Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7302b21-17d4-48f3-a325-0e591375f881.roa
File:                     f7302b21-17d4-48f3-a325-0e591375f881.roa (raw, json)
Hash identifier:          GQ8BPAKCS/MmISpGB/eAsLKbrdcwOjehezqxOqGLumY=
Subject key identifier:   CD:29:86:12:DA:1A:5B:B6:80:B6:14:7B:C6:98:2A:9F:39:60:37:CA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0BE7E17FCCA511D1902C223EF0367F64422B86C4
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7302b21-17d4-48f3-a325-0e591375f881.roa
Signing time:             Thu 16 Oct 2025 01:05:07 +0000
ROA not before:           Thu 16 Oct 2025 01:05:07 +0000
ROA not after:            Thu 20 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.68.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:e7:e1:7f:cc:a5:11:d1:90:2c:22:3e:f0:36:7f:64:42:2b:86:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 16 01:05:07 2025 GMT
            Not After : Nov 20 23:59:59 2025 GMT
        Subject: serialNumber=14716708d7ef459e72b9372b9ae43f9404cd8587e58a0d3b2b1047fcfa05fff9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:2a:36:9e:e0:e4:d0:6e:d3:f8:58:30:08:7a:
                    1f:b7:08:f1:97:97:1c:cd:60:32:61:f8:04:3e:67:
                    a1:fd:b4:f3:b2:c5:91:0c:59:d6:75:f6:8d:80:d7:
                    0d:40:33:46:ee:63:37:4f:38:33:c8:c5:38:78:a2:
                    24:83:9f:7b:c3:e6:e9:83:37:5c:05:be:fa:1d:6c:
                    36:9c:05:c6:0a:7f:8f:dd:42:11:8d:dc:4c:fb:17:
                    b5:f8:38:90:55:10:bd:c2:5a:e4:54:40:c2:9b:f7:
                    7a:e7:3e:b4:0a:1f:01:43:4c:16:79:0e:07:2f:78:
                    ce:30:fd:18:b0:87:c1:7a:21:7b:e5:06:f4:83:18:
                    83:45:f2:eb:1c:5f:ab:5f:7c:de:b4:a2:b8:c6:94:
                    c4:d0:de:b2:eb:c4:31:7b:36:d0:4e:a2:6b:a8:c5:
                    9a:53:c8:e2:98:e2:8b:00:6c:51:be:e8:68:7f:12:
                    ff:67:27:48:52:7e:05:39:bf:82:ae:09:79:ad:d2:
                    18:bf:78:e5:fb:e8:6e:56:f2:45:42:e8:67:35:de:
                    8d:cd:6e:fe:67:46:ab:fe:fe:95:8e:13:e3:61:b0:
                    e7:7a:18:67:87:8b:af:d2:40:7a:c6:c5:5e:0e:78:
                    97:ca:a5:5c:5e:cc:e7:0a:02:de:2a:a6:a7:0a:cd:
                    87:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:29:86:12:DA:1A:5B:B6:80:B6:14:7B:C6:98:2A:9F:39:60:37:CA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f7302b21-17d4-48f3-a325-0e591375f881.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.68.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:2d:01:94:07:ef:b8:0c:7b:8d:38:c3:b9:9e:71:25:31:bf:
         e7:42:8c:0d:7b:9d:f3:b6:8b:8b:bc:1f:05:df:85:72:96:d0:
         ef:d3:cf:b6:82:49:62:28:a4:35:6c:7a:8c:4c:e0:06:47:2f:
         16:d1:94:4a:64:df:8c:4f:ca:39:93:af:fd:c7:d1:5f:ab:09:
         40:70:20:4d:c4:eb:5f:04:34:f8:b0:21:e0:e8:23:2f:82:a4:
         49:95:5c:42:f6:5f:d8:26:a4:af:d9:0f:03:3b:c9:0a:c8:cb:
         06:47:e1:47:c3:24:98:02:2b:44:b1:94:86:c7:27:a7:a1:df:
         0e:be:99:49:8f:df:b5:c1:de:5e:3d:06:ba:76:29:fd:50:40:
         1b:23:2a:53:bc:cb:34:c7:2c:a4:ca:99:06:8f:a8:64:c4:75:
         8a:50:bd:7e:49:72:bf:1b:ef:19:e7:0e:79:90:b4:79:10:dc:
         0b:1e:13:14:9e:dd:f7:dd:76:42:e9:55:8e:d3:8f:10:c3:ce:
         05:da:a0:97:01:9b:e7:da:c4:39:93:ef:35:36:72:3f:af:e4:
         71:a3:b9:df:e9:0b:57:f3:22:01:8f:d4:e3:b9:ea:47:4e:df:
         ce:36:ce:d6:0e:6e:1e:94:9f:0e:63:98:74:7e:96:e1:61:ce:
         96:23:c4:3f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC+fhf8ylEdGQLCI+8DZ/ZEIrhsQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE2MDEwNTA3WhcNMjUxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDcxNjcwOGQ3ZWY0NTllNzJiOTM3MmI5YWU0M2Y5NDA0
Y2Q4NTg3ZTU4YTBkM2IyYjEwNDdmY2ZhMDVmZmY5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUKjae4OTQbtP4WDAIeh+3CPGXlxzNYDJh+AQ+Z6H9tPOy
xZEMWdZ19o2A1w1AM0buYzdPODPIxTh4oiSDn3vD5umDN1wFvvodbDacBcYKf4/d
QhGN3Ez7F7X4OJBVEL3CWuRUQMKb93rnPrQKHwFDTBZ5DgcveM4w/Riwh8F6IXvl
BvSDGINF8uscX6tffN60orjGlMTQ3rLrxDF7NtBOomuoxZpTyOKY4osAbFG+6Gh/
Ev9nJ0hSfgU5v4KuCXmt0hi/eOX76G5W8kVC6Gc13o3Nbv5nRqv+/pWOE+NhsOd6
GGeHi6/SQHrGxV4OeJfKpVxezOcKAt4qpqcKzYd3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzSmGEtoaW7aAthR7xpgqnzlgN8owHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y3MzAyYjIxLTE3ZDQtNDhmMy1hMzI1LTBlNTkxMzc1Zjg4MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASRHswDQYJKoZIhvcNAQELBQADggEBAAUtAZQH77gMe404w7mecSUxv+dC
jA17nfO2i4u8HwXfhXKW0O/Tz7aCSWIopDVseoxM4AZHLxbRlEpk34xPyjmTr/3H
0V+rCUBwIE3E618ENPiwIeDoIy+CpEmVXEL2X9gmpK/ZDwM7yQrIywZH4UfDJJgC
K0SxlIbHJ6eh3w6+mUmP37XB3l49Brp2Kf1QQBsjKlO8yzTHLKTKmQaPqGTEdYpQ
vX5Jcr8b7xnnDnmQtHkQ3AseExSe3ffddkLpVY7TjxDDzgXaoJcBm+faxDmT7zU2
cj+v5HGjud/pC1fzIgGP1OO56kdO3842ztYObh6Unw5jmHR+luFhzpYjxD8=
-----END CERTIFICATE-----