Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7586c0eb-9008-47ee-9571-bd669ea66396.roa
File:                     7586c0eb-9008-47ee-9571-bd669ea66396.roa (raw, json)
Hash identifier:          +PykgTGq9e1ufqMTR4yWDor3n0OJyGSnjEMCWSMRefM=
Subject key identifier:   60:F2:AD:2B:63:0E:33:14:7B:91:DB:55:AC:2F:F0:1B:DE:B7:E2:F7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       79CAC6766346975EE479DA9CE646637D9383FB35
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7586c0eb-9008-47ee-9571-bd669ea66396.roa
Signing time:             Sun 19 Oct 2025 23:32:42 +0000
ROA not before:           Sun 19 Oct 2025 23:32:42 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.32.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:ca:c6:76:63:46:97:5e:e4:79:da:9c:e6:46:63:7d:93:83:fb:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 23:32:42 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=989401450a409038a12c5835805bd6e1c452fe40ddcf58416defe7fe6ea5fc61, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d2:d6:e3:16:b8:a0:b6:dc:11:9d:b6:66:c5:
                    67:b5:f0:cc:06:40:6e:ab:f3:e0:26:7a:94:69:8b:
                    ba:31:e7:cc:f3:95:06:70:55:27:db:72:bd:f8:bd:
                    0b:d1:e7:4b:28:b1:01:ab:16:a3:43:f2:f5:70:0f:
                    00:5b:f0:75:76:08:58:d7:7f:3f:12:2f:60:97:46:
                    88:c9:16:92:51:bf:16:80:ed:cb:3f:f6:e7:1f:a2:
                    36:7b:15:08:af:fb:72:97:4c:49:e1:52:7b:c9:bd:
                    05:7f:5a:85:95:25:95:46:f5:82:5e:87:3f:61:3e:
                    21:b4:33:58:cb:79:eb:cc:4f:aa:f6:6d:95:5e:df:
                    cb:af:76:0c:db:60:90:34:02:89:9e:22:f1:cb:4e:
                    fa:20:d1:05:03:b0:6b:77:75:b6:66:b7:dc:24:0f:
                    fb:1b:b2:5b:4d:f7:52:ae:70:91:f0:dc:02:09:6a:
                    d5:66:64:fe:f2:4f:df:61:cb:1d:a3:10:82:86:65:
                    58:0c:58:a4:fc:19:fe:fd:39:48:5c:42:d6:d9:fe:
                    ef:95:db:ed:67:e1:2e:5b:94:f2:54:26:c1:a0:f8:
                    8e:5d:e9:04:41:be:15:3d:57:e7:67:93:92:8b:1e:
                    09:7c:40:f2:85:fe:34:4d:14:c6:f0:02:ff:d8:d2:
                    37:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:F2:AD:2B:63:0E:33:14:7B:91:DB:55:AC:2F:F0:1B:DE:B7:E2:F7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7586c0eb-9008-47ee-9571-bd669ea66396.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.32.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:7d:bb:29:37:81:20:bc:60:11:06:f7:89:31:55:a4:37:1b:
         63:95:4b:e4:5e:2d:29:aa:e9:df:f2:f4:99:da:39:be:e8:65:
         53:c4:13:77:9b:26:b0:54:a8:b3:2d:4b:2b:b8:fb:72:26:b6:
         d9:5e:1b:95:34:05:22:66:cb:04:af:0a:d4:5c:f6:37:13:77:
         44:99:7b:be:ee:d4:cb:d9:73:bd:eb:74:58:ec:38:0c:f0:5c:
         b2:24:4e:a9:1f:ba:b3:49:5e:35:be:9b:5e:19:a1:9e:56:b3:
         b6:3e:1e:5a:7e:7b:b2:51:ec:0a:e6:9e:e2:2c:3f:96:af:1d:
         75:02:90:08:f1:69:d4:dc:c0:96:40:52:a4:e7:cd:b8:de:53:
         4c:90:1f:6f:82:91:2f:f5:db:53:7d:80:ff:04:58:00:8b:f0:
         81:10:39:d7:5f:70:e6:5c:c6:b2:2a:93:a1:d3:c1:6b:a0:06:
         7b:7f:4e:d0:ec:53:3d:17:f7:b3:73:ca:d3:38:86:8e:d5:ac:
         fc:55:ee:b0:a1:58:8f:36:c0:09:be:70:b2:bc:0f:10:d3:c8:
         40:ac:37:ab:8e:47:f5:79:c8:d6:8b:b1:c3:eb:cf:21:38:c9:
         c6:85:ff:a3:3f:af:9f:02:a3:48:43:94:e0:e8:cf:73:fe:85:
         2e:c2:2c:ce
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUecrGdmNGl17kedqc5kZjfZOD+zUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MjMzMjQyWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ODk0MDE0NTBhNDA5MDM4YTEyYzU4MzU4MDViZDZlMWM0
NTJmZTQwZGRjZjU4NDE2ZGVmZTdmZTZlYTVmYzYxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCY0tbjFrigttwRnbZmxWe18MwGQG6r8+AmepRpi7ox58zz
lQZwVSfbcr34vQvR50sosQGrFqND8vVwDwBb8HV2CFjXfz8SL2CXRojJFpJRvxaA
7cs/9ucfojZ7FQiv+3KXTEnhUnvJvQV/WoWVJZVG9YJehz9hPiG0M1jLeevMT6r2
bZVe38uvdgzbYJA0AomeIvHLTvog0QUDsGt3dbZmt9wkD/sbsltN91KucJHw3AIJ
atVmZP7yT99hyx2jEIKGZVgMWKT8Gf79OUhcQtbZ/u+V2+1n4S5blPJUJsGg+I5d
6QRBvhU9V+dnk5KLHgl8QPKF/jRNFMbwAv/Y0jfJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYPKtK2MOMxR7kdtVrC/wG9634vcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc1ODZjMGViLTkwMDgtNDdlZS05NTcxLWJkNjY5ZWE2NjM5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAANIDowDQYJKoZIhvcNAQELBQADggEBAB99uyk3gSC8YBEG94kxVaQ3G2OV
S+ReLSmq6d/y9JnaOb7oZVPEE3ebJrBUqLMtSyu4+3ImttleG5U0BSJmywSvCtRc
9jcTd0SZe77u1MvZc73rdFjsOAzwXLIkTqkfurNJXjW+m14ZoZ5Ws7Y+Hlp+e7JR
7ArmnuIsP5avHXUCkAjxadTcwJZAUqTnzbjeU0yQH2+CkS/121N9gP8EWACL8IEQ
OddfcOZcxrIqk6HTwWugBnt/TtDsUz0X97NzytM4ho7VrPxV7rChWI82wAm+cLK8
DxDTyECsN6uOR/V5yNaLscPrzyE4ycaF/6M/r58Co0hDlODoz3P+hS7CLM4=
-----END CERTIFICATE-----