4c:21:ed:67:ce:
         98:7f:aa:17:af:21:20:f2:d9:90:71:80:0e:95:cd:ad:14:e3:
         6c:ae:1f:2d:db:ab:fa:56:f1:44:b4:45:43:6d:02:ae:24:63:
         02:40:b9:ab:7e:ba:17:ed:ee:08:8a:06:c1:2a:82:85:7e:ca:
         46:22:11:2f:a5:78:ad:68:ed:fa:e2:13:82:5a:d8:e7:52:7d:
         32:b5:ec:10:97:d2:84:e8:30:e2:16:01:69:16:47:cc:8b:fb:
         5e:ab:bd:0b:97:e4:0c:12:fa:bc:f0:8b:93:cc:08:96:c2:7d:
         d7:e4:14:0f:09:0a:d9:a8:c4:80:67:8b:ca:2f:eb:52:5c:50:
         bc:4c:31:85:48:05:da:43:6b:d7:6e:ed:c1:01:06:65:df:e1:
         27:44:fe:d9:80:48:88:49:73:5d:6a:df:1f:e1:0c:cb:42:85:
         cd:ac:33:c3:f1:b2:09:b6:5b:05:a7:a9:24:36:bd:a0:94:1d:
         ed:04:ba:68:8b:ea:5d:71:08:12:4b:ec:fb:76:bd:7f:02:69:
         66:2b:6b:7d:91:ab:14:6f:c4:52:90:f7:f4:e0:98:a8:65:ba:
         06:df:17:a4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWynLKByz7d9Q+/4TCvshyTccu2AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDY1MDExWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZDVmODY1YmQzYzliNDA3YzBlZGMwYjY5MWZmNzQ5MWI1
MThhM2QzNDFiMDc5NjVjYjkzYzQyYzk4YWYwOTQ3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2flHoiHKmg8UdOFzbDp1GTwxubZopytZAFQ2IeZlIMZRG
H2GrJpsVU3FLBtlNCWMpWZti0KihXE2GlroiP/E8MuXYYgst8g/aevlAanmxlsB/
Ksa8icgw2d6FNOcOO4VVa7LRIXdWKmTnTJtmaR8w/gDS9avVOD/idTbAfciXxq0r
bsiaMpa8QUw2dre5TZrHZdjBpvsHXC+3GJnwBfdP47bcuni1HZIYIPhUrxyj0Rx3
S/zoQqPaW/t6rrTUCDOp4H6JPbqCm5Ni02/k8mRjISjYAP99Pzu4Xo4B26GsmsTr
qAkz7ptpEyGHxpR/gGjjHvDuzX2gPEwjDM9qvDGhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwkwz89qzs4T1FeYdp4DqV3fFPG0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFmOWFkNzQ0LWFlYzctNGI1MC1hNjYxLTg3MGNiZjEzYmUwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE0VfgwDQYJKoZIhvcNAQELBQADggEBAHrwechAHoRZzFDQHcERMa0m/225
nawpBk+ADxzI/h5MIe1nzph/qhevISDy2ZBxgA6Vza0U42yuHy3bq/pW8US0RUNt
Aq4kYwJAuat+uhft7giKBsEqgoV+ykYiES+leK1o7friE4Ja2OdSfTK17BCX0oTo
MOIWAWkWR8yL+16rvQuX5AwS+rzwi5PMCJbCfdfkFA8JCtmoxIBni8ov61JcULxM
MYVIBdpDa9du7cEBBmXf4SdE/tmASIhJc11q3x/hDMtChc2sM8Pxsgm2WwWnqSQ2
vaCUHe0EumiL6l1xCBJL7Pt2vX8CaWYra32RqxRvxFKQ9/TgmKhlugbfF6Q=
-----END CERTIFICATE-----
Generated at Mon Oct 20 02:59:32 2025 by rpki-client