Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/723e629f-f97d-4a9a-9ef2-6b6a34eca848.roa
File:                     723e629f-f97d-4a9a-9ef2-6b6a34eca848.roa (raw, json)
Hash identifier:          CgvnzJnsa3YXdq9mYQFyGZgVuvhex7thfoZ8hE9tXMw=
Subject key identifier:   7D:E0:27:5B:FD:5C:E9:A2:9C:90:F5:31:DD:E4:95:B0:09:5C:8A:B4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       025B241B5947D73A4BADEE281BCBC722EF36929B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/723e629f-f97d-4a9a-9ef2-6b6a34eca848.roa
Signing time:             Sun 19 Oct 2025 22:53:40 +0000
ROA not before:           Sun 19 Oct 2025 22:53:40 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.67.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:5b:24:1b:59:47:d7:3a:4b:ad:ee:28:1b:cb:c7:22:ef:36:92:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 22:53:40 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=8823a26a0239aa6a49d81b939dce286c21605f45f3599ad0748772f06c168baf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4d:25:79:cd:87:3f:83:72:5d:5a:e8:1c:f5:
                    6c:9b:39:23:12:00:ff:9f:94:08:63:6c:bb:07:b7:
                    8b:63:0f:a1:c3:31:9f:78:cd:c7:a4:71:fe:e4:f0:
                    b6:9c:46:ba:12:bd:43:e0:c0:07:c3:43:d4:88:4d:
                    d0:70:d3:2b:ba:34:da:15:0b:5c:5a:f8:95:96:36:
                    c8:e5:d4:8c:88:8e:bb:30:0b:e9:42:83:db:32:42:
                    18:39:16:71:7b:11:49:8d:27:77:84:ab:dc:0f:4a:
                    a9:1e:ab:8b:08:18:67:b9:8a:b2:ff:a0:6f:21:b3:
                    05:d6:b3:b4:61:40:8e:a7:fa:0b:a9:aa:11:d6:54:
                    dc:59:2c:67:18:b3:8f:96:0f:2d:f2:ec:50:d2:da:
                    b4:7a:ca:cb:30:5c:c2:2b:53:5b:6c:74:1a:cd:69:
                    23:bc:f9:4c:50:82:d3:fa:a1:0d:83:37:3c:ac:4f:
                    de:64:1b:78:60:56:ce:c5:9e:e3:c0:7f:85:ab:16:
                    5e:4d:be:dd:0a:ce:01:ca:8b:a8:95:90:d5:36:03:
                    a7:6c:05:9b:96:8e:ea:46:01:fb:03:22:7c:31:68:
                    90:6f:00:63:68:0a:83:90:64:d3:3e:4e:62:b9:d5:
                    8b:9e:6e:79:97:35:10:4e:fc:6d:38:8b:44:71:84:
                    41:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:E0:27:5B:FD:5C:E9:A2:9C:90:F5:31:DD:E4:95:B0:09:5C:8A:B4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/723e629f-f97d-4a9a-9ef2-6b6a34eca848.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.67.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:fa:e5:88:32:89:d3:f6:76:29:c0:3e:19:a7:fa:8e:c0:a3:
         8b:8a:52:3d:90:73:20:83:1c:c9:ed:6d:89:ec:16:e0:84:b4:
         73:dd:78:69:b1:59:14:9d:0b:39:3d:27:17:57:17:ba:d1:a3:
         eb:2d:f8:6d:27:3c:48:4c:54:a7:bf:0a:35:eb:39:83:0c:1f:
         3d:9e:e4:96:eb:e9:d4:cc:83:1e:d2:17:87:cd:1f:d8:2e:60:
         be:a0:3c:2e:7f:6e:bf:e5:4a:19:98:a3:fa:25:a5:ee:76:21:
         24:97:aa:c0:de:04:f2:bf:aa:b2:0f:f9:cf:e8:6e:09:22:9d:
         ac:3a:c5:32:be:43:3c:18:12:0e:6b:8e:bb:a5:9a:95:db:21:
         e5:c0:c0:ab:cc:86:00:18:ae:3b:d5:2d:c7:25:e1:18:49:ab:
         1a:7a:23:32:80:3c:4e:33:44:2f:7a:ec:a2:26:7e:13:c0:1a:
         15:11:47:8a:9f:f2:e1:32:23:9c:70:c3:97:33:18:5d:3c:20:
         ed:03:4a:cb:09:84:53:8f:b0:74:a7:bb:d1:37:7b:71:9b:5f:
         30:0d:18:d3:70:6d:8b:6c:b4:d6:d0:bb:d6:5a:ee:80:59:db:
         df:54:5c:26:6d:da:88:01:e6:52:83:23:5b:b1:45:7a:d0:78:
         05:f5:00:71
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAlskG1lH1zpLre4oG8vHIu82kpswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjI1MzQwWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ODIzYTI2YTAyMzlhYTZhNDlkODFiOTM5ZGNlMjg2YzIx
NjA1ZjQ1ZjM1OTlhZDA3NDg3NzJmMDZjMTY4YmFmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrTSV5zYc/g3JdWugc9WybOSMSAP+flAhjbLsHt4tjD6HD
MZ94zcekcf7k8LacRroSvUPgwAfDQ9SITdBw0yu6NNoVC1xa+JWWNsjl1IyIjrsw
C+lCg9syQhg5FnF7EUmNJ3eEq9wPSqkeq4sIGGe5irL/oG8hswXWs7RhQI6n+gup
qhHWVNxZLGcYs4+WDy3y7FDS2rR6ysswXMIrU1tsdBrNaSO8+UxQgtP6oQ2DNzys
T95kG3hgVs7FnuPAf4WrFl5Nvt0KzgHKi6iVkNU2A6dsBZuWjupGAfsDInwxaJBv
AGNoCoOQZNM+TmK51YuebnmXNRBO/G04i0RxhEFhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfeAnW/1c6aKckPUx3eSVsAlcirQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzcyM2U2MjlmLWY5N2QtNGE5YS05ZWYyLTZiNmEzNGVjYTg0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQ00wDQYJKoZIhvcNAQELBQADggEBACL65YgyidP2dinAPhmn+o7Ao4uK
Uj2QcyCDHMntbYnsFuCEtHPdeGmxWRSdCzk9JxdXF7rRo+st+G0nPEhMVKe/CjXr
OYMMHz2e5Jbr6dTMgx7SF4fNH9guYL6gPC5/br/lShmYo/olpe52ISSXqsDeBPK/
qrIP+c/obgkinaw6xTK+QzwYEg5rjrulmpXbIeXAwKvMhgAYrjvVLccl4RhJqxp6
IzKAPE4zRC967KImfhPAGhURR4qf8uEyI5xww5czGF08IO0DSssJhFOPsHSnu9E3
e3GbXzANGNNwbYtstNbQu9Za7oBZ299UXCZt2ogB5lKDI1uxRXrQeAX1AHE=
-----END CERTIFICATE-----