Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6813d662-d3ef-462a-8e0d-ff35d43765a4.roa
File:                     6813d662-d3ef-462a-8e0d-ff35d43765a4.roa (raw, json)
Hash identifier:          PeP44b0jsP84o7yql16qzKeT+Q6xS/7M+1lwLr7LRvw=
Subject key identifier:   8E:C3:B3:D3:C1:A4:7C:AA:41:D7:D3:72:D6:9C:C8:C4:66:D9:80:52
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4731A08D4516C43F988E0DB2F6ABADFCE8BDAE28
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6813d662-d3ef-462a-8e0d-ff35d43765a4.roa
Signing time:             Sat 18 Oct 2025 08:42:35 +0000
ROA not before:           Sat 18 Oct 2025 08:42:35 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.244.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:31:a0:8d:45:16:c4:3f:98:8e:0d:b2:f6:ab:ad:fc:e8:bd:ae:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 08:42:35 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=afee2171c91a54a33a1e21af0d98ea72f143a426c061ed985ba22b575cec4678, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e7:92:d9:66:98:11:82:4c:a1:02:94:b1:39:
                    9c:6c:82:c4:cf:27:08:50:ca:fc:83:3b:eb:ab:93:
                    96:93:bf:26:9f:cf:df:66:7a:51:50:c2:5a:80:e0:
                    a7:ea:bd:b4:2c:9f:7f:1e:19:09:a9:e5:02:ac:5b:
                    30:1d:3a:1d:56:3f:d6:94:b8:b5:a6:47:5f:5a:3e:
                    2f:f5:ba:e6:05:26:d3:44:c7:ec:2c:87:be:5f:2f:
                    44:05:61:8a:5f:23:83:87:07:d1:6d:8e:72:08:ed:
                    b2:7f:e0:af:c6:38:c4:6f:0c:60:ef:e4:b3:14:bc:
                    62:6a:d7:b7:42:ca:81:3c:83:42:d3:a2:44:75:75:
                    12:4c:40:35:74:66:aa:bb:8d:19:1c:7a:1b:f5:1f:
                    52:19:b5:c0:39:3a:36:b7:b1:7e:f6:91:71:72:6c:
                    74:3e:26:f6:ad:3a:37:24:dd:d2:4b:79:d1:23:3e:
                    ea:04:45:88:48:cd:a3:9d:2d:1a:9c:52:35:40:8a:
                    2f:be:22:75:a9:b8:e3:64:2d:89:36:e1:eb:76:71:
                    ee:35:ee:18:b3:b7:bc:25:08:b0:3c:42:8c:05:03:
                    d0:7e:17:87:af:5c:dd:5a:bc:ae:61:1a:87:76:f9:
                    34:59:94:3d:40:27:5e:5c:a1:68:a7:b0:5d:48:66:
                    c8:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:C3:B3:D3:C1:A4:7C:AA:41:D7:D3:72:D6:9C:C8:C4:66:D9:80:52
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6813d662-d3ef-462a-8e0d-ff35d43765a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.244.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4a:2c:55:2c:51:59:5f:64:2f:d5:7c:00:16:b3:64:06:db:f2:
         ce:1d:82:1f:9e:75:b8:af:21:47:20:2e:ae:19:fc:5f:46:97:
         95:98:8e:ab:7a:85:b5:11:19:05:3d:b8:2d:08:68:9e:d7:35:
         2b:5c:c1:2f:2d:79:d1:d2:45:a0:3d:23:0f:fa:79:13:59:9a:
         a5:d8:f2:ca:ea:3c:77:85:9a:34:c7:9e:f2:1f:1e:97:bf:77:
         da:eb:3a:a0:38:44:a9:ea:fc:11:6d:7f:75:8f:3b:c1:5e:e2:
         21:cb:26:30:13:f2:cd:6d:63:c9:15:63:83:ba:cd:09:9b:6e:
         56:10:1c:fb:b8:1b:d3:4b:44:cf:7f:ee:63:df:ac:a9:c0:00:
         86:27:a0:6a:32:60:3c:4c:17:30:7b:f4:3c:18:50:f7:b7:69:
         a1:a3:51:48:c3:bb:6f:a8:78:40:54:55:e2:e2:81:cb:d5:13:
         23:aa:28:ea:07:a2:b4:3f:63:9e:f3:78:83:95:93:5c:a1:e8:
         3b:8e:71:69:16:be:74:1f:91:9a:32:f1:2b:48:c1:a4:88:fc:
         b1:35:19:7d:bc:df:76:4e:99:01:bc:99:01:d7:fc:07:cc:e7:
         cd:98:93:dd:5f:b5:f1:9f:1c:cf:87:2b:27:13:76:c8:4c:74:
         31:d9:80:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURzGgjUUWxD+Yjg2y9qut/Oi9rigwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MDg0MjM1WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZmVlMjE3MWM5MWE1NGEzM2ExZTIxYWYwZDk4ZWE3MmYx
NDNhNDI2YzA2MWVkOTg1YmEyMmI1NzVjZWM0Njc4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZ55LZZpgRgkyhApSxOZxsgsTPJwhQyvyDO+urk5aTvyaf
z99melFQwlqA4KfqvbQsn38eGQmp5QKsWzAdOh1WP9aUuLWmR19aPi/1uuYFJtNE
x+wsh75fL0QFYYpfI4OHB9FtjnII7bJ/4K/GOMRvDGDv5LMUvGJq17dCyoE8g0LT
okR1dRJMQDV0Zqq7jRkcehv1H1IZtcA5Oja3sX72kXFybHQ+JvatOjck3dJLedEj
PuoERYhIzaOdLRqcUjVAii++InWpuONkLYk24et2ce417hizt7wlCLA8QowFA9B+
F4evXN1avK5hGod2+TRZlD1AJ15coWinsF1IZsjjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjsOz08GkfKpB19Ny1pzIxGbZgFIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY4MTNkNjYyLWQzZWYtNDYyYS04ZTBkLWZmMzVkNDM3NjVhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQS9DAwDQYJKoZIhvcNAQELBQADggEBAEosVSxRWV9kL9V8ABazZAbb8s4d
gh+edbivIUcgLq4Z/F9Gl5WYjqt6hbURGQU9uC0IaJ7XNStcwS8tedHSRaA9Iw/6
eRNZmqXY8srqPHeFmjTHnvIfHpe/d9rrOqA4RKnq/BFtf3WPO8Fe4iHLJjAT8s1t
Y8kVY4O6zQmbblYQHPu4G9NLRM9/7mPfrKnAAIYnoGoyYDxMFzB79DwYUPe3aaGj
UUjDu2+oeEBUVeLigcvVEyOqKOoHorQ/Y57zeIOVk1yh6DuOcWkWvnQfkZoy8StI
waSI/LE1GX2833ZOmQG8mQHX/AfM582Yk91ftfGfHM+HKycTdshMdDHZgI8=
-----END CERTIFICATE-----