Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f2a28328-6500-4ce7-9f51-a80d22ada19c.roa
File:                     f2a28328-6500-4ce7-9f51-a80d22ada19c.roa (raw, json)
Hash identifier:          MKCU+0D2ovx7wVPIR6PhlhEYWBQUcDFdEhUCIB25LXU=
Subject key identifier:   1F:73:A1:F9:29:24:FE:99:1C:FE:3B:84:49:70:68:49:B9:E2:59:D0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       53CBEFF1F8D51A0C47B46AA5D662580AC0E88413
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f2a28328-6500-4ce7-9f51-a80d22ada19c.roa
Signing time:             Sat 18 Oct 2025 20:53:39 +0000
ROA not before:           Sat 18 Oct 2025 20:53:39 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.164.104.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:cb:ef:f1:f8:d5:1a:0c:47:b4:6a:a5:d6:62:58:0a:c0:e8:84:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 20:53:39 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=9055c35ce04d645394a9bbdf46e51922464a3b222ff2da35f39c8ece12be7c7c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:01:85:4d:60:61:d2:c3:d5:03:f0:1d:fd:23:
                    8e:5b:86:c0:af:82:6f:47:84:48:af:4c:d6:b6:eb:
                    21:40:a2:c9:ee:8a:55:d6:d8:d7:ef:83:3a:37:d4:
                    8f:43:0d:92:24:c7:b5:44:56:8e:af:7c:d4:65:e4:
                    22:ef:8e:44:62:16:0e:94:c9:8e:85:c1:58:6c:e7:
                    86:17:0d:f0:b8:09:c5:bb:65:8b:8e:18:24:90:0d:
                    9c:df:6b:c2:53:63:7e:45:38:c1:16:c8:4f:6b:39:
                    e8:12:a5:84:c0:b4:96:7f:cb:08:42:0f:95:71:45:
                    3d:44:f6:dc:31:90:7c:22:df:bb:f1:7b:a0:ff:42:
                    e4:46:54:fa:88:34:9f:f7:5d:cd:4a:ac:1a:b8:de:
                    41:c8:d1:2a:c7:fa:88:93:d5:89:2b:b6:9e:a9:55:
                    38:ff:d8:cd:04:10:16:5d:e1:17:6d:30:b8:9e:e7:
                    9f:f3:6d:ce:a9:24:23:17:71:3c:09:7c:99:8e:51:
                    de:f3:2f:95:f3:51:cf:90:1f:fa:3e:c4:26:63:36:
                    89:e6:d4:5c:66:b6:f5:77:37:09:68:a9:a3:4b:f8:
                    2e:71:82:51:20:ec:f4:2b:47:6c:4c:32:3b:fe:41:
                    e8:ce:e5:26:40:32:e6:c5:57:48:48:b3:8c:b4:bc:
                    86:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:73:A1:F9:29:24:FE:99:1C:FE:3B:84:49:70:68:49:B9:E2:59:D0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f2a28328-6500-4ce7-9f51-a80d22ada19c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.164.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9b:c4:ef:22:50:4c:cd:e5:b3:f2:09:25:bc:22:8c:e8:f7:ec:
         60:91:81:67:98:3e:4e:3d:ee:75:01:f4:cf:fb:fa:c5:94:b1:
         c7:cb:e8:f8:28:0e:ae:48:df:8a:d7:1c:e0:eb:0b:04:38:45:
         26:1b:5d:80:a4:d2:ea:b7:96:f2:90:dc:66:ec:d7:b6:d9:c7:
         c7:0f:aa:2f:03:31:77:ac:57:84:b2:69:12:49:bc:92:7d:4c:
         3b:3d:47:8a:be:11:4c:cb:35:65:ac:69:a0:75:2a:1e:1c:b9:
         2f:63:c1:42:56:e0:2b:9e:a5:c3:e6:5a:5f:a2:85:3d:c4:4a:
         4c:53:b1:20:04:55:2e:0a:ef:3f:5e:2d:3c:74:c5:72:c4:df:
         f6:3c:14:59:a7:16:64:00:b0:52:20:59:b8:0e:6b:33:e9:a4:
         4b:fd:0d:42:ea:e0:e5:83:7a:f8:78:7f:a2:40:a1:7d:a3:b5:
         1d:d2:6d:9d:f2:61:e5:36:53:ac:54:e7:f7:e1:82:77:f1:09:
         96:02:17:35:98:6e:7c:32:f1:c2:f0:a8:40:49:9c:7b:82:0d:
         ed:2a:52:5f:c3:2e:54:71:d5:eb:d2:be:29:b3:a5:34:84:d9:
         30:df:cb:3a:63:41:7a:e4:96:44:69:ca:f8:27:b8:4e:93:30:
         04:5b:ef:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU8vv8fjVGgxHtGql1mJYCsDohBMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MjA1MzM5WhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDU1YzM1Y2UwNGQ2NDUzOTRhOWJiZGY0NmU1MTkyMjQ2
NGEzYjIyMmZmMmRhMzVmMzljOGVjZTEyYmU3YzdjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgAYVNYGHSw9UD8B39I45bhsCvgm9HhEivTNa26yFAosnu
ilXW2Nfvgzo31I9DDZIkx7VEVo6vfNRl5CLvjkRiFg6UyY6FwVhs54YXDfC4CcW7
ZYuOGCSQDZzfa8JTY35FOMEWyE9rOegSpYTAtJZ/ywhCD5VxRT1E9twxkHwi37vx
e6D/QuRGVPqINJ/3Xc1KrBq43kHI0SrH+oiT1Ykrtp6pVTj/2M0EEBZd4RdtMLie
55/zbc6pJCMXcTwJfJmOUd7zL5XzUc+QH/o+xCZjNonm1FxmtvV3NwloqaNL+C5x
glEg7PQrR2xMMjv+QejO5SZAMubFV0hIs4y0vIbVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUH3Oh+Skk/pkc/juESXBoSbniWdAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2YyYTI4MzI4LTY1MDAtNGNlNy05ZjUxLWE4MGQyMmFkYTE5Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMSpGgwDQYJKoZIhvcNAQELBQADggEBAJvE7yJQTM3ls/IJJbwijOj37GCR
gWeYPk497nUB9M/7+sWUscfL6PgoDq5I34rXHODrCwQ4RSYbXYCk0uq3lvKQ3Gbs
17bZx8cPqi8DMXesV4SyaRJJvJJ9TDs9R4q+EUzLNWWsaaB1Kh4cuS9jwUJW4Cue
pcPmWl+ihT3ESkxTsSAEVS4K7z9eLTx0xXLE3/Y8FFmnFmQAsFIgWbgOazPppEv9
DULq4OWDevh4f6JAoX2jtR3SbZ3yYeU2U6xU5/fhgnfxCZYCFzWYbnwy8cLwqEBJ
nHuCDe0qUl/DLlRx1evSvimzpTSE2TDfyzpjQXrklkRpyvgnuE6TMARb76M=
-----END CERTIFICATE-----