Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2cd4e3dc-4ef5-4487-b00f-142b8b8ff3c0.roa
File:                     2cd4e3dc-4ef5-4487-b00f-142b8b8ff3c0.roa (raw, json)
Hash identifier:          uZjzldDDjtnXhz54+b1l1GQXGmT465GKC1tWnedFbgk=
Subject key identifier:   A6:C4:35:FA:4E:74:4D:CA:83:E4:3A:EE:D8:39:44:F0:49:DF:60:EB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       70042190F1A32A2401951D9E882FF43F44534524
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2cd4e3dc-4ef5-4487-b00f-142b8b8ff3c0.roa
Signing time:             Mon 18 Aug 2025 18:07:22 +0000
ROA not before:           Mon 18 Aug 2025 18:07:22 +0000
ROA not after:            Mon 22 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        3.2.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:04:21:90:f1:a3:2a:24:01:95:1d:9e:88:2f:f4:3f:44:53:45:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug 18 18:07:22 2025 GMT
            Not After : Sep 22 23:59:59 2025 GMT
        Subject: serialNumber=7a4efc7a6235b09aff05134b0d61da899299ed9a722c9e07b664d590f7257aa3, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8b:a6:1f:38:1a:23:8b:1a:45:f5:6a:29:d6:
                    74:e5:4c:9f:e4:4d:26:2e:5a:0a:c6:e2:d3:be:08:
                    90:72:57:52:41:34:5e:b7:fe:37:11:8d:e1:35:dc:
                    25:0f:ff:35:6b:b4:93:f5:bb:ea:dc:44:8f:bd:0e:
                    85:44:81:db:db:ef:25:c5:c6:43:f2:f2:d6:ad:cd:
                    08:02:d3:88:a8:c1:c7:d4:e5:ef:91:96:6d:b4:cf:
                    4d:4e:9f:63:5b:61:41:0f:5d:de:0f:f9:40:1d:3d:
                    2a:35:ec:a1:ed:73:d1:c6:a8:01:f9:fa:2b:8e:c0:
                    0d:00:af:6c:42:7c:d7:b9:fb:a7:32:e8:b9:f5:72:
                    3e:97:20:ea:f6:c2:b2:82:22:ff:b7:fe:ab:48:60:
                    1c:e8:f7:b2:4b:41:c8:83:e4:6e:ac:a0:c7:bf:3e:
                    8f:b4:33:5a:51:27:03:0d:c1:ba:35:77:fd:da:50:
                    c2:49:28:72:01:a2:23:ce:29:fb:68:0c:ca:75:12:
                    c3:80:82:98:83:83:d0:a8:2a:b0:38:59:29:e6:cd:
                    4b:d7:4e:f3:fe:26:39:e1:e1:e6:17:2e:64:c0:68:
                    a9:4a:01:81:b1:00:0e:ac:3d:9f:bc:a7:b3:0b:d5:
                    cc:a1:63:80:ae:cf:f8:12:a0:20:64:8d:67:b9:3b:
                    e8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:C4:35:FA:4E:74:4D:CA:83:E4:3A:EE:D8:39:44:F0:49:DF:60:EB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2cd4e3dc-4ef5-4487-b00f-142b8b8ff3c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.2.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:ae:0f:d8:d1:03:d6:49:e4:79:6d:ce:15:28:49:b5:cb:b0:
         6a:de:7c:e7:52:c7:ec:26:af:22:a0:c6:2c:75:2f:11:1d:91:
         d2:fd:23:32:be:eb:9c:72:71:90:63:68:a0:86:8d:33:83:93:
         a7:cc:ee:29:5f:67:43:ae:54:79:eb:b3:7a:7e:86:be:80:83:
         fe:b6:e3:7e:95:86:50:e6:1d:14:d6:81:5f:22:36:f8:f2:02:
         a6:6f:b0:cc:07:d5:13:d1:8f:91:46:57:a7:b1:0f:e3:07:a0:
         38:f0:21:7c:79:44:9e:e4:5a:05:2f:8b:fa:25:43:b2:de:7a:
         13:ba:7c:22:fe:e3:9d:84:04:59:2a:3a:21:1f:a5:1f:d1:38:
         58:1e:3b:9a:da:98:34:e7:64:d0:df:a3:5a:b7:5d:b5:76:b4:
         70:b9:e4:dc:61:48:cf:2c:c4:e8:aa:95:74:f0:5f:73:7c:dd:
         6d:59:54:56:ff:63:69:ff:0c:fe:95:f6:81:5b:65:96:27:a1:
         14:38:ec:b8:a3:23:87:34:7a:33:67:a4:dc:45:5f:50:a4:a5:
         d2:cf:a1:50:e1:25:22:95:02:4c:c6:b6:97:e4:1c:83:88:00:
         fa:eb:32:7a:be:aa:f4:69:3a:c6:1f:0a:3b:8f:81:00:e2:e6:
         e3:14:f1:e5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcAQhkPGjKiQBlR2eiC/0P0RTRSQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODE4MTgwNzIyWhcNMjUwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YTRlZmM3YTYyMzViMDlhZmYwNTEzNGIwZDYxZGE4OTky
OTllZDlhNzIyYzllMDdiNjY0ZDU5MGY3MjU3YWEzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyi6YfOBojixpF9Wop1nTlTJ/kTSYuWgrG4tO+CJByV1JB
NF63/jcRjeE13CUP/zVrtJP1u+rcRI+9DoVEgdvb7yXFxkPy8tatzQgC04iowcfU
5e+Rlm20z01On2NbYUEPXd4P+UAdPSo17KHtc9HGqAH5+iuOwA0Ar2xCfNe5+6cy
6Ln1cj6XIOr2wrKCIv+3/qtIYBzo97JLQciD5G6soMe/Po+0M1pRJwMNwbo1d/3a
UMJJKHIBoiPOKftoDMp1EsOAgpiDg9CoKrA4WSnmzUvXTvP+Jjnh4eYXLmTAaKlK
AYGxAA6sPZ+8p7ML1cyhY4Cuz/gSoCBkjWe5O+jhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpsQ1+k50TcqD5Dru2DlE8EnfYOswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJjZDRlM2RjLTRlZjUtNDQ4Ny1iMDBmLTE0MmI4YjhmZjNjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADAlYwDQYJKoZIhvcNAQELBQADggEBAIWuD9jRA9ZJ5HltzhUoSbXLsGre
fOdSx+wmryKgxix1LxEdkdL9IzK+65xycZBjaKCGjTODk6fM7ilfZ0OuVHnrs3p+
hr6Ag/62436VhlDmHRTWgV8iNvjyAqZvsMwH1RPRj5FGV6exD+MHoDjwIXx5RJ7k
WgUvi/olQ7LeehO6fCL+452EBFkqOiEfpR/ROFgeO5ramDTnZNDfo1q3XbV2tHC5
5NxhSM8sxOiqlXTwX3N83W1ZVFb/Y2n/DP6V9oFbZZYnoRQ47LijI4c0ejNnpNxF
X1CkpdLPoVDhJSKVAkzGtpfkHIOIAPrrMnq+qvRpOsYfCjuPgQDi5uMU8eU=
-----END CERTIFICATE-----