Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7cfe388f-60a6-499c-a060-6a65e797d1ab.roa
File:                     7cfe388f-60a6-499c-a060-6a65e797d1ab.roa (raw, json)
Hash identifier:          wv+it8Pj+Q6lrn13m5uIkrjL1Kpg5cjeR3fV/S5Enx4=
Subject key identifier:   16:51:CF:39:50:31:64:31:C5:26:DB:F0:A8:EB:44:DF:57:BE:84:84
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       09B012F6D3C7CF2BDF12959227C59E34B524CE8B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7cfe388f-60a6-499c-a060-6a65e797d1ab.roa
Signing time:             Sat 18 Oct 2025 16:20:07 +0000
ROA not before:           Sat 18 Oct 2025 16:20:07 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.161.16.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:b0:12:f6:d3:c7:cf:2b:df:12:95:92:27:c5:9e:34:b5:24:ce:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 16:20:07 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=096e78797cdcfe34948a3a1d19e534efa78446c3ef410719b2a06595aceada27, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:dc:91:cc:f1:66:7f:de:af:ff:3e:1f:4a:58:
                    df:46:d7:39:52:3c:5b:32:4a:8e:a3:a6:3a:3c:22:
                    8c:9e:5b:13:05:84:86:37:5d:2b:81:2e:93:1b:f9:
                    84:66:46:78:e4:a5:76:09:2e:7d:5e:19:b9:5d:ec:
                    8d:78:fa:ea:9d:62:ab:df:04:59:78:2f:66:bb:f4:
                    6a:ae:23:fc:52:4c:7f:78:6b:cb:dd:17:52:77:0a:
                    96:44:d3:c2:61:7b:75:ec:b2:1b:c8:d1:8b:99:98:
                    0a:27:09:33:6e:b8:cd:25:e1:18:78:90:2a:fb:b6:
                    ae:0e:bf:ee:01:27:bf:6b:ee:a9:bd:5d:06:2b:84:
                    d4:76:b1:4d:9a:37:8e:44:a2:5d:6b:75:69:2e:13:
                    38:36:92:fc:27:29:8c:f9:39:61:3c:53:38:33:eb:
                    ce:a0:0a:39:a6:57:73:d5:bc:9a:47:c5:bf:ac:71:
                    ca:aa:81:9a:f4:08:29:10:2d:bc:a0:22:c8:c1:11:
                    dd:1f:99:78:97:a1:99:da:3d:74:b2:d3:71:4f:13:
                    38:7e:12:2b:6d:bd:ac:02:ee:56:e7:e7:ee:68:27:
                    22:a9:96:f6:dd:c3:b2:a0:9f:6a:32:e7:fe:b0:df:
                    da:fe:21:b6:ee:1f:d5:90:06:2b:ec:5e:af:56:8e:
                    2a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:51:CF:39:50:31:64:31:C5:26:DB:F0:A8:EB:44:DF:57:BE:84:84
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7cfe388f-60a6-499c-a060-6a65e797d1ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.161.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         08:07:69:0e:78:7b:7f:ad:4a:63:67:81:79:3c:4b:73:14:23:
         f1:1a:44:0a:ab:91:a8:90:84:2f:9c:c0:bf:eb:6e:27:1b:01:
         3d:4d:5b:f8:c6:13:c9:65:63:87:03:58:94:1b:1e:5b:a8:79:
         e1:1b:e8:84:ce:7c:83:cb:ed:73:11:87:2f:ba:c1:c4:12:d8:
         0b:30:f9:e8:b7:c7:1b:f5:0c:32:3a:d9:c9:e0:91:ba:25:92:
         71:27:59:e3:ce:2a:43:d0:4b:cd:0b:5f:da:6d:6f:95:19:27:
         6c:38:87:23:6e:5b:66:a3:c3:75:41:1c:78:3d:d4:3b:da:fc:
         f5:a2:64:55:8c:6a:74:94:a6:50:db:83:ce:27:a3:6e:af:61:
         f3:d4:3d:15:21:8e:29:cc:9f:8b:e0:28:8c:ff:83:c8:0c:6a:
         07:13:6f:31:76:51:eb:db:b8:58:60:ec:3a:0b:67:18:87:e8:
         b6:10:0d:4f:d0:b8:8d:00:11:48:23:9e:da:92:02:ee:9e:1f:
         07:d4:9f:2a:c7:74:cb:8e:ee:d2:eb:c2:dd:64:5c:c2:cd:e0:
         90:9d:a1:f4:ad:f8:a2:e8:dc:10:6b:2d:df:fe:8b:0b:27:63:
         74:31:77:08:ba:0b:6f:01:d2:ed:e6:a6:61:9e:7c:5a:d1:73:
         82:f7:3d:e4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCbAS9tPHzyvfEpWSJ8WeNLUkzoswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTYyMDA3WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwOTZlNzg3OTdjZGNmZTM0OTQ4YTNhMWQxOWU1MzRlZmE3
ODQ0NmMzZWY0MTA3MTliMmEwNjU5NWFjZWFkYTI3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCa3JHM8WZ/3q//Ph9KWN9G1zlSPFsySo6jpjo8IoyeWxMF
hIY3XSuBLpMb+YRmRnjkpXYJLn1eGbld7I14+uqdYqvfBFl4L2a79GquI/xSTH94
a8vdF1J3CpZE08Jhe3XsshvI0YuZmAonCTNuuM0l4Rh4kCr7tq4Ov+4BJ79r7qm9
XQYrhNR2sU2aN45Eol1rdWkuEzg2kvwnKYz5OWE8Uzgz686gCjmmV3PVvJpHxb+s
ccqqgZr0CCkQLbygIsjBEd0fmXiXoZnaPXSy03FPEzh+EittvawC7lbn5+5oJyKp
lvbdw7Kgn2oy5/6w39r+IbbuH9WQBivsXq9WjirRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFlHPOVAxZDHFJtvwqOtE31e+hIQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzdjZmUzODhmLTYwYTYtNDk5Yy1hMDYwLTZhNjVlNzk3ZDFhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMSoRAwDQYJKoZIhvcNAQELBQADggEBAAgHaQ54e3+tSmNngXk8S3MUI/Ea
RAqrkaiQhC+cwL/rbicbAT1NW/jGE8llY4cDWJQbHluoeeEb6ITOfIPL7XMRhy+6
wcQS2Asw+ei3xxv1DDI62cngkbolknEnWePOKkPQS80LX9ptb5UZJ2w4hyNuW2aj
w3VBHHg91Dva/PWiZFWManSUplDbg84no26vYfPUPRUhjinMn4vgKIz/g8gMagcT
bzF2UevbuFhg7DoLZxiH6LYQDU/QuI0AEUgjntqSAu6eHwfUnyrHdMuO7tLrwt1k
XMLN4JCdofSt+KLo3BBrLd/+iwsnY3Qxdwi6C28B0u3mpmGefFrRc4L3PeQ=
-----END CERTIFICATE-----