Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ec5c1085-db60-4082-b990-f547b7e62953.roa
File:                     ec5c1085-db60-4082-b990-f547b7e62953.roa (raw, json)
Hash identifier:          yTxEa0Ot4kqVbkb20r+7le1JeOY4M9sdZjlvK9skLv4=
Subject key identifier:   2B:3A:B0:75:BC:49:46:1E:E9:67:03:48:50:82:B5:3B:E5:4A:22:E7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       52454D430CC8515C0F945AEE929A23A41E89FF42
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ec5c1085-db60-4082-b990-f547b7e62953.roa
Signing time:             Wed 15 Oct 2025 23:23:57 +0000
ROA not before:           Wed 15 Oct 2025 23:23:57 +0000
ROA not after:            Wed 19 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        144.220.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:45:4d:43:0c:c8:51:5c:0f:94:5a:ee:92:9a:23:a4:1e:89:ff:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 15 23:23:57 2025 GMT
            Not After : Nov 19 23:59:59 2025 GMT
        Subject: serialNumber=627c153d2ed051a41ac4b7cddf6c2172cf7badfcee2578dd5edfd845be29ce04, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:cd:e3:33:f4:ec:4e:e0:39:47:63:10:1e:48:
                    72:0a:a6:67:1f:fa:fe:e6:25:10:c6:2a:00:68:69:
                    27:ef:f6:4c:9b:8d:ed:bf:a4:ae:44:65:e4:b1:e4:
                    34:e5:00:48:c6:c6:4e:38:ce:30:b2:bd:61:d0:2e:
                    dd:e1:cc:9d:6c:72:99:84:e1:5e:e1:62:a7:1c:a6:
                    18:91:2c:0b:ba:b2:92:76:95:6c:e9:6a:7f:6c:a7:
                    e7:7b:2a:34:8e:a6:75:87:b7:88:b6:89:ee:d5:e8:
                    8f:7c:f9:31:ce:71:73:f2:d8:bb:27:36:68:a4:e0:
                    79:ce:e4:d8:20:6f:73:c7:af:f5:b3:f7:4d:63:7a:
                    bb:7a:cb:52:90:dd:26:1e:10:ca:70:fc:d7:04:96:
                    99:ec:4d:66:fd:f3:eb:ae:4c:28:e8:00:c9:03:aa:
                    e9:fc:9a:2d:f6:bc:0a:e2:b6:89:7d:93:c7:23:ab:
                    c5:55:dd:b0:2f:1d:90:d8:d1:96:d9:96:f2:98:48:
                    34:39:91:fd:cb:0c:79:9b:83:fa:9c:58:ff:90:11:
                    14:47:c1:ad:03:ba:b5:76:85:f6:22:8f:b9:b6:1b:
                    00:57:04:83:29:98:8e:86:38:e9:29:59:c4:9e:41:
                    14:85:da:0c:86:b9:37:38:14:4a:a0:ad:2a:ae:8e:
                    14:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:3A:B0:75:BC:49:46:1E:E9:67:03:48:50:82:B5:3B:E5:4A:22:E7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ec5c1085-db60-4082-b990-f547b7e62953.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.220.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:04:59:2d:9a:d2:ce:2c:8f:5f:f9:48:63:b7:83:38:0f:9d:
         7f:dc:77:57:d8:d3:11:89:66:4d:70:6f:59:62:42:24:c0:48:
         26:a7:61:bb:74:82:c1:b9:56:0f:c6:8a:5d:02:34:fc:62:d4:
         90:fe:f7:7f:de:23:1a:64:61:e6:f1:02:b8:00:e5:98:76:76:
         0e:66:ae:b8:f2:1b:ae:be:3b:29:b9:45:c4:fe:b4:2c:b9:f4:
         da:74:76:57:bb:5b:37:c4:90:17:94:46:2b:a0:21:7a:89:69:
         bb:90:58:b2:a1:ae:5d:62:23:8a:1f:c5:b0:f0:4f:63:95:8d:
         83:e0:7a:0b:ca:3b:1a:a3:65:c6:f2:de:79:15:02:d1:b0:9f:
         87:05:fc:3b:9b:9b:17:05:3c:92:40:d8:e9:2a:d4:d5:89:1b:
         72:aa:fc:b0:2b:49:ba:d4:4f:02:e3:dc:a9:78:ba:c4:1a:d6:
         3f:71:c0:f0:1e:6f:be:88:6c:78:87:d7:ae:74:10:94:56:60:
         9d:99:d5:69:32:68:63:0a:d4:30:48:86:1b:3a:f1:bb:9c:f8:
         7a:86:40:23:fb:73:d7:cc:4b:7d:5b:dc:b9:fe:aa:6d:21:d1:
         dc:56:2e:66:81:56:03:ed:f9:60:fc:66:12:a8:7e:3d:8e:75:
         30:6f:2d:41
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUkVNQwzIUVwPlFrukpojpB6J/0IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE1MjMyMzU3WhcNMjUxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MjdjMTUzZDJlZDA1MWE0MWFjNGI3Y2RkZjZjMjE3MmNm
N2JhZGZjZWUyNTc4ZGQ1ZWRmZDg0NWJlMjljZTA0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDqzeMz9OxO4DlHYxAeSHIKpmcf+v7mJRDGKgBoaSfv9kyb
je2/pK5EZeSx5DTlAEjGxk44zjCyvWHQLt3hzJ1scpmE4V7hYqccphiRLAu6spJ2
lWzpan9sp+d7KjSOpnWHt4i2ie7V6I98+THOcXPy2LsnNmik4HnO5Nggb3PHr/Wz
901jert6y1KQ3SYeEMpw/NcElpnsTWb98+uuTCjoAMkDqun8mi32vAritol9k8cj
q8VV3bAvHZDY0ZbZlvKYSDQ5kf3LDHmbg/qcWP+QERRHwa0DurV2hfYij7m2GwBX
BIMpmI6GOOkpWcSeQRSF2gyGuTc4FEqgrSqujhQDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKzqwdbxJRh7pZwNIUIK1O+VKIucwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VjNWMxMDg1LWRiNjAtNDA4Mi1iOTkwLWY1NDdiN2U2Mjk1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACQ3EYwDQYJKoZIhvcNAQELBQADggEBAG8EWS2a0s4sj1/5SGO3gzgPnX/c
d1fY0xGJZk1wb1liQiTASCanYbt0gsG5Vg/Gil0CNPxi1JD+93/eIxpkYebxArgA
5Zh2dg5mrrjyG66+Oym5RcT+tCy59Np0dle7WzfEkBeURiugIXqJabuQWLKhrl1i
I4ofxbDwT2OVjYPgegvKOxqjZcby3nkVAtGwn4cF/DubmxcFPJJA2Okq1NWJG3Kq
/LArSbrUTwLj3Kl4usQa1j9xwPAeb76IbHiH1650EJRWYJ2Z1WkyaGMK1DBIhhs6
8buc+HqGQCP7c9fMS31b3Ln+qm0h0dxWLmaBVgPt+WD8ZhKofj2OdTBvLUE=
-----END CERTIFICATE-----