Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2bdc220-dbb4-483d-befa-72054ecf0397.roa
File:                     d2bdc220-dbb4-483d-befa-72054ecf0397.roa (raw, json)
Hash identifier:          tJvOPnHB5T/IPBAu1ZzWlUBUVDDurkDkBHzhoa8WURk=
Subject key identifier:   54:F2:7A:40:59:6C:3E:43:1D:29:06:D1:09:BF:44:BE:DA:9F:7D:EF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0EE5B1B2AE06024DAD128094F471AB0131442AA9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2bdc220-dbb4-483d-befa-72054ecf0397.roa
Signing time:             Sun 19 Oct 2025 06:31:30 +0000
ROA not before:           Sun 19 Oct 2025 06:31:30 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:e5:b1:b2:ae:06:02:4d:ad:12:80:94:f4:71:ab:01:31:44:2a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 06:31:30 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=60b93e8e06e9e6bfe611d431cc7c46e530b8ee62296f33ca051da848c4622ac1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a3:9b:d8:1a:1d:38:ad:30:cf:7b:bb:ad:b3:
                    3b:be:5c:9a:8d:6a:c2:75:70:28:d6:54:e2:66:3c:
                    4d:81:49:24:bb:8e:4e:a8:14:b5:f6:12:47:9a:bf:
                    a1:21:86:47:e3:dd:b9:45:83:79:a8:d0:28:7c:06:
                    56:d5:e4:f6:f9:6d:86:07:92:81:ad:b2:0e:d2:2f:
                    de:f1:34:26:3c:b3:82:d6:bb:96:d8:80:82:19:a9:
                    42:c5:f4:91:3d:a4:f9:d9:e0:7a:8e:b4:0d:b1:fb:
                    01:2a:ab:55:6b:7b:b9:db:40:e0:ff:47:06:08:22:
                    07:04:11:ac:41:f6:88:35:74:c3:68:b3:d7:34:e8:
                    43:06:b7:49:4c:1c:0f:ef:b0:9d:2b:87:1c:8c:fb:
                    b6:f3:67:5f:17:b8:53:68:a7:66:df:8b:1f:c1:0e:
                    a3:b9:44:d4:8f:8e:de:ba:cc:b8:08:74:a5:41:4a:
                    7c:23:9d:c7:09:80:d8:51:90:b2:d6:ff:a8:8e:fd:
                    72:17:f1:d3:10:85:fd:d8:2c:b2:a5:ad:c3:8e:13:
                    1b:69:2c:cb:d0:64:88:25:52:4a:37:b4:d7:17:f6:
                    18:72:68:2f:ba:a6:f2:f6:87:84:d2:64:9f:b6:5b:
                    30:3d:82:ec:10:91:40:31:3f:c4:51:67:98:ca:ab:
                    05:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:F2:7A:40:59:6C:3E:43:1D:29:06:D1:09:BF:44:BE:DA:9F:7D:EF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2bdc220-dbb4-483d-befa-72054ecf0397.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:f1:37:24:ac:7d:52:48:69:22:dd:b2:56:d7:6d:e3:00:cd:
         a4:33:c9:0e:d7:f5:f6:ed:dc:34:f2:4a:de:0b:b3:b1:6c:22:
         ec:84:74:f3:c3:5b:59:9c:2a:66:62:d9:32:bd:bf:4c:73:97:
         10:58:2d:52:59:b0:8c:7a:20:ab:e8:3d:fb:fc:6c:b1:04:af:
         7b:87:8e:3f:6e:67:00:ab:d0:af:29:2e:a0:70:35:3a:10:89:
         c6:07:a2:5e:2b:3d:62:8a:a4:f9:9d:29:8a:6d:73:5e:8d:2a:
         64:2d:bf:9b:56:fb:62:fd:16:3f:fb:1c:bf:e2:5c:41:68:1b:
         e8:c3:05:0d:82:ae:72:2d:29:3b:f4:63:7e:42:1b:06:9a:e4:
         b1:98:b8:94:1c:5b:47:b5:88:a4:1d:3a:d2:55:22:f7:bf:4c:
         cb:95:78:f8:6a:f1:f9:d7:7c:26:e5:3e:e7:48:e4:14:a2:ff:
         e8:ee:25:94:70:fe:0c:ff:f7:d2:84:ee:63:6b:ae:8a:f1:6e:
         73:a6:c2:d8:cb:4b:3b:e8:37:ba:21:7f:9d:e9:b1:47:03:eb:
         80:88:f4:51:96:ad:ac:02:31:01:ab:0d:4c:f6:33:1b:56:22:
         04:c2:23:84:20:65:90:71:2e:b6:0f:81:18:fb:94:b1:74:e8:
         8d:71:18:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDuWxsq4GAk2tEoCU9HGrATFEKqkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MDYzMTMwWhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MGI5M2U4ZTA2ZTllNmJmZTYxMWQ0MzFjYzdjNDZlNTMw
YjhlZTYyMjk2ZjMzY2EwNTFkYTg0OGM0NjIyYWMxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwo5vYGh04rTDPe7utszu+XJqNasJ1cCjWVOJmPE2BSSS7
jk6oFLX2Ekeav6Ehhkfj3blFg3mo0Ch8BlbV5Pb5bYYHkoGtsg7SL97xNCY8s4LW
u5bYgIIZqULF9JE9pPnZ4HqOtA2x+wEqq1Vre7nbQOD/RwYIIgcEEaxB9og1dMNo
s9c06EMGt0lMHA/vsJ0rhxyM+7bzZ18XuFNop2bfix/BDqO5RNSPjt66zLgIdKVB
SnwjnccJgNhRkLLW/6iO/XIX8dMQhf3YLLKlrcOOExtpLMvQZIglUko3tNcX9hhy
aC+6pvL2h4TSZJ+2WzA9guwQkUAxP8RRZ5jKqwUZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVPJ6QFlsPkMdKQbRCb9Evtqffe8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QyYmRjMjIwLWRiYjQtNDgzZC1iZWZhLTcyMDU0ZWNmMDM5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XyMwDQYJKoZIhvcNAQELBQADggEBAEbxNySsfVJIaSLdslbXbeMAzaQz
yQ7X9fbt3DTySt4Ls7FsIuyEdPPDW1mcKmZi2TK9v0xzlxBYLVJZsIx6IKvoPfv8
bLEEr3uHjj9uZwCr0K8pLqBwNToQicYHol4rPWKKpPmdKYptc16NKmQtv5tW+2L9
Fj/7HL/iXEFoG+jDBQ2CrnItKTv0Y35CGwaa5LGYuJQcW0e1iKQdOtJVIve/TMuV
ePhq8fnXfCblPudI5BSi/+juJZRw/gz/99KE7mNrrorxbnOmwtjLSzvoN7ohf53p
sUcD64CI9FGWrawCMQGrDUz2MxtWIgTCI4QgZZBxLrYPgRj7lLF06I1xGKI=
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:51:53 2025 by rpki-client