Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/90b82976-4167-41bd-a016-c0998744c3e5.roa
File:                     90b82976-4167-41bd-a016-c0998744c3e5.roa (raw, json)
Hash identifier:          /Czs0KjDXZPZmLjw6ckE4gLoWBSIo3yOsD4oJe6s4OY=
Subject key identifier:   4E:B1:36:A8:8F:BB:65:95:3A:92:30:9E:F0:96:7C:CF:84:0D:64:44
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3917ABC289CC644031397CF50F536100280ABD7D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/90b82976-4167-41bd-a016-c0998744c3e5.roa
Signing time:             Sun 19 Oct 2025 15:33:55 +0000
ROA not before:           Sun 19 Oct 2025 15:33:55 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.66.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:17:ab:c2:89:cc:64:40:31:39:7c:f5:0f:53:61:00:28:0a:bd:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 15:33:55 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=de2e0587f1df46a8a2fafa21135e825264693d833b501d1b013ca0417f5a1736, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:e3:e0:8e:c5:16:67:ba:2d:a3:15:f4:1d:24:
                    0b:8a:28:72:eb:c5:34:3f:04:5b:5c:d3:ca:0f:e3:
                    d2:4c:1d:ef:91:56:8c:f3:cf:fd:27:e3:a7:a5:55:
                    08:20:58:49:4d:13:5f:eb:f0:f0:ce:ed:07:db:90:
                    65:74:11:75:d6:50:4a:bd:7e:24:53:3c:ce:e2:fc:
                    93:46:51:58:c0:85:42:2b:07:59:ed:66:63:95:ff:
                    e4:e9:9f:ab:87:f0:7a:e3:b4:1e:15:31:a3:d4:9c:
                    b8:31:74:d8:8b:91:3e:57:dd:37:58:71:5e:66:01:
                    ab:50:82:19:82:d3:9c:9a:4d:a1:f1:2b:b4:1b:f5:
                    40:55:25:66:75:f6:74:6e:79:23:56:98:de:b8:61:
                    a9:ad:ee:3b:a0:2f:1f:88:59:c9:83:36:11:08:d7:
                    6a:d8:b8:3b:79:ea:33:0d:0f:c1:6f:96:24:4a:55:
                    07:93:9f:37:42:c2:59:17:8b:4a:67:05:b7:17:d3:
                    73:e0:cf:01:28:3f:88:a2:0c:11:90:f4:84:32:69:
                    f3:07:14:c3:07:22:ba:c5:7f:a4:fd:1e:b9:63:5a:
                    63:f8:13:5e:92:db:ee:a5:7c:dc:02:bd:2d:a0:99:
                    b6:95:5c:26:01:32:50:13:4d:e9:9c:84:0a:60:bf:
                    55:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:B1:36:A8:8F:BB:65:95:3A:92:30:9E:F0:96:7C:CF:84:0D:64:44
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/90b82976-4167-41bd-a016-c0998744c3e5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.66.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:4e:28:23:28:07:ca:6f:22:29:99:e5:ed:c0:25:9b:00:ce:
         a2:a5:08:92:27:d0:9a:2a:45:52:fa:04:af:76:61:fd:33:46:
         3d:0b:56:3c:ea:93:e0:1d:ce:f4:fa:fc:df:ef:3d:3d:c2:50:
         ce:a1:c7:c5:01:0d:b9:ca:8e:da:b6:3a:73:34:2e:2c:9f:f8:
         74:83:67:f3:68:9c:af:8f:57:75:4f:4a:7a:2d:e2:28:30:59:
         e9:f9:b3:47:18:46:6d:73:72:a1:e1:ea:4e:04:6d:42:a9:8f:
         32:a0:91:40:2b:96:dd:5d:6e:24:e4:2f:25:30:b9:33:34:64:
         55:40:74:cb:39:4e:79:1f:90:b6:7b:03:9e:43:de:70:98:2c:
         6d:13:0d:87:25:ad:9e:98:3b:7b:74:ca:c5:e6:63:16:b4:54:
         f1:24:be:fa:17:d2:1f:2c:cb:c0:4a:8d:63:19:60:15:ac:1e:
         b5:44:58:17:95:75:67:47:ba:22:91:36:5a:e6:df:28:84:bc:
         2c:26:be:b6:79:c9:83:46:5b:0b:86:9b:5e:ea:83:4d:92:16:
         3f:29:6c:2a:c3:30:4b:53:1a:30:88:81:9f:c2:d7:b7:f5:b0:
         8e:95:b0:23:ea:5d:3b:80:f8:99:61:cf:e5:d7:2f:dd:eb:49:
         06:7f:c2:d7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUORerwonMZEAxOXz1D1NhACgKvX0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTUzMzU1WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZTJlMDU4N2YxZGY0NmE4YTJmYWZhMjExMzVlODI1MjY0
NjkzZDgzM2I1MDFkMWIwMTNjYTA0MTdmNWExNzM2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCS4+COxRZnui2jFfQdJAuKKHLrxTQ/BFtc08oP49JMHe+R
Vozzz/0n46elVQggWElNE1/r8PDO7QfbkGV0EXXWUEq9fiRTPM7i/JNGUVjAhUIr
B1ntZmOV/+Tpn6uH8HrjtB4VMaPUnLgxdNiLkT5X3TdYcV5mAatQghmC05yaTaHx
K7Qb9UBVJWZ19nRueSNWmN64Yamt7jugLx+IWcmDNhEI12rYuDt56jMND8FvliRK
VQeTnzdCwlkXi0pnBbcX03PgzwEoP4iiDBGQ9IQyafMHFMMHIrrFf6T9HrljWmP4
E16S2+6lfNwCvS2gmbaVXCYBMlATTemchApgv1XjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTrE2qI+7ZZU6kjCe8JZ8z4QNZEQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzkwYjgyOTc2LTQxNjctNDFiZC1hMDE2LWMwOTk4NzQ0YzNlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQmIwDQYJKoZIhvcNAQELBQADggEBAIlOKCMoB8pvIimZ5e3AJZsAzqKl
CJIn0JoqRVL6BK92Yf0zRj0LVjzqk+AdzvT6/N/vPT3CUM6hx8UBDbnKjtq2OnM0
Liyf+HSDZ/NonK+PV3VPSnot4igwWen5s0cYRm1zcqHh6k4EbUKpjzKgkUArlt1d
biTkLyUwuTM0ZFVAdMs5TnkfkLZ7A55D3nCYLG0TDYclrZ6YO3t0ysXmYxa0VPEk
vvoX0h8sy8BKjWMZYBWsHrVEWBeVdWdHuiKRNlrm3yiEvCwmvrZ5yYNGWwuGm17q
g02SFj8pbCrDMEtTGjCIgZ/C17f1sI6VsCPqXTuA+Jlhz+XXL93rSQZ/wtc=
-----END CERTIFICATE-----