Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dd14dfd0-77e3-432d-a876-bcb4c6c78b92.roa
File:                     dd14dfd0-77e3-432d-a876-bcb4c6c78b92.roa (raw, json)
Hash identifier:          KnOMx4G9l3+DHPnxqVjTjGdOcGaY7GSj5DdAgRGEP7g=
Subject key identifier:   3E:2F:BC:52:33:10:DB:50:FC:43:2F:47:E5:82:52:CB:61:E6:65:1F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0F03FD93556DB56DC5D93FE1D98D23ACFB188DA7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dd14dfd0-77e3-432d-a876-bcb4c6c78b92.roa
Signing time:             Sun 19 Oct 2025 18:12:29 +0000
ROA not before:           Sun 19 Oct 2025 18:12:29 +0000
ROA not after:            Sun 23 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.64.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:03:fd:93:55:6d:b5:6d:c5:d9:3f:e1:d9:8d:23:ac:fb:18:8d:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 19 18:12:29 2025 GMT
            Not After : Nov 23 23:59:59 2025 GMT
        Subject: serialNumber=dd3ef57f79f1ed0f911a43c9f4ca71b4cdd8e6717cc5301b70238e2ede916f51, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:be:bd:e2:31:f3:ec:9d:2c:f9:ac:ea:fe:bc:
                    52:a9:d7:4b:27:2b:05:00:b8:28:dc:11:cf:e7:ff:
                    07:fd:f7:fa:bb:ef:98:4a:b6:07:6e:af:f1:33:71:
                    61:11:b1:2d:fd:75:bc:2c:13:88:05:6c:1c:a0:70:
                    9c:b2:96:54:86:b6:a5:32:10:a2:f0:91:c8:13:ff:
                    f0:f3:a1:8c:b7:df:f9:ed:93:e8:cb:d9:4e:6e:af:
                    2c:38:11:98:2a:ab:1f:99:76:a8:19:2d:b7:a3:5c:
                    e4:7e:db:f1:fb:7e:58:f2:3e:37:ed:96:fd:36:fb:
                    14:1a:e3:05:62:b8:06:d1:5c:84:4e:c2:34:77:29:
                    73:72:c3:28:bc:51:cf:2c:73:0a:22:f1:01:3d:00:
                    72:33:41:a8:06:47:42:51:d5:d4:64:73:6a:0e:d2:
                    0a:cf:e7:b4:f1:61:17:27:1c:f9:5f:a0:20:19:84:
                    da:d6:6b:ae:de:d6:76:1a:3a:7d:34:ef:41:c6:07:
                    38:80:bb:65:2a:3f:5d:c3:ce:c1:ec:3a:46:d9:fb:
                    89:7c:62:bb:ae:09:63:f8:b7:d3:01:85:bd:94:3f:
                    4e:c8:93:ce:fa:88:a8:21:05:20:05:da:7d:a9:32:
                    e8:62:77:e5:22:52:35:9c:06:ed:91:13:a4:ec:89:
                    74:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:2F:BC:52:33:10:DB:50:FC:43:2F:47:E5:82:52:CB:61:E6:65:1F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dd14dfd0-77e3-432d-a876-bcb4c6c78b92.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.64.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:9c:cd:df:b4:dd:ca:fa:95:ed:41:8c:59:dd:3a:d3:d7:a3:
         15:56:21:11:89:21:2a:7c:e5:87:54:21:bd:b9:97:d9:15:d6:
         4f:fb:5a:9f:9f:1e:c1:35:7c:25:e7:a2:f8:07:79:fd:78:cf:
         06:33:8f:fb:d3:ac:34:16:01:c0:99:db:94:35:54:e7:c6:5b:
         02:9a:41:69:e2:b1:0e:7d:17:88:9f:0e:f8:d1:80:2a:20:8b:
         06:38:56:a8:2c:6b:64:96:4e:ee:ef:3f:c2:3f:7d:1a:ea:fe:
         a1:57:07:23:05:d7:fa:9a:1f:bc:cb:15:18:37:13:f7:07:66:
         56:70:59:d7:2c:00:02:99:9f:8c:4f:97:a3:b4:e9:d7:72:44:
         e4:2c:0b:60:39:0b:5d:94:26:40:67:30:be:1f:53:3f:75:99:
         f2:61:83:0e:0f:1f:3f:93:b4:ac:77:ea:c0:c2:ca:80:4e:fd:
         7a:3e:8d:6e:b7:b7:cf:e6:f5:70:e4:86:96:e4:65:fc:b0:e8:
         a2:70:7e:0a:c3:bc:ff:2d:cf:db:30:06:3a:38:c2:d4:ac:77:
         4b:48:b7:71:98:5f:4f:89:ba:16:27:53:85:43:2b:90:1e:b7:
         72:0c:dd:05:fc:8f:4c:6e:bc:e8:95:12:39:07:a8:6d:a4:bd:
         c3:33:15:2c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDwP9k1VttW3F2T/h2Y0jrPsYjacwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE5MTgxMjI5WhcNMjUxMTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZDNlZjU3Zjc5ZjFlZDBmOTExYTQzYzlmNGNhNzFiNGNk
ZDhlNjcxN2NjNTMwMWI3MDIzOGUyZWRlOTE2ZjUxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClvr3iMfPsnSz5rOr+vFKp10snKwUAuCjcEc/n/wf99/q7
75hKtgdur/EzcWERsS39dbwsE4gFbBygcJyyllSGtqUyEKLwkcgT//DzoYy33/nt
k+jL2U5uryw4EZgqqx+ZdqgZLbejXOR+2/H7fljyPjftlv02+xQa4wViuAbRXIRO
wjR3KXNywyi8Uc8scwoi8QE9AHIzQagGR0JR1dRkc2oO0grP57TxYRcnHPlfoCAZ
hNrWa67e1nYaOn0070HGBziAu2UqP13DzsHsOkbZ+4l8YruuCWP4t9MBhb2UP07I
k876iKghBSAF2n2pMuhid+UiUjWcBu2RE6TsiXSNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPi+8UjMQ21D8Qy9H5YJSy2HmZR8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RkMTRkZmQwLTc3ZTMtNDMyZC1hODc2LWJjYjRjNmM3OGI5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASQM4wDQYJKoZIhvcNAQELBQADggEBAIyczd+03cr6le1BjFndOtPXoxVW
IRGJISp85YdUIb25l9kV1k/7Wp+fHsE1fCXnovgHef14zwYzj/vTrDQWAcCZ25Q1
VOfGWwKaQWnisQ59F4ifDvjRgCogiwY4Vqgsa2SWTu7vP8I/fRrq/qFXByMF1/qa
H7zLFRg3E/cHZlZwWdcsAAKZn4xPl6O06ddyROQsC2A5C12UJkBnML4fUz91mfJh
gw4PHz+TtKx36sDCyoBO/Xo+jW63t8/m9XDkhpbkZfyw6KJwfgrDvP8tz9swBjo4
wtSsd0tIt3GYX0+JuhYnU4VDK5Aet3IM3QX8j0xuvOiVEjkHqG2kvcMzFSw=
-----END CERTIFICATE-----