Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5be2d290-6df4-4faf-a48b-8c63287157d9.roa
File:                     5be2d290-6df4-4faf-a48b-8c63287157d9.roa (raw, json)
Hash identifier:          gIsTqDAdN/a44U4ilzKyX5fNOpkJZi0hHDgKpbeg9uQ=
Subject key identifier:   99:99:DD:60:03:9D:63:D1:5E:21:93:88:E4:3A:D0:50:16:EC:06:47
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       68DB8AE75A5785A6C87129B48012A699275FD34D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5be2d290-6df4-4faf-a48b-8c63287157d9.roa
Signing time:             Sun 19 Oct 2025 13:30:19 +0000
ROA not before:           Sun 19 Oct 2025 13:30:19 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.227.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:db:8a:e7:5a:57:85:a6:c8:71:29:b4:80:12:a6:99:27:5f:d3:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 13:30:19 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=bf4295e985fff75ee598855a1997689a422f056b1e341aac92d03a42b8d9edae, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:64:af:6c:ec:ba:3f:8f:62:88:4b:a2:6f:9d:
                    b2:9a:98:01:07:93:b6:4d:2d:2d:c3:ef:5c:70:64:
                    02:cb:0d:42:fe:47:8d:c1:d0:a0:fa:63:48:dd:39:
                    b5:ed:f4:72:48:02:12:d8:38:35:48:cb:31:40:87:
                    74:ef:49:84:7a:af:9c:ef:01:c8:8e:3a:f6:20:da:
                    a2:92:72:5f:f5:6b:3b:8e:2c:07:28:e8:c5:6d:91:
                    3e:44:5d:96:d9:2f:02:ae:ea:0b:6b:13:b9:20:30:
                    ac:f1:89:59:14:99:22:64:b8:ce:93:e1:fd:a1:6f:
                    48:21:48:b4:14:6b:a0:62:f7:6b:a3:4a:29:c7:5b:
                    12:de:4e:e6:5d:6c:ba:3d:19:fa:3e:0e:39:96:50:
                    d6:8e:af:9c:42:68:7a:63:a1:05:08:d7:eb:78:8a:
                    ec:63:8f:91:84:78:b8:ef:f8:63:0c:89:d0:8d:56:
                    ee:0f:7d:15:71:0a:57:7e:f8:a6:dd:2d:9a:23:f0:
                    dc:aa:a9:cc:e4:4a:c7:b4:e4:05:2c:ea:af:4c:0e:
                    37:02:ed:b9:d9:e1:4c:f9:a4:c4:a1:95:c7:63:e7:
                    7f:ca:47:fb:c2:1d:bb:74:e8:2f:4e:ce:07:d8:26:
                    7e:e9:77:4b:3b:a4:47:1b:93:08:cb:a6:49:f0:19:
                    7e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:99:DD:60:03:9D:63:D1:5E:21:93:88:E4:3A:D0:50:16:EC:06:47
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5be2d290-6df4-4faf-a48b-8c63287157d9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.227.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:d2:f7:54:c9:e1:95:6b:24:a0:a4:c2:09:d7:1d:86:10:50:
         39:10:2b:17:35:34:a6:11:0f:8a:24:48:4b:10:48:cd:20:20:
         be:21:da:d6:a6:9c:58:29:bb:db:20:80:18:bf:b1:54:46:bd:
         5e:87:d6:6f:43:0c:61:c3:14:60:7f:4b:68:fb:e4:67:f3:12:
         d2:84:b4:b2:75:4c:2c:0f:46:d2:75:93:41:6e:82:7f:33:cd:
         86:96:c1:38:44:2d:f2:e0:c5:69:01:c4:ee:7d:72:43:b3:08:
         dc:54:73:53:38:61:98:b3:c4:c5:aa:14:84:47:22:7b:2c:8d:
         0c:8e:49:83:6a:db:9b:52:03:bd:d1:db:aa:6b:fe:93:a4:8f:
         5a:54:6e:74:ac:3f:99:7f:7e:f0:38:59:56:0f:e0:91:7a:c8:
         1b:93:01:19:87:ba:7c:42:2c:d6:e0:cf:41:82:25:62:6b:4d:
         c3:4d:be:72:a2:03:19:41:eb:8e:a9:74:b9:db:be:19:73:40:
         fc:13:13:8c:53:df:f5:fd:a2:c2:aa:df:d8:fe:9d:f8:08:42:
         4d:3d:82:45:ea:a4:de:52:d8:c2:c7:da:72:10:7b:f9:33:a9:
         10:b5:4f:ec:5a:64:fe:30:ac:80:55:71:22:86:90:12:2c:93:
         20:89:35:97
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaNuK51pXhabIcSm0gBKmmSdf000wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTMzMDE5WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZjQyOTVlOTg1ZmZmNzVlZTU5ODg1NWExOTk3Njg5YTQy
MmYwNTZiMWUzNDFhYWM5MmQwM2E0MmI4ZDllZGFlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrZK9s7Lo/j2KIS6JvnbKamAEHk7ZNLS3D71xwZALLDUL+
R43B0KD6Y0jdObXt9HJIAhLYODVIyzFAh3TvSYR6r5zvAciOOvYg2qKScl/1azuO
LAco6MVtkT5EXZbZLwKu6gtrE7kgMKzxiVkUmSJkuM6T4f2hb0ghSLQUa6Bi92uj
SinHWxLeTuZdbLo9Gfo+DjmWUNaOr5xCaHpjoQUI1+t4iuxjj5GEeLjv+GMMidCN
Vu4PfRVxCld++KbdLZoj8NyqqczkSse05AUs6q9MDjcC7bnZ4Uz5pMShlcdj53/K
R/vCHbt06C9OzgfYJn7pd0s7pEcbkwjLpknwGX7xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmZndYAOdY9FeIZOI5DrQUBbsBkcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzViZTJkMjkwLTZkZjQtNGZhZi1hNDhiLThjNjMyODcxNTdkOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAN41wwDQYJKoZIhvcNAQELBQADggEBAGLS91TJ4ZVrJKCkwgnXHYYQUDkQ
Kxc1NKYRD4okSEsQSM0gIL4h2tamnFgpu9sggBi/sVRGvV6H1m9DDGHDFGB/S2j7
5GfzEtKEtLJ1TCwPRtJ1k0Fugn8zzYaWwThELfLgxWkBxO59ckOzCNxUc1M4YZiz
xMWqFIRHInssjQyOSYNq25tSA73R26pr/pOkj1pUbnSsP5l/fvA4WVYP4JF6yBuT
ARmHunxCLNbgz0GCJWJrTcNNvnKiAxlB646pdLnbvhlzQPwTE4xT3/X9osKq39j+
nfgIQk09gkXqpN5S2MLH2nIQe/kzqRC1T+xaZP4wrIBVcSKGkBIskyCJNZc=
-----END CERTIFICATE-----