Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/68c1649b-0a09-49a0-ad59-b182a19a2105.roa
File:                     68c1649b-0a09-49a0-ad59-b182a19a2105.roa (raw, json)
Hash identifier:          VqksVEHsuadOsoJcIwjxk+e7u4erNLPlJNiICBinUEU=
Subject key identifier:   11:F5:B3:2C:C1:B1:6E:F9:C3:30:64:25:6C:80:B2:12:C0:44:4D:21
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       675FA7A0910121D1EA874557C29EFBF9CFF7ED00
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/68c1649b-0a09-49a0-ad59-b182a19a2105.roa
Signing time:             Sat 18 Oct 2025 11:33:47 +0000
ROA not before:           Sat 18 Oct 2025 11:33:47 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.244.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 23 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:5f:a7:a0:91:01:21:d1:ea:87:45:57:c2:9e:fb:f9:cf:f7:ed:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 11:33:47 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=41b9661ad4e489af23b768c08448065d578bb93dbc8bb2489d4503814c24dbda, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d5:9f:e6:e8:40:74:35:f6:bc:1e:89:6d:ef:
                    24:b9:f5:e9:02:d4:cb:88:d7:44:f9:c8:93:c4:43:
                    05:d3:8d:70:58:a8:76:fc:36:7b:15:4c:0b:ca:f9:
                    3c:11:8c:c3:c9:0e:47:3a:dd:a9:b9:95:95:f8:e5:
                    59:79:59:e4:d0:c1:ec:93:80:3a:ce:a9:f6:02:3a:
                    ce:20:49:b0:fb:a7:0a:d8:04:16:aa:31:e7:db:aa:
                    e6:8b:8c:9d:93:28:7b:5e:c6:dd:60:5a:2d:16:55:
                    63:54:99:95:af:e7:1b:7a:d2:6a:2c:59:fd:42:a3:
                    61:d0:ea:19:73:21:c9:2d:68:27:12:9c:67:e6:4c:
                    56:c2:f1:c9:b1:d6:f1:06:ff:33:85:6e:5d:00:fb:
                    42:0d:39:06:c7:67:92:59:21:8d:46:47:05:85:ba:
                    c2:d6:cb:39:f4:d9:db:03:6e:08:b9:04:91:79:54:
                    ef:4b:60:6a:e8:3b:01:bd:24:e4:3f:da:b1:96:30:
                    3c:89:18:e4:36:09:15:f8:04:8b:a0:37:c7:7e:b0:
                    a8:63:b6:a2:ab:22:c3:32:c6:37:09:4c:7c:db:a3:
                    00:92:a2:d3:d8:9b:3a:28:b0:17:3c:35:8b:e3:e4:
                    0b:d7:38:0b:fd:f9:25:1e:81:42:29:03:1c:34:c3:
                    75:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:F5:B3:2C:C1:B1:6E:F9:C3:30:64:25:6C:80:B2:12:C0:44:4D:21
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/68c1649b-0a09-49a0-ad59-b182a19a2105.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.244.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:22:0e:9e:60:dd:13:89:ae:8e:d0:5c:c1:15:3b:b1:cb:52:
         87:b4:fd:05:64:97:f0:50:1f:60:84:e3:ce:e4:af:2f:59:bc:
         7c:ea:25:f3:ca:dd:62:5d:9d:25:dc:c7:21:cd:d8:04:c3:47:
         88:b1:7e:a6:64:6a:59:1c:ad:f9:3d:f9:f9:df:d3:c8:2d:53:
         96:8e:61:dc:a9:79:b2:52:10:0e:a2:19:0c:61:15:3f:98:70:
         37:c9:cc:36:e8:ee:4e:11:25:4e:08:77:c0:f7:fa:81:b9:46:
         88:a7:06:eb:d6:72:19:04:d2:0f:6e:91:e4:6f:c5:d7:40:bb:
         d2:1c:5e:af:e4:04:ec:16:75:f4:36:90:ae:9e:23:eb:70:d1:
         38:e8:ba:7a:8f:cf:60:1c:d1:9f:2f:dd:45:fd:eb:5e:dd:a4:
         d6:ca:01:2d:84:11:c6:ca:da:ce:9a:c2:6d:81:e2:53:8e:1f:
         83:25:44:70:0f:f7:ea:10:eb:77:89:79:ba:f8:42:ee:f8:b4:
         29:78:43:0f:16:7b:56:dc:f7:d0:f6:9f:1b:50:96:d8:81:48:
         09:55:b6:f1:56:bc:06:e0:f0:0a:69:b9:e5:3d:2c:88:f9:c7:
         4d:5b:d2:6e:b5:07:3b:d8:bb:b2:dc:ad:f8:07:dc:69:36:a5:
         d4:e7:2d:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ1+noJEBIdHqh0VXwp77+c/37QAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTEzMzQ3WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MWI5NjYxYWQ0ZTQ4OWFmMjNiNzY4YzA4NDQ4MDY1ZDU3
OGJiOTNkYmM4YmIyNDg5ZDQ1MDM4MTRjMjRkYmRhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDG1Z/m6EB0Nfa8Holt7yS59ekC1MuI10T5yJPEQwXTjXBY
qHb8NnsVTAvK+TwRjMPJDkc63am5lZX45Vl5WeTQweyTgDrOqfYCOs4gSbD7pwrY
BBaqMefbquaLjJ2TKHtext1gWi0WVWNUmZWv5xt60mosWf1Co2HQ6hlzIcktaCcS
nGfmTFbC8cmx1vEG/zOFbl0A+0INOQbHZ5JZIY1GRwWFusLWyzn02dsDbgi5BJF5
VO9LYGroOwG9JOQ/2rGWMDyJGOQ2CRX4BIugN8d+sKhjtqKrIsMyxjcJTHzbowCS
otPYmzoosBc8NYvj5AvXOAv9+SUegUIpAxw0w3XbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEfWzLMGxbvnDMGQlbICyEsBETSEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY4YzE2NDliLTBhMDktNDlhMC1hZDU5LWIxODJhMTlhMjEwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAS9FEwDQYJKoZIhvcNAQELBQADggEBABQiDp5g3ROJro7QXMEVO7HLUoe0
/QVkl/BQH2CE487kry9ZvHzqJfPK3WJdnSXcxyHN2ATDR4ixfqZkalkcrfk9+fnf
08gtU5aOYdypebJSEA6iGQxhFT+YcDfJzDbo7k4RJU4Id8D3+oG5RoinBuvWchkE
0g9ukeRvxddAu9IcXq/kBOwWdfQ2kK6eI+tw0TjounqPz2Ac0Z8v3UX9617dpNbK
AS2EEcbK2s6awm2B4lOOH4MlRHAP9+oQ63eJebr4Qu74tCl4Qw8We1bc99D2nxtQ
ltiBSAlVtvFWvAbg8AppueU9LIj5x01b0m61BzvYu7LcrfgH3Gk2pdTnLb4=
-----END CERTIFICATE-----