Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/89bc86dc-6a0c-4c4d-aa44-7278e85873b1.roa
File:                     89bc86dc-6a0c-4c4d-aa44-7278e85873b1.roa (raw, json)
Hash identifier:          kK/QMbUdxG15TJGxDzHuj3yI7EfGnUGYZ/m66CenoUA=
Subject key identifier:   7D:2F:FF:0F:7D:79:47:2C:DA:C0:A3:49:C1:48:D4:4B:C9:9E:01:7C
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       30239E27F75E75240EE2A0F8E3BEA63B02D142A3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/89bc86dc-6a0c-4c4d-aa44-7278e85873b1.roa
Signing time:             Sun 19 Oct 2025 04:42:17 +0000
ROA not before:           Sun 19 Oct 2025 04:42:17 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.160.164.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:23:9e:27:f7:5e:75:24:0e:e2:a0:f8:e3:be:a6:3b:02:d1:42:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 04:42:17 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=dc4d5be4cc0fa223bef9e8629732bb6b80f04cd0782e9ddaaa2c0ffc20058d99, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3a:35:28:b7:b3:82:83:5d:58:d0:57:83:9f:
                    09:b1:b6:f1:74:de:98:84:8f:ce:b5:f1:82:b3:8e:
                    6a:2d:bb:46:d3:48:a8:32:53:e7:b5:02:c8:29:ac:
                    7f:4c:de:9a:6b:f4:36:02:2f:37:ee:e1:a6:ff:92:
                    7b:88:82:ba:ae:33:70:d0:0c:99:6f:7f:47:ca:a3:
                    54:ac:b4:43:8d:b5:38:31:eb:0a:64:db:c5:32:91:
                    aa:44:11:8a:a6:23:0a:0a:c1:63:4b:10:39:57:0b:
                    f0:d0:f6:95:08:32:f2:b6:95:6d:cf:c0:f1:e1:f0:
                    61:5f:bb:cd:85:f3:e4:a8:39:6a:a6:64:c7:ad:02:
                    70:de:7d:3e:f9:73:3d:83:d7:e3:e2:b3:d1:dc:f0:
                    f1:d2:50:73:c9:d2:16:0a:5a:66:2c:3f:ad:bd:00:
                    a6:48:dd:8e:53:64:3b:83:8e:14:21:3a:a6:3a:c9:
                    4b:f9:e4:18:5d:6c:a6:34:89:74:ab:5d:8b:e6:05:
                    91:11:cf:6b:e4:59:4a:08:7e:32:c3:0f:0a:78:c3:
                    4d:5b:85:f8:15:56:6d:ed:23:52:d4:03:75:b1:e7:
                    16:c3:83:b3:ec:72:5d:0c:7e:46:c6:d1:6d:9c:fb:
                    8e:63:69:cf:d2:2c:55:c1:ea:9a:c3:3b:fc:0b:2f:
                    39:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:2F:FF:0F:7D:79:47:2C:DA:C0:A3:49:C1:48:D4:4B:C9:9E:01:7C
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/89bc86dc-6a0c-4c4d-aa44-7278e85873b1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.160.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:e1:46:de:1e:0c:95:2a:e8:9f:6e:07:a1:29:97:58:28:ff:
         94:90:fa:94:c5:09:e8:10:04:ec:46:0d:3e:c5:44:3d:9f:9b:
         0c:99:97:6f:8f:79:8a:6c:5b:3f:03:c1:21:e3:60:8a:ca:64:
         b9:94:3a:07:dc:29:6e:7b:a1:d7:ed:6f:49:84:cf:75:7f:2c:
         01:e2:5c:59:51:d2:7c:28:e2:a8:85:c5:f8:c1:8e:14:57:c8:
         15:78:c8:af:89:54:f2:45:98:e0:fa:a7:ca:9c:98:b0:9b:0b:
         3f:68:f3:26:1e:e5:b5:fa:52:78:a0:6c:94:03:13:62:59:c7:
         ec:72:12:7e:f9:fa:4b:d5:ee:7d:a6:b3:50:c9:04:8a:c7:49:
         5c:69:9d:f4:09:7e:db:61:ea:b5:80:53:94:f1:dc:a8:ed:36:
         36:e3:5b:91:36:f9:85:6d:7f:91:c2:bf:a3:68:88:4e:c2:1d:
         fc:b3:d4:42:7c:53:83:f5:c0:e1:48:23:f1:a4:87:42:27:3a:
         dc:cc:9d:cf:30:c8:21:a4:11:93:b3:53:68:5f:aa:74:4b:6b:
         16:7f:65:36:cb:ec:cf:40:43:6b:7b:98:1d:07:93:94:60:5f:
         39:0d:64:20:f7:65:83:c5:ef:e4:fb:9a:c7:51:fe:97:79:41:
         eb:8f:0a:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMCOeJ/dedSQO4qD4476mOwLRQqMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDQ0MjE3WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzRkNWJlNGNjMGZhMjIzYmVmOWU4NjI5NzMyYmI2Yjgw
ZjA0Y2QwNzgyZTlkZGFhYTJjMGZmYzIwMDU4ZDk5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmOjUot7OCg11Y0FeDnwmxtvF03piEj8618YKzjmotu0bT
SKgyU+e1AsgprH9M3ppr9DYCLzfu4ab/knuIgrquM3DQDJlvf0fKo1SstEONtTgx
6wpk28UykapEEYqmIwoKwWNLEDlXC/DQ9pUIMvK2lW3PwPHh8GFfu82F8+SoOWqm
ZMetAnDefT75cz2D1+Pis9Hc8PHSUHPJ0hYKWmYsP629AKZI3Y5TZDuDjhQhOqY6
yUv55BhdbKY0iXSrXYvmBZERz2vkWUoIfjLDDwp4w01bhfgVVm3tI1LUA3Wx5xbD
g7Pscl0MfkbG0W2c+45jac/SLFXB6prDO/wLLzkRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfS//D315RyzawKNJwUjUS8meAXwwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg5YmM4NmRjLTZhMGMtNGM0ZC1hYTQ0LTcyNzhlODU4NzNiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAESoKQwDQYJKoZIhvcNAQELBQADggEBAAvhRt4eDJUq6J9uB6Epl1go/5SQ
+pTFCegQBOxGDT7FRD2fmwyZl2+PeYpsWz8DwSHjYIrKZLmUOgfcKW57odftb0mE
z3V/LAHiXFlR0nwo4qiFxfjBjhRXyBV4yK+JVPJFmOD6p8qcmLCbCz9o8yYe5bX6
UnigbJQDE2JZx+xyEn75+kvV7n2ms1DJBIrHSVxpnfQJftth6rWAU5Tx3KjtNjbj
W5E2+YVtf5HCv6NoiE7CHfyz1EJ8U4P1wOFII/Gkh0InOtzMnc8wyCGkEZOzU2hf
qnRLaxZ/ZTbL7M9AQ2t7mB0Hk5RgXzkNZCD3ZYPF7+T7msdR/pd5QeuPCps=
-----END CERTIFICATE-----