Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2c13b448-1d67-4de4-9dab-4c89022bf11f.roa
File:                     2c13b448-1d67-4de4-9dab-4c89022bf11f.roa (raw, json)
Hash identifier:          Ni2yny9ZBDoms6j3v8IIYqjJj569sJgth8/SlN+BBcA=
Subject key identifier:   48:A0:2B:33:02:83:2B:83:36:4B:86:A4:DD:1A:FA:E9:CB:D7:3A:77
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6BE0FCDBC3118D9D21EBE839E55149485CC8BD83
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2c13b448-1d67-4de4-9dab-4c89022bf11f.roa
Signing time:             Sat 18 Oct 2025 19:13:34 +0000
ROA not before:           Sat 18 Oct 2025 19:13:34 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.165.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:e0:fc:db:c3:11:8d:9d:21:eb:e8:39:e5:51:49:48:5c:c8:bd:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 19:13:34 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=338bbf9d93c7df86a8f4c61631fa5f9675b0547cb49ab084648ca7023881ac35, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:5c:78:ae:62:f4:f8:79:6a:fc:88:e5:75:8b:
                    d3:e3:e4:0d:c6:a6:6c:44:e9:fc:98:27:50:79:c0:
                    79:7a:10:67:17:23:1c:90:79:b8:61:44:a2:91:25:
                    a3:74:ec:e2:0e:df:01:a3:c7:ce:91:03:bb:80:28:
                    4d:77:84:54:72:e3:b6:78:cd:e1:5c:bd:9e:20:24:
                    de:a3:a8:33:99:66:52:c8:01:fc:9e:c3:04:83:c1:
                    ac:af:f3:99:95:11:bf:c3:94:dc:86:05:e5:c8:a5:
                    3b:7c:0b:b3:b0:08:db:ce:73:fe:ff:24:8e:cd:ca:
                    7b:5f:2a:fe:5d:22:ca:9e:08:65:4f:c6:1f:04:11:
                    22:25:90:70:0b:9a:ab:90:88:60:61:16:1b:86:fb:
                    77:ed:9b:ce:4d:ff:32:f2:b4:c8:ce:6b:d0:98:f8:
                    14:46:46:ec:14:c6:e7:ae:f6:03:28:cc:20:8e:43:
                    3c:c7:a3:dc:e0:25:68:3d:22:38:6e:83:17:8d:57:
                    32:3b:73:b4:f2:d5:44:b6:5b:b6:ff:23:36:77:d5:
                    c4:75:48:16:2d:46:cf:eb:8c:aa:f9:c2:0d:27:e2:
                    e6:fe:63:aa:4f:52:09:cb:4f:04:cc:57:9f:74:9f:
                    83:15:98:61:59:7f:da:c8:b0:5b:2c:b1:08:a4:96:
                    2d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:A0:2B:33:02:83:2B:83:36:4B:86:A4:DD:1A:FA:E9:CB:D7:3A:77
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2c13b448-1d67-4de4-9dab-4c89022bf11f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.165.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:0e:a4:6c:92:71:82:bc:43:bf:3a:97:9a:8d:b8:cb:b6:21:
         53:48:dc:af:9e:44:ee:ea:6f:93:87:d5:38:c6:79:18:49:ec:
         72:c1:db:9c:db:ab:4f:76:ab:f0:16:da:23:1a:27:2a:43:bb:
         b2:da:04:91:28:6c:49:a0:75:36:8e:d5:51:64:60:bc:b3:5a:
         95:ea:2f:dd:c7:ef:6a:ca:93:bb:09:52:0f:9f:c3:63:cd:24:
         04:00:06:34:4a:30:9b:78:27:cc:30:9b:38:d4:64:07:c5:8a:
         99:3d:9e:2e:31:2b:f6:5c:17:c6:5c:87:7b:33:f6:80:ca:aa:
         b2:a6:c7:a0:b1:45:62:bb:9b:22:ac:5f:0c:b5:6e:63:bb:69:
         3d:5b:cd:50:b4:25:62:af:ce:81:8e:09:cd:7d:e7:fe:1b:c4:
         04:4a:82:56:a3:46:24:74:bc:71:74:89:81:dd:fd:37:02:82:
         69:a9:6b:ba:c4:26:04:cc:52:93:ff:8a:5e:92:a6:e7:a1:07:
         22:df:b8:25:b0:e0:e9:17:db:7d:5c:27:78:17:e2:97:09:78:
         b0:d7:63:c8:5c:2f:a6:20:3c:1c:f7:3a:fb:2e:be:f8:fb:79:
         39:60:3e:bf:18:0c:ca:6f:1b:4b:1b:03:d0:e7:82:b0:e3:ff:
         82:5d:95:88
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUa+D828MRjZ0h6+g55VFJSFzIvYMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTkxMzM0WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMzhiYmY5ZDkzYzdkZjg2YThmNGM2MTYzMWZhNWY5Njc1
YjA1NDdjYjQ5YWIwODQ2NDhjYTcwMjM4ODFhYzM1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdXHiuYvT4eWr8iOV1i9Pj5A3GpmxE6fyYJ1B5wHl6EGcX
IxyQebhhRKKRJaN07OIO3wGjx86RA7uAKE13hFRy47Z4zeFcvZ4gJN6jqDOZZlLI
AfyewwSDwayv85mVEb/DlNyGBeXIpTt8C7OwCNvOc/7/JI7NyntfKv5dIsqeCGVP
xh8EESIlkHALmquQiGBhFhuG+3ftm85N/zLytMjOa9CY+BRGRuwUxueu9gMozCCO
QzzHo9zgJWg9IjhugxeNVzI7c7Ty1US2W7b/IzZ31cR1SBYtRs/rjKr5wg0n4ub+
Y6pPUgnLTwTMV590n4MVmGFZf9rIsFsssQikli11AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSKArMwKDK4M2S4ak3Rr66cvXOncwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJjMTNiNDQ4LTFkNjctNGRlNC05ZGFiLTRjODkwMjJiZjExZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASpeowDQYJKoZIhvcNAQELBQADggEBAGIOpGyScYK8Q786l5qNuMu2IVNI
3K+eRO7qb5OH1TjGeRhJ7HLB25zbq092q/AW2iMaJypDu7LaBJEobEmgdTaO1VFk
YLyzWpXqL93H72rKk7sJUg+fw2PNJAQABjRKMJt4J8wwmzjUZAfFipk9ni4xK/Zc
F8Zch3sz9oDKqrKmx6CxRWK7myKsXwy1bmO7aT1bzVC0JWKvzoGOCc195/4bxARK
glajRiR0vHF0iYHd/TcCgmmpa7rEJgTMUpP/il6SpuehByLfuCWw4OkX231cJ3gX
4pcJeLDXY8hcL6YgPBz3Ovsuvvj7eTlgPr8YDMpvG0sbA9DngrDj/4JdlYg=
-----END CERTIFICATE-----