Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8335341b-2cfd-4fbe-8fcd-8d80571044ff.roa
File:                     8335341b-2cfd-4fbe-8fcd-8d80571044ff.roa (raw, json)
Hash identifier:          dfrids9J1xCEIBCbohBjAwiVM/yFNxdvWrAmOKvRmgI=
Subject key identifier:   89:72:21:32:50:F2:92:A0:97:4C:8C:34:6C:17:E4:C9:57:21:27:22
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       24F0DA9B13D413E5B94A3ED47993E1AD3A35636D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8335341b-2cfd-4fbe-8fcd-8d80571044ff.roa
Signing time:             Fri 17 Oct 2025 23:20:11 +0000
ROA not before:           Fri 17 Oct 2025 23:20:11 +0000
ROA not after:            Fri 21 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.192.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:f0:da:9b:13:d4:13:e5:b9:4a:3e:d4:79:93:e1:ad:3a:35:63:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 17 23:20:11 2025 GMT
            Not After : Nov 21 23:59:59 2025 GMT
        Subject: serialNumber=20639b92b5e7d117290404b25a35fa0670e7515e5283d000251b029b38b8b052, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:33:df:18:24:86:bb:27:9d:74:72:42:df:45:
                    b3:b6:0b:13:90:b6:c6:cb:d6:7e:00:ac:f8:21:0f:
                    d0:91:86:31:86:91:c8:1b:43:73:d9:17:1c:aa:1b:
                    3a:60:2e:c0:1c:29:2b:60:39:c6:44:22:d2:f9:e6:
                    36:83:a5:87:53:ec:dc:af:95:f7:0b:a9:66:24:73:
                    c0:91:41:62:1f:1a:16:47:d8:39:6f:93:88:40:c1:
                    5f:f5:cf:7d:1a:e8:20:d5:fd:7d:59:e2:7b:2d:68:
                    a7:36:fa:39:fe:65:8c:fe:37:3f:b9:8e:ee:f6:63:
                    57:9c:3c:b9:8a:2b:25:f3:0e:a5:2a:9b:cb:1a:23:
                    8f:81:79:b5:bf:35:a4:3e:86:98:84:39:12:66:31:
                    e5:a1:13:0b:10:49:47:e4:c0:4e:52:4c:e8:d5:6a:
                    08:94:70:1b:3d:22:32:66:c5:35:8d:b0:09:fe:45:
                    fa:27:e8:0f:fe:0f:f5:6d:82:32:a2:46:a1:89:0d:
                    cf:11:b9:50:1d:e9:8e:77:53:cd:69:83:ac:cc:8c:
                    36:76:86:a7:ee:f2:4a:8a:15:ee:32:0b:76:27:f4:
                    15:e8:93:c5:7f:8b:34:a7:99:2f:57:7d:fd:5c:bc:
                    a5:00:3d:a2:09:2e:de:93:b4:5a:7d:16:d5:c6:0c:
                    59:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:72:21:32:50:F2:92:A0:97:4C:8C:34:6C:17:E4:C9:57:21:27:22
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8335341b-2cfd-4fbe-8fcd-8d80571044ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.192.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:1e:05:80:b1:70:53:9f:20:24:fb:82:b1:38:6a:7e:37:5f:
         c3:c0:32:9a:43:11:e5:54:9f:b1:55:47:35:d5:28:72:d6:59:
         de:05:7c:ae:bb:18:8a:fe:a6:40:ae:88:4f:72:de:4c:ae:40:
         8c:6f:da:82:ad:a5:d4:a1:1f:0b:21:03:a5:78:e5:1b:20:d8:
         d7:74:1f:94:3e:04:76:c6:34:a9:68:26:90:73:e2:67:44:34:
         3b:1a:ad:e1:ee:5c:59:22:1f:81:8e:6e:36:56:78:29:76:72:
         4a:2f:9d:89:88:a5:03:03:44:af:47:96:31:98:43:68:38:1c:
         1d:10:74:a7:c1:14:85:12:b6:c8:2f:9f:89:84:df:b4:16:ec:
         3a:55:f8:6f:49:89:a3:2a:1d:45:96:ce:a7:12:f1:81:83:e0:
         87:f6:71:fc:19:e9:b3:49:84:a5:19:d4:84:41:ff:6c:a5:4f:
         b4:bc:c9:ea:46:97:dd:40:5d:c6:c1:21:a7:29:f7:0b:56:4e:
         a3:6f:5a:63:40:2b:33:a4:1f:f3:e0:c0:1a:62:fc:d3:e3:07:
         4b:c2:2b:6e:60:fe:d1:49:36:5d:66:69:3d:0a:7d:57:b2:6c:
         4b:67:ce:c6:f7:18:61:2e:29:4a:e9:e3:c3:25:4f:b0:56:07:
         bd:15:5d:29
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJPDamxPUE+W5Sj7UeZPhrTo1Y20wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE3MjMyMDExWhcNMjUxMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMDYzOWI5MmI1ZTdkMTE3MjkwNDA0YjI1YTM1ZmEwNjcw
ZTc1MTVlNTI4M2QwMDAyNTFiMDI5YjM4YjhiMDUyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2M98YJIa7J510ckLfRbO2CxOQtsbL1n4ArPghD9CRhjGG
kcgbQ3PZFxyqGzpgLsAcKStgOcZEItL55jaDpYdT7NyvlfcLqWYkc8CRQWIfGhZH
2Dlvk4hAwV/1z30a6CDV/X1Z4nstaKc2+jn+ZYz+Nz+5ju72Y1ecPLmKKyXzDqUq
m8saI4+BebW/NaQ+hpiEORJmMeWhEwsQSUfkwE5STOjVagiUcBs9IjJmxTWNsAn+
Rfon6A/+D/VtgjKiRqGJDc8RuVAd6Y53U81pg6zMjDZ2hqfu8kqKFe4yC3Yn9BXo
k8V/izSnmS9Xff1cvKUAPaIJLt6TtFp9FtXGDFntAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiXIhMlDykqCXTIw0bBfkyVchJyIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzgzMzUzNDFiLTJjZmQtNGZiZS04ZmNkLThkODA1NzEwNDRmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2wAQwDQYJKoZIhvcNAQELBQADggEBAH0eBYCxcFOfICT7grE4an43X8PA
MppDEeVUn7FVRzXVKHLWWd4FfK67GIr+pkCuiE9y3kyuQIxv2oKtpdShHwshA6V4
5Rsg2Nd0H5Q+BHbGNKloJpBz4mdENDsareHuXFkiH4GObjZWeCl2ckovnYmIpQMD
RK9HljGYQ2g4HB0QdKfBFIUStsgvn4mE37QW7DpV+G9JiaMqHUWWzqcS8YGD4If2
cfwZ6bNJhKUZ1IRB/2ylT7S8yepGl91AXcbBIacp9wtWTqNvWmNAKzOkH/PgwBpi
/NPjB0vCK25g/tFJNl1maT0KfVeybEtnzsb3GGEuKUrp48MlT7BWB70VXSk=
-----END CERTIFICATE-----