Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ef7cd812-69c1-4a7e-9f6e-0527e9e96ca0.roa
File:                     ef7cd812-69c1-4a7e-9f6e-0527e9e96ca0.roa (raw, json)
Hash identifier:          liZkrLSEQSVI2EbrYEM4ZJgnX0cXU6r4r/AoB4sM+8Q=
Subject key identifier:   D0:BB:A3:D0:AF:ED:07:14:01:81:34:9B:36:DF:F2:03:05:F5:87:AB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       29099AD05228A36D1CEFA3EB6A09FDDCDDE096C0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ef7cd812-69c1-4a7e-9f6e-0527e9e96ca0.roa
Signing time:             Sat 11 Oct 2025 01:02:54 +0000
ROA not before:           Sat 11 Oct 2025 01:02:54 +0000
ROA not after:            Sat 15 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.62.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:09:9a:d0:52:28:a3:6d:1c:ef:a3:eb:6a:09:fd:dc:dd:e0:96:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 11 01:02:54 2025 GMT
            Not After : Nov 15 23:59:59 2025 GMT
        Subject: serialNumber=4be02e5f8a0c1223562cf8e7cd33162a014429ea6f294388f142f0abcd3c93f5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:15:5f:44:1c:26:f8:51:7c:21:14:15:df:c6:
                    92:a0:e5:31:95:81:fc:5e:e3:bf:bf:c4:e4:7c:1e:
                    a7:9e:86:72:c6:4a:38:93:2d:62:ae:f3:1f:e2:21:
                    fe:49:c9:be:cf:aa:ef:79:5b:df:53:33:38:ec:ba:
                    a8:e7:e3:13:f7:64:e0:43:1c:d1:66:64:3e:ce:59:
                    69:ac:63:20:33:e2:3f:c0:06:f2:5d:c5:d3:7d:92:
                    67:49:92:bd:fb:fd:c7:e7:cc:ed:f6:0a:a9:9d:3b:
                    96:71:a0:8a:e0:a1:16:80:23:93:5e:7d:9a:77:d7:
                    81:28:a2:02:ea:76:79:80:5d:66:6b:47:22:f3:6b:
                    ee:37:e9:67:a6:be:95:99:4e:6b:fe:bc:24:99:d9:
                    cf:9b:9b:16:bd:c0:7f:1d:e4:c2:23:86:e3:dc:e2:
                    42:c4:b5:a2:c9:4c:e4:ee:2d:1f:7c:36:26:02:71:
                    66:71:86:fb:23:03:b4:0c:2e:94:96:68:51:fb:cb:
                    ff:2d:32:90:18:90:cd:b4:e1:03:52:11:a8:c9:44:
                    0b:94:76:2f:09:17:0c:81:39:29:30:25:86:49:96:
                    7b:97:8e:c2:c6:ef:aa:18:1a:1b:39:d8:f7:11:ff:
                    32:89:9e:ca:92:67:56:a4:20:6a:11:38:a3:e7:f4:
                    94:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:BB:A3:D0:AF:ED:07:14:01:81:34:9B:36:DF:F2:03:05:F5:87:AB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ef7cd812-69c1-4a7e-9f6e-0527e9e96ca0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.62.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         6d:35:83:ab:84:0b:41:69:8f:a2:cc:8f:e2:b2:a3:78:60:71:
         52:66:21:98:ce:61:47:78:1a:2b:c7:a0:44:a8:a2:21:c0:d6:
         36:9b:8f:f0:63:dc:84:3e:53:18:9f:cb:4a:f9:86:cc:e8:01:
         d4:12:31:2f:e3:b1:1d:6f:80:d0:8d:09:8f:70:7f:f0:25:03:
         6f:4e:a0:a3:dd:46:fb:8e:ca:8d:7c:87:1c:9f:fe:1a:e0:01:
         a2:b2:f6:aa:82:c5:28:3b:9e:3a:90:e7:7b:40:e7:da:4c:e2:
         31:9a:d7:94:18:fa:14:42:ae:a7:fa:a0:c0:b4:18:d3:5e:41:
         ca:81:65:39:34:b6:5c:9b:8d:2b:1f:c4:c9:c3:af:32:43:71:
         cb:5a:eb:3e:73:ab:54:ab:4b:b9:cd:78:68:cf:32:d3:d3:93:
         ab:a2:83:61:de:24:a8:19:65:a1:8a:8b:f2:c7:9f:ce:3f:db:
         9c:13:02:93:64:4d:00:17:e2:42:67:89:b9:89:94:79:9e:9a:
         78:00:a9:b4:e4:3b:40:d6:74:be:d9:e0:3a:a3:63:29:3f:d3:
         f3:fe:fd:fe:16:f6:a0:a6:bf:f1:bb:98:25:d6:78:52:6d:b8:
         93:e1:bc:b6:98:5d:ca:73:86:59:be:df:c4:45:f7:37:57:dd:
         6f:fa:c3:a9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKQma0FIoo20c76Pragn93N3glsAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDExMDEwMjU0WhcNMjUxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YmUwMmU1ZjhhMGMxMjIzNTYyY2Y4ZTdjZDMzMTYyYTAx
NDQyOWVhNmYyOTQzODhmMTQyZjBhYmNkM2M5M2Y1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnFV9EHCb4UXwhFBXfxpKg5TGVgfxe47+/xOR8HqeehnLG
SjiTLWKu8x/iIf5Jyb7Pqu95W99TMzjsuqjn4xP3ZOBDHNFmZD7OWWmsYyAz4j/A
BvJdxdN9kmdJkr37/cfnzO32CqmdO5ZxoIrgoRaAI5NefZp314EoogLqdnmAXWZr
RyLza+436WemvpWZTmv+vCSZ2c+bmxa9wH8d5MIjhuPc4kLEtaLJTOTuLR98NiYC
cWZxhvsjA7QMLpSWaFH7y/8tMpAYkM204QNSEajJRAuUdi8JFwyBOSkwJYZJlnuX
jsLG76oYGhs52PcR/zKJnsqSZ1akIGoROKPn9JS5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU0Luj0K/tBxQBgTSbNt/yAwX1h6swHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2VmN2NkODEyLTY5YzEtNGE3ZS05ZjZlLTA1MjdlOWU5NmNhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE0PjANBgkqhkiG9w0BAQsFAAOCAQEAbTWDq4QLQWmPosyP4rKjeGBxUmYh
mM5hR3gaK8egRKiiIcDWNpuP8GPchD5TGJ/LSvmGzOgB1BIxL+OxHW+A0I0Jj3B/
8CUDb06go91G+47KjXyHHJ/+GuABorL2qoLFKDueOpDne0Dn2kziMZrXlBj6FEKu
p/qgwLQY015ByoFlOTS2XJuNKx/EycOvMkNxy1rrPnOrVKtLuc14aM8y09OTq6KD
Yd4kqBlloYqL8sefzj/bnBMCk2RNABfiQmeJuYmUeZ6aeACptOQ7QNZ0vtngOqNj
KT/T8/79/hb2oKa/8buYJdZ4Um24k+G8tphdynOGWb7fxEX3N1fdb/rDqQ==
-----END CERTIFICATE-----