Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f4d2ccf4-328a-43a7-b74b-1cf74afd71c3.roa
File:                     f4d2ccf4-328a-43a7-b74b-1cf74afd71c3.roa (raw, json)
Hash identifier:          pSg3UrXGDzxflT+jnoHs1UVBwVGlULiPdttTojkYH1M=
Subject key identifier:   2B:F5:7E:AE:3B:7F:75:30:54:2F:AA:A6:5E:DF:23:91:EA:DC:13:80
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2CDDAC58BEA92B4DE98FB7BE5C60AC1EA7301094
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f4d2ccf4-328a-43a7-b74b-1cf74afd71c3.roa
Signing time:             Sat 18 Oct 2025 11:50:13 +0000
ROA not before:           Sat 18 Oct 2025 11:50:13 +0000
ROA not after:            Sat 22 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.85.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:dd:ac:58:be:a9:2b:4d:e9:8f:b7:be:5c:60:ac:1e:a7:30:10:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 18 11:50:13 2025 GMT
            Not After : Nov 22 23:59:59 2025 GMT
        Subject: serialNumber=adf690b90f992c5981454afba3976f23bf171112daaa143d59755191ae248da7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:90:a6:c2:c8:a4:dd:ac:a7:61:a5:6c:f6:dc:
                    b5:a0:38:90:98:9e:44:d8:df:d9:43:1b:36:9a:b4:
                    3b:8e:70:68:f2:2c:0d:06:1b:5d:85:7f:09:f7:b6:
                    d1:d9:4a:ff:d0:5e:3d:f0:70:f0:bb:24:08:d6:49:
                    21:54:ed:17:66:77:3a:f6:d2:d6:4e:b5:9e:bc:ba:
                    e6:0d:52:3c:c1:63:62:a6:03:39:f0:5d:ff:19:68:
                    33:42:72:c0:70:6a:49:00:48:20:c9:1f:0e:a3:1e:
                    b7:31:67:e7:a5:9f:ec:61:12:60:6e:62:05:3f:fd:
                    ce:a6:f0:fb:31:1e:0f:ea:57:56:a5:bb:71:0c:8e:
                    f6:ff:82:cd:fc:45:1c:8e:98:fc:4e:59:3f:66:29:
                    dc:c1:14:98:3a:87:d4:86:dc:73:d9:b3:0c:b9:59:
                    2b:35:e4:60:05:f4:6e:5f:e2:48:79:78:97:db:93:
                    b6:cf:db:5c:e1:54:0f:a4:33:1d:28:10:20:89:bc:
                    ed:07:dc:45:d7:85:97:67:38:ab:44:3e:bc:4d:37:
                    58:49:57:07:66:fb:06:6a:b1:53:ba:48:a8:9f:c7:
                    49:4b:6b:4f:49:8f:b4:f5:4f:0d:31:d8:3c:0a:63:
                    51:e3:36:88:e9:a4:9e:84:4f:bc:d2:57:cb:de:ad:
                    56:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:F5:7E:AE:3B:7F:75:30:54:2F:AA:A6:5E:DF:23:91:EA:DC:13:80
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f4d2ccf4-328a-43a7-b74b-1cf74afd71c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.85.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:67:2f:06:e8:44:bd:4e:ce:fe:82:68:a2:3e:69:d9:7a:70:
         7f:8f:9f:93:8b:27:8c:69:fd:12:8d:f1:93:fc:8d:9a:d6:cb:
         26:f5:e3:40:5f:39:ff:f6:46:7b:c5:b8:f9:bc:77:18:29:48:
         4c:bb:51:ea:74:8e:cd:58:8e:2b:7d:f3:45:8f:2e:99:6f:38:
         42:b2:f2:97:3b:9e:68:b3:be:af:f4:5e:e0:8b:07:3e:57:5e:
         89:ef:4d:44:7f:9f:b7:cf:5a:0f:a6:fe:35:7b:2a:a5:53:3c:
         9a:c8:9c:c7:de:11:ef:e1:dc:bc:e8:11:3f:74:af:97:eb:a1:
         3f:e6:41:35:e1:b8:eb:ae:d2:b8:aa:7e:57:6f:57:70:d0:70:
         bb:42:96:24:25:53:91:a3:06:93:04:8d:dc:1a:49:2c:82:d3:
         17:90:a8:28:14:fc:1b:fb:3f:e1:ac:eb:74:94:39:2a:d7:59:
         4e:8e:f9:da:b5:71:c2:0d:13:5a:49:87:b1:4d:c7:3a:a8:e1:
         0d:2d:5a:11:57:d6:73:4b:95:48:fb:97:26:1b:4d:6c:40:5e:
         84:c8:d7:79:32:e6:76:46:b9:e0:43:91:d8:75:5f:89:e6:12:
         f2:18:cf:f5:a3:87:37:c9:85:c9:76:77:71:da:f6:5a:ba:44:
         28:f9:6c:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULN2sWL6pK03pj7e+XGCsHqcwEJQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE4MTE1MDEzWhcNMjUxMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZGY2OTBiOTBmOTkyYzU5ODE0NTRhZmJhMzk3NmYyM2Jm
MTcxMTEyZGFhYTE0M2Q1OTc1NTE5MWFlMjQ4ZGE3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTkKbCyKTdrKdhpWz23LWgOJCYnkTY39lDGzaatDuOcGjy
LA0GG12Ffwn3ttHZSv/QXj3wcPC7JAjWSSFU7Rdmdzr20tZOtZ68uuYNUjzBY2Km
AznwXf8ZaDNCcsBwakkASCDJHw6jHrcxZ+eln+xhEmBuYgU//c6m8PsxHg/qV1al
u3EMjvb/gs38RRyOmPxOWT9mKdzBFJg6h9SG3HPZswy5WSs15GAF9G5f4kh5eJfb
k7bP21zhVA+kMx0oECCJvO0H3EXXhZdnOKtEPrxNN1hJVwdm+wZqsVO6SKifx0lL
a09Jj7T1Tw0x2DwKY1HjNojppJ6ET7zSV8verVbxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUK/V+rjt/dTBUL6qmXt8jkercE4AwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y0ZDJjY2Y0LTMyOGEtNDNhNy1iNzRiLTFjZjc0YWZkNzFjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0VXkwDQYJKoZIhvcNAQELBQADggEBAGtnLwboRL1Ozv6CaKI+adl6cH+P
n5OLJ4xp/RKN8ZP8jZrWyyb140BfOf/2RnvFuPm8dxgpSEy7Uep0js1Yjit980WP
LplvOEKy8pc7nmizvq/0XuCLBz5XXonvTUR/n7fPWg+m/jV7KqVTPJrInMfeEe/h
3LzoET90r5froT/mQTXhuOuu0riqfldvV3DQcLtCliQlU5GjBpMEjdwaSSyC0xeQ
qCgU/Bv7P+Gs63SUOSrXWU6O+dq1ccINE1pJh7FNxzqo4Q0tWhFX1nNLlUj7lyYb
TWxAXoTI13ky5nZGueBDkdh1X4nmEvIYz/WjhzfJhcl2d3Ha9lq6RCj5bE4=
-----END CERTIFICATE-----