Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fa591c29-bb91-494b-b151-7bd4aeeac9b3.roa
File:                     fa591c29-bb91-494b-b151-7bd4aeeac9b3.roa (raw, json)
Hash identifier:          qcZHWWLI/Kv7JUeolxSNtCDMtTC/WJ2r6JbkuRoVQi8=
Subject key identifier:   0A:4A:85:6F:4B:D0:FB:76:46:E8:64:6A:DC:AF:06:FD:9C:CB:4A:C1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6F1C692BE97B6D2F3BFDEDB269528768A7A8E620
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fa591c29-bb91-494b-b151-7bd4aeeac9b3.roa
Signing time:             Thu 16 Oct 2025 16:26:48 +0000
ROA not before:           Thu 16 Oct 2025 16:26:48 +0000
ROA not after:            Thu 20 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.68.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:1c:69:2b:e9:7b:6d:2f:3b:fd:ed:b2:69:52:87:68:a7:a8:e6:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 16 16:26:48 2025 GMT
            Not After : Nov 20 23:59:59 2025 GMT
        Subject: serialNumber=c47a917c71d84729034336cd4a0775f1e4ee3af617a94dcf350713e91e8300f2, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:60:57:dc:5e:b4:90:86:0c:4c:f0:cf:72:b4:
                    a2:60:9c:57:17:48:87:69:ad:b1:bb:c7:22:f0:67:
                    39:a7:8c:9d:c2:b0:cb:ea:48:5b:34:eb:f4:ea:25:
                    d1:89:a5:e3:5a:5f:fa:62:f9:71:9f:da:ca:d4:4a:
                    69:e3:31:24:a1:c3:de:39:fd:6b:14:b4:6d:bf:25:
                    75:dc:72:d5:44:22:47:36:92:68:e0:08:22:92:3e:
                    41:b1:ff:73:a9:e2:c5:ab:8f:74:8f:df:27:9b:ab:
                    95:22:8c:2e:91:a3:14:e5:9f:b0:46:60:47:e3:4f:
                    99:d2:74:0b:3e:3b:96:20:71:15:e7:e8:3c:1d:c5:
                    df:41:75:ea:d0:85:79:21:45:7d:ff:83:79:dd:89:
                    ed:22:f8:7e:3a:1f:a8:12:4f:6a:fe:b8:2c:63:dd:
                    52:70:27:d4:35:db:df:bc:4e:10:29:dd:1a:af:79:
                    a3:fb:53:f7:60:a8:f3:dc:08:5b:f2:2b:52:9e:d9:
                    c2:79:78:12:09:d9:d5:f5:20:8c:e6:41:cb:05:b6:
                    4a:22:ed:cd:08:c7:cc:d8:a5:da:bc:71:c5:c9:67:
                    ce:b5:38:21:df:3c:52:d3:af:f5:d2:de:70:55:3f:
                    f1:cc:85:19:50:db:10:e3:19:bf:47:cb:03:ee:03:
                    9a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:4A:85:6F:4B:D0:FB:76:46:E8:64:6A:DC:AF:06:FD:9C:CB:4A:C1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fa591c29-bb91-494b-b151-7bd4aeeac9b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.68.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:af:4f:0d:87:98:6f:ab:96:43:43:60:c4:7e:92:2d:63:30:
         0e:dc:f3:42:ef:31:2b:2e:f3:ca:90:7a:8a:53:c8:e5:8d:eb:
         ee:04:fa:1d:a9:27:cd:1b:89:43:e5:68:46:d3:ce:89:49:9b:
         7f:02:37:ed:ae:fa:bd:35:48:03:80:93:11:f9:37:67:4a:37:
         43:a5:0b:03:90:d7:29:d2:3e:2c:55:2b:f3:2f:14:2f:86:3c:
         bc:f1:2d:c0:cc:e3:e2:d3:10:8c:af:85:5c:a1:fc:3c:5d:12:
         17:3f:61:74:75:15:af:dc:08:82:ab:ce:d0:b6:fd:1c:75:60:
         86:c7:7e:99:62:15:9a:5c:34:ee:af:f8:61:91:6c:a8:a8:7b:
         e8:c2:c2:87:68:0c:97:57:89:41:c0:e2:5e:3b:92:73:08:c5:
         8b:71:d9:8a:df:2c:38:0b:0e:03:1e:2e:8c:9e:84:91:50:ef:
         57:20:0b:7b:c5:16:f9:35:7e:39:d4:e6:c4:6d:f4:5b:9a:df:
         0d:e5:dd:eb:01:71:7c:1b:75:3e:f5:64:10:02:cc:1c:33:9e:
         bf:c1:ec:fd:62:ae:72:2f:8d:e0:8d:29:06:4b:8c:73:d0:83:
         b4:56:7c:71:c3:ed:02:40:a4:c3:c9:7f:45:49:15:d0:59:c7:
         6f:ce:4d:2b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbxxpK+l7bS87/e2yaVKHaKeo5iAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE2MTYyNjQ4WhcNMjUxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNDdhOTE3YzcxZDg0NzI5MDM0MzM2Y2Q0YTA3NzVmMWU0
ZWUzYWY2MTdhOTRkY2YzNTA3MTNlOTFlODMwMGYyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJYFfcXrSQhgxM8M9ytKJgnFcXSIdprbG7xyLwZzmnjJ3C
sMvqSFs06/TqJdGJpeNaX/pi+XGf2srUSmnjMSShw945/WsUtG2/JXXcctVEIkc2
kmjgCCKSPkGx/3Op4sWrj3SP3yebq5UijC6RoxTln7BGYEfjT5nSdAs+O5YgcRXn
6Dwdxd9BderQhXkhRX3/g3ndie0i+H46H6gST2r+uCxj3VJwJ9Q129+8ThAp3Rqv
eaP7U/dgqPPcCFvyK1Ke2cJ5eBIJ2dX1IIzmQcsFtkoi7c0Ix8zYpdq8ccXJZ861
OCHfPFLTr/XS3nBVP/HMhRlQ2xDjGb9HywPuA5pxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCkqFb0vQ+3ZG6GRq3K8G/ZzLSsEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZhNTkxYzI5LWJiOTEtNDk0Yi1iMTUxLTdiZDRhZWVhYzliMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASRL8wDQYJKoZIhvcNAQELBQADggEBAJ+vTw2HmG+rlkNDYMR+ki1jMA7c
80LvMSsu88qQeopTyOWN6+4E+h2pJ80biUPlaEbTzolJm38CN+2u+r01SAOAkxH5
N2dKN0OlCwOQ1ynSPixVK/MvFC+GPLzxLcDM4+LTEIyvhVyh/DxdEhc/YXR1Fa/c
CIKrztC2/Rx1YIbHfpliFZpcNO6v+GGRbKioe+jCwodoDJdXiUHA4l47knMIxYtx
2YrfLDgLDgMeLoyehJFQ71cgC3vFFvk1fjnU5sRt9Fua3w3l3esBcXwbdT71ZBAC
zBwznr/B7P1irnIvjeCNKQZLjHPQg7RWfHHD7QJApMPJf0VJFdBZx2/OTSs=
-----END CERTIFICATE-----