Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d64498fc-b63a-4ccc-8da8-df5718749032.roa
File:                     d64498fc-b63a-4ccc-8da8-df5718749032.roa (raw, json)
Hash identifier:          4dvq7lq2uuXYqpGRR3nFayRLANASVj5i41eac3DUC6E=
Subject key identifier:   6B:58:8B:53:26:16:DD:23:D6:EB:90:C1:23:C0:CA:01:F5:AB:EE:D1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2F93408A8C1637D922A376A19C4826D8D8F6F50F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d64498fc-b63a-4ccc-8da8-df5718749032.roa
Signing time:             Fri 26 Sep 2025 15:57:31 +0000
ROA not before:           Fri 26 Sep 2025 15:57:31 +0000
ROA not after:            Fri 31 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        150.222.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:93:40:8a:8c:16:37:d9:22:a3:76:a1:9c:48:26:d8:d8:f6:f5:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 26 15:57:31 2025 GMT
            Not After : Oct 31 23:59:59 2025 GMT
        Subject: serialNumber=cebe25101743169668da66f3811526e297786fc46a04777d1e7c267c38d799bf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:a6:28:ba:6f:1a:f6:f8:7b:ed:73:f1:27:67:
                    c2:5e:2b:65:f2:98:39:a8:8c:16:b7:28:4e:ec:f5:
                    c7:11:12:be:1f:63:fe:30:9a:50:9d:99:37:0d:03:
                    01:df:04:3a:ed:be:3c:6f:3a:a4:bd:c3:c5:a9:08:
                    55:46:b9:a4:a4:69:c8:b3:c4:14:70:fb:0e:e1:ad:
                    c5:f0:4f:50:59:09:c5:8b:fb:c6:b7:01:50:ec:98:
                    cb:a8:b0:44:b2:58:ad:7b:3d:83:38:fc:c9:b2:f8:
                    69:ff:a3:f4:bc:4c:1c:15:92:58:60:07:0b:14:05:
                    ef:e8:77:ed:b1:7d:fa:b8:b0:c3:dd:bb:2a:a4:30:
                    33:67:16:fb:4a:f7:61:11:e5:12:ca:e5:5e:9f:a6:
                    10:7a:1f:82:1a:bb:1b:5f:2f:93:91:38:e6:4a:39:
                    76:ed:03:ba:73:f9:68:46:9a:a1:e5:b8:2b:2b:b8:
                    cd:13:3e:a1:f6:ff:05:ab:2e:97:0a:4a:83:9a:dd:
                    05:7d:71:4c:56:90:be:36:03:cf:b7:71:14:bd:cc:
                    d6:9e:f2:cd:cf:05:b0:21:03:b7:d8:e3:5d:76:e7:
                    df:da:e8:32:fd:a4:9c:56:ba:16:51:8f:53:0b:63:
                    5e:24:52:21:8d:6f:a2:e2:05:79:dc:6a:76:bc:ef:
                    a9:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:58:8B:53:26:16:DD:23:D6:EB:90:C1:23:C0:CA:01:F5:AB:EE:D1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d64498fc-b63a-4ccc-8da8-df5718749032.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:d4:08:94:d0:f0:2c:d7:fa:73:ed:45:4f:42:84:b7:d4:8e:
         ab:1a:78:6e:22:22:cc:6e:02:ce:ae:4c:af:1b:8e:38:1b:79:
         81:81:f3:8c:3a:6a:59:ca:76:e7:a6:8b:bc:46:4a:0d:9e:60:
         a2:0a:9e:a6:a6:35:34:11:a0:91:67:de:f9:2b:48:82:c3:29:
         60:63:01:88:56:b0:25:16:30:9a:d3:d2:0a:91:bc:73:f9:f1:
         b6:87:c0:91:90:08:d8:5f:18:38:ed:e5:24:dd:39:4b:8e:51:
         b6:aa:b4:a8:f2:cb:ec:4f:3b:c5:bc:4a:54:e8:ba:e8:06:6b:
         9e:b4:ad:c3:0b:03:03:b8:34:40:f9:f5:c7:ea:31:5e:6f:bf:
         45:94:f8:3e:89:aa:00:30:26:05:51:48:94:ff:d5:3f:29:cf:
         00:d2:bf:11:ee:28:31:f0:3b:8a:ec:8b:33:51:69:35:84:31:
         b7:eb:21:8f:9b:e9:90:61:f8:bb:cb:26:72:d0:1f:5e:ed:17:
         ca:f7:e2:3a:c7:41:43:a2:53:7c:e8:9d:fb:2d:9e:97:da:ab:
         5b:82:fb:5b:e5:e4:80:25:40:d0:df:59:93:ce:a8:35:73:e0:
         3f:36:ed:ac:46:02:44:e5:3c:97:76:2a:1f:c7:9e:9c:3d:a6:
         fa:ab:96:f2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL5NAiowWN9kio3ahnEgm2Nj29Q8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTI2MTU1NzMxWhcNMjUxMDMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZWJlMjUxMDE3NDMxNjk2NjhkYTY2ZjM4MTE1MjZlMjk3
Nzg2ZmM0NmEwNDc3N2QxZTdjMjY3YzM4ZDc5OWJmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDspii6bxr2+Hvtc/EnZ8JeK2XymDmojBa3KE7s9ccREr4f
Y/4wmlCdmTcNAwHfBDrtvjxvOqS9w8WpCFVGuaSkacizxBRw+w7hrcXwT1BZCcWL
+8a3AVDsmMuosESyWK17PYM4/Mmy+Gn/o/S8TBwVklhgBwsUBe/od+2xffq4sMPd
uyqkMDNnFvtK92ER5RLK5V6fphB6H4IauxtfL5OROOZKOXbtA7pz+WhGmqHluCsr
uM0TPqH2/wWrLpcKSoOa3QV9cUxWkL42A8+3cRS9zNae8s3PBbAhA7fY411259/a
6DL9pJxWuhZRj1MLY14kUiGNb6LiBXncana876mpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUa1iLUyYW3SPW65DBI8DKAfWr7tEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Q2NDQ5OGZjLWI2M2EtNGNjYy04ZGE4LWRmNTcxODc0OTAzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3mQwDQYJKoZIhvcNAQELBQADggEBAJfUCJTQ8CzX+nPtRU9ChLfUjqsa
eG4iIsxuAs6uTK8bjjgbeYGB84w6alnKduemi7xGSg2eYKIKnqamNTQRoJFn3vkr
SILDKWBjAYhWsCUWMJrT0gqRvHP58baHwJGQCNhfGDjt5STdOUuOUbaqtKjyy+xP
O8W8SlTouugGa560rcMLAwO4NED59cfqMV5vv0WU+D6JqgAwJgVRSJT/1T8pzwDS
vxHuKDHwO4rsizNRaTWEMbfrIY+b6ZBh+LvLJnLQH17tF8r34jrHQUOiU3zonfst
npfaq1uC+1vl5IAlQNDfWZPOqDVz4D827axGAkTlPJd2Kh/Hnpw9pvqrlvI=
-----END CERTIFICATE-----