Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c58af958-30ea-40e2-92af-e96d5d0e749a.roa
File:                     c58af958-30ea-40e2-92af-e96d5d0e749a.roa (raw, json)
Hash identifier:          jcDj4cZK2x4FiILAWEhC9T1QTWoA/C5aGcgqzWJSivg=
Subject key identifier:   BD:C8:68:8F:40:25:B1:C0:FD:8A:22:86:E9:66:E5:FD:63:33:F4:76
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1535AFC303D8D009E73FA86575FFF360631B40BB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c58af958-30ea-40e2-92af-e96d5d0e749a.roa
Signing time:             Fri 10 Oct 2025 16:29:28 +0000
ROA not before:           Fri 10 Oct 2025 16:29:28 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.190.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:35:af:c3:03:d8:d0:09:e7:3f:a8:65:75:ff:f3:60:63:1b:40:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 10 16:29:28 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=84c92b8b74597f4a75ef2737e31e9fb0474822030ae6a0211bb37acaed225fa1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:79:fb:bb:fc:a7:1b:5d:4c:49:1f:5e:9e:34:
                    1a:60:8a:f5:b2:de:6c:c1:63:63:9b:71:c9:19:5f:
                    7d:61:f8:4d:ee:2a:2d:ed:78:1b:40:eb:6e:15:dd:
                    6a:14:24:44:8c:93:c8:a3:f3:44:42:43:da:d1:88:
                    78:c3:09:a4:f9:79:63:88:6a:56:76:28:7a:bb:8f:
                    e7:c5:f4:dd:30:f5:7d:98:cb:6a:c1:b3:8c:48:6b:
                    31:9b:3d:74:01:93:fb:86:2f:ca:7b:8d:d1:12:fd:
                    db:c9:90:18:c6:70:e0:a4:67:1c:86:5e:50:c7:55:
                    cf:2a:a6:f0:fa:e9:39:ca:5f:0f:69:f4:d8:eb:f3:
                    8b:07:10:2a:a1:62:3f:0d:c4:6e:c0:a4:8d:42:8c:
                    20:f5:fc:be:6a:94:ea:5c:1b:40:b8:26:91:7d:e8:
                    61:9d:48:2a:53:2f:ca:bf:18:d5:6f:e3:f8:fd:46:
                    35:6c:b9:e7:1d:99:c1:2f:2f:53:06:a6:0b:96:a9:
                    f5:ab:bb:61:b3:11:9a:ec:37:38:da:3b:fe:e5:7f:
                    0c:4d:d6:6c:d4:e1:c0:db:60:df:a4:c2:e2:3f:4a:
                    ea:58:57:cf:d4:e4:95:ab:37:38:ba:63:b2:5f:93:
                    a8:05:94:46:60:d1:91:9d:c2:39:0d:eb:21:d5:41:
                    82:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:C8:68:8F:40:25:B1:C0:FD:8A:22:86:E9:66:E5:FD:63:33:F4:76
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c58af958-30ea-40e2-92af-e96d5d0e749a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.190.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:41:6b:27:f8:c1:20:d7:7f:fa:02:ce:f1:7b:d8:3d:a3:d4:
         b4:f5:b6:76:ff:f0:9f:31:5d:54:60:49:13:1e:0b:38:bd:eb:
         68:b0:3e:32:4f:fd:f4:7c:d8:ec:97:ed:75:62:e6:d8:af:81:
         e1:dc:b9:52:b0:7c:c2:26:b3:d6:17:55:b1:bd:ce:1b:8b:c5:
         8a:5e:01:b4:a3:21:0c:96:b5:05:73:7a:98:b6:cd:25:35:e9:
         75:c0:98:59:e3:91:4f:5a:82:b2:47:69:c5:11:e0:dd:12:bc:
         a8:5a:24:6a:26:c7:e7:2e:eb:ab:8c:5d:04:db:a2:35:85:d7:
         c8:5c:09:af:0c:2e:b5:aa:04:f3:c4:2f:8a:88:18:8e:84:22:
         77:66:ec:ba:b0:90:cf:0f:79:7f:c7:65:53:d7:c2:91:ee:e9:
         e5:b9:d1:6f:c6:ce:66:85:6a:81:ba:77:f2:7e:f5:fc:e4:da:
         83:20:6c:95:cb:98:92:41:32:2e:d0:7f:d5:0f:84:7a:65:2b:
         55:c4:af:d7:cf:a1:e4:9f:2f:2b:53:19:56:3e:0d:ba:8f:26:
         c9:92:57:38:10:86:03:73:ea:a4:66:92:b8:76:5c:fc:d1:d7:
         3c:fd:fc:69:70:c6:1c:7e:8f:0a:94:f6:69:07:5f:ad:03:e2:
         f4:ac:76:37
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFTWvwwPY0AnnP6hldf/zYGMbQLswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDEwMTYyOTI4WhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NGM5MmI4Yjc0NTk3ZjRhNzVlZjI3MzdlMzFlOWZiMDQ3
NDgyMjAzMGFlNmEwMjExYmIzN2FjYWVkMjI1ZmExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSefu7/KcbXUxJH16eNBpgivWy3mzBY2ObcckZX31h+E3u
Ki3teBtA624V3WoUJESMk8ij80RCQ9rRiHjDCaT5eWOIalZ2KHq7j+fF9N0w9X2Y
y2rBs4xIazGbPXQBk/uGL8p7jdES/dvJkBjGcOCkZxyGXlDHVc8qpvD66TnKXw9p
9Njr84sHECqhYj8NxG7ApI1CjCD1/L5qlOpcG0C4JpF96GGdSCpTL8q/GNVv4/j9
RjVsuecdmcEvL1MGpguWqfWru2GzEZrsNzjaO/7lfwxN1mzU4cDbYN+kwuI/SupY
V8/U5JWrNzi6Y7Jfk6gFlEZg0ZGdwjkN6yHVQYIjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvchoj0AlscD9iiKG6Wbl/WMz9HYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2M1OGFmOTU4LTMwZWEtNDBlMi05MmFmLWU5NmQ1ZDBlNzQ5YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2vv4wDQYJKoZIhvcNAQELBQADggEBAHlBayf4wSDXf/oCzvF72D2j1LT1
tnb/8J8xXVRgSRMeCzi962iwPjJP/fR82OyX7XVi5tivgeHcuVKwfMIms9YXVbG9
zhuLxYpeAbSjIQyWtQVzepi2zSU16XXAmFnjkU9agrJHacUR4N0SvKhaJGomx+cu
66uMXQTbojWF18hcCa8MLrWqBPPEL4qIGI6EIndm7LqwkM8PeX/HZVPXwpHu6eW5
0W/GzmaFaoG6d/J+9fzk2oMgbJXLmJJBMi7Qf9UPhHplK1XEr9fPoeSfLytTGVY+
DbqPJsmSVzgQhgNz6qRmkrh2XPzR1zz9/Glwxhx+jwqU9mkHX60D4vSsdjc=
-----END CERTIFICATE-----