Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4861bb50-138b-44c5-90c8-95e3d51519d4.roa
File:                     4861bb50-138b-44c5-90c8-95e3d51519d4.roa (raw, json)
Hash identifier:          JOObum/oXJQ4m+5fRrNfng0B/TJfdHQ3n+QwIdvlSzE=
Subject key identifier:   72:83:FC:B5:81:79:C0:CC:EF:C7:0F:71:84:89:B6:31:C1:D1:5B:37
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       581D731FB614135913C6571D727F8E64EE8B79DA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4861bb50-138b-44c5-90c8-95e3d51519d4.roa
Signing time:             Mon 11 May 2026 01:00:33 +0000
ROA not before:           Mon 11 May 2026 01:00:33 +0000
ROA not after:            Sun 09 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        15.158.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 13 May 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:1d:73:1f:b6:14:13:59:13:c6:57:1d:72:7f:8e:64:ee:8b:79:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 11 01:00:33 2026 GMT
            Not After : Aug  9 23:59:59 2026 GMT
        Subject: serialNumber=a29b70207087f36195abdc0261c0ccff48cd84263fa4a3903958f79ca0ed3dfc, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9c:13:a5:73:90:ab:34:35:39:89:95:03:47:
                    2d:d1:dc:18:f3:5b:4f:4c:d4:89:05:f3:8a:0a:98:
                    c4:a1:ed:3f:e7:7f:bb:d0:c6:9d:09:e7:3f:52:17:
                    44:7e:a9:83:bb:1d:d2:b9:b5:82:50:c4:27:f0:ec:
                    68:f6:cf:39:10:3d:01:dc:04:5e:99:7c:02:3f:e9:
                    40:0d:c0:bb:6f:88:08:7e:09:5e:db:a9:72:9f:17:
                    b8:4a:29:95:b1:e3:01:d7:47:cf:e1:a9:27:21:34:
                    30:13:e7:f3:35:d5:87:f8:4d:ab:a9:da:1a:6b:6c:
                    4b:76:99:33:08:e3:b1:17:5c:d4:12:ab:20:52:7a:
                    d4:16:e3:ff:70:75:50:b3:94:34:83:55:5d:62:82:
                    36:6e:e7:ed:cd:d7:0c:45:cd:b1:7a:ae:4f:5c:37:
                    25:93:48:c4:3c:4f:99:1c:d4:0e:2e:de:31:83:b9:
                    02:2f:ee:f5:8c:e3:80:b0:b5:1a:80:3d:d4:01:db:
                    33:8c:78:e1:a8:1e:a1:04:30:01:0a:e7:81:fb:26:
                    92:ba:2a:07:b8:23:0a:52:80:fd:32:5c:25:e4:1e:
                    25:8b:05:ff:cb:7f:7a:47:77:98:b1:ee:e1:ff:49:
                    00:8f:3b:9b:98:e0:19:b2:53:77:b7:0f:71:26:61:
                    47:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:83:FC:B5:81:79:C0:CC:EF:C7:0F:71:84:89:B6:31:C1:D1:5B:37
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4861bb50-138b-44c5-90c8-95e3d51519d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.158.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:95:62:60:a9:80:6b:8a:81:10:56:21:64:cf:e0:61:d6:74:
         32:de:a3:8f:d0:99:af:cb:09:37:99:c7:d7:e5:a5:da:b7:7e:
         f2:e0:cc:ef:9f:c0:87:63:7b:d1:35:83:19:a5:a8:36:ef:24:
         01:fc:d8:e3:65:a1:4f:90:fe:cb:14:9b:cc:96:ff:06:60:c4:
         e7:cf:e4:c8:24:af:51:18:f2:42:d2:64:7a:1d:38:ab:6f:5f:
         a2:7d:ad:8a:14:ec:f2:00:71:49:67:4b:9f:36:ac:92:5a:f5:
         8c:b2:4b:ee:01:08:e0:a3:c3:c4:b2:f2:6b:24:45:1a:1f:ed:
         ef:fa:20:36:3f:af:17:41:1b:f6:6a:0a:ba:51:75:b2:27:a1:
         9a:59:69:0e:b8:f7:ac:c9:f3:1a:7f:7a:eb:00:97:de:35:9c:
         69:87:5f:5d:b0:56:4b:57:6d:0b:fb:9f:ec:21:aa:3e:b3:99:
         0f:a9:9a:0f:8b:42:6d:06:19:9f:e5:b5:dc:28:8c:69:f8:65:
         0e:2f:0e:ec:a9:a8:a1:2d:b5:57:0f:c1:b4:52:32:f7:2b:ea:
         34:86:24:55:d2:d3:ba:bc:1f:35:ee:b2:46:35:dd:43:22:36:
         76:88:db:a4:b8:06:6b:9d:49:80:04:ba:cc:a8:b0:72:3d:84:
         50:09:8c:e4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWB1zH7YUE1kTxlcdcn+OZO6LedowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTExMDEwMDMzWhcNMjYwODA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjliNzAyMDcwODdmMzYxOTVhYmRjMDI2MWMwY2NmZjQ4
Y2Q4NDI2M2ZhNGEzOTAzOTU4Zjc5Y2EwZWQzZGZjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmnBOlc5CrNDU5iZUDRy3R3BjzW09M1IkF84oKmMSh7T/n
f7vQxp0J5z9SF0R+qYO7HdK5tYJQxCfw7Gj2zzkQPQHcBF6ZfAI/6UANwLtviAh+
CV7bqXKfF7hKKZWx4wHXR8/hqSchNDAT5/M11Yf4Taup2hprbEt2mTMI47EXXNQS
qyBSetQW4/9wdVCzlDSDVV1igjZu5+3N1wxFzbF6rk9cNyWTSMQ8T5kc1A4u3jGD
uQIv7vWM44CwtRqAPdQB2zOMeOGoHqEEMAEK54H7JpK6Kge4IwpSgP0yXCXkHiWL
Bf/Lf3pHd5ix7uH/SQCPO5uY4BmyU3e3D3EmYUfdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcoP8tYF5wMzvxw9xhIm2McHRWzcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ4NjFiYjUwLTEzOGItNDRjNS05MGM4LTk1ZTNkNTE1MTlkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAPnukwDQYJKoZIhvcNAQELBQADggEBAEeVYmCpgGuKgRBWIWTP4GHWdDLe
o4/Qma/LCTeZx9flpdq3fvLgzO+fwIdje9E1gxmlqDbvJAH82ONloU+Q/ssUm8yW
/wZgxOfP5Mgkr1EY8kLSZHodOKtvX6J9rYoU7PIAcUlnS582rJJa9YyyS+4BCOCj
w8Sy8mskRRof7e/6IDY/rxdBG/ZqCrpRdbInoZpZaQ6496zJ8xp/eusAl941nGmH
X12wVktXbQv7n+whqj6zmQ+pmg+LQm0GGZ/ltdwojGn4ZQ4vDuypqKEttVcPwbRS
Mvcr6jSGJFXS07q8HzXuskY13UMiNnaI26S4BmudSYAEusyosHI9hFAJjOQ=
-----END CERTIFICATE-----