Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/1307ad8e-df0e-4abe-8f37-494ddc3554ec.roa
File:                     1307ad8e-df0e-4abe-8f37-494ddc3554ec.roa (raw, json)
Hash identifier:          mIBJfiNtMDbtjNhlSvyv5kCEp11CxIXKVmHARBMd+Ao=
Subject key identifier:   78:39:8F:AB:4C:FC:06:41:17:B2:47:F5:D7:E6:29:B1:2C:19:2C:C0
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       40477908A620A63223820829C70DCADD49412543
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/1307ad8e-df0e-4abe-8f37-494ddc3554ec.roa
Signing time:             Fri 25 Jul 2025 00:40:23 +0000
ROA not before:           Fri 25 Jul 2025 00:40:23 +0000
ROA not after:            Fri 29 Aug 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2620:108:d000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:47:79:08:a6:20:a6:32:23:82:08:29:c7:0d:ca:dd:49:41:25:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: Jul 25 00:40:23 2025 GMT
            Not After : Aug 29 23:59:59 2025 GMT
        Subject: serialNumber=98a664e96151c7a3c6c365988297b10411dc4ba1fb6d62aa944fbea10a82c9fc, CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:6c:d9:67:33:9b:59:2b:54:7f:ad:5b:b3:f2:
                    81:7d:a4:f9:b7:80:7e:8e:fb:9c:3c:75:f3:02:e1:
                    42:76:15:1d:ba:f3:56:84:b0:06:88:5b:af:4c:f5:
                    12:25:87:c2:dd:65:6d:9f:a4:9d:ec:29:d3:d6:cc:
                    b3:c5:f6:18:0c:87:3c:5c:e6:fc:82:d6:f5:85:9a:
                    33:8d:46:b2:4e:48:ee:0a:80:6c:d5:cb:5c:6d:af:
                    92:57:f4:18:ba:b1:6a:30:b9:62:40:48:64:69:25:
                    0b:cb:63:65:14:32:7f:8e:ea:c1:fc:c2:4e:4e:6c:
                    25:31:78:73:af:f6:cb:c3:03:9f:85:2d:20:b1:f0:
                    7a:8b:36:99:34:6c:61:e5:38:15:f3:85:18:fd:85:
                    a8:1b:d5:bc:30:fd:15:b6:f8:10:a8:d8:e1:61:e4:
                    99:b2:1a:ea:07:23:e8:6d:79:71:86:1c:58:a9:d5:
                    d7:4a:3a:4f:4b:db:8e:a9:28:b4:96:27:00:4e:2b:
                    2e:68:36:c3:2f:32:b3:dd:42:13:d9:e9:c3:74:b9:
                    61:ba:24:d7:22:c5:8e:f1:8e:f7:06:34:87:93:3f:
                    a1:bb:22:17:b2:02:4f:9f:76:a5:95:15:2b:8d:93:
                    01:f5:33:15:47:ba:18:c0:15:d5:e6:de:6f:25:fb:
                    21:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:39:8F:AB:4C:FC:06:41:17:B2:47:F5:D7:E6:29:B1:2C:19:2C:C0
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/1307ad8e-df0e-4abe-8f37-494ddc3554ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:108:d000::/44

    Signature Algorithm: sha256WithRSAEncryption
         7b:9e:e6:32:43:78:69:47:22:ad:03:12:88:ab:25:dd:71:07:
         23:04:19:32:4c:21:6c:51:14:58:18:ad:1d:9b:e9:66:7d:2b:
         b6:64:72:2b:53:cd:5e:26:a3:49:1c:8c:9d:23:12:44:b7:b7:
         dd:40:21:78:9a:84:6d:e9:6c:fe:29:27:7b:72:e1:a6:2f:79:
         92:9b:cd:17:f9:f1:10:bf:ec:9b:82:89:7e:42:bb:05:29:23:
         3d:68:f2:30:99:c3:a8:54:21:3a:e6:0e:a3:9a:af:34:43:f6:
         34:6f:eb:ce:06:3b:f0:61:fa:fe:a0:e9:07:d4:e1:52:f0:50:
         67:ce:63:97:19:c7:08:a8:08:81:e9:32:bc:f6:6e:03:88:80:
         e9:69:f3:d7:54:31:dc:c4:a4:2d:67:40:ea:1f:ca:2e:f8:45:
         96:5d:51:8e:8b:d1:79:16:01:82:5f:c8:c9:9f:d1:36:09:38:
         3c:fc:b4:ac:e9:86:5a:b4:ea:3e:64:fc:de:67:01:13:16:7a:
         92:20:29:8c:59:e6:67:24:bc:45:55:3c:0a:2d:72:f8:ad:cb:
         36:97:bf:5b:af:6c:c8:3c:b3:2a:64:8e:17:4b:4e:ee:97:99:
         b4:51:fb:29:0d:4b:b9:32:66:bf:40:dc:2c:49:de:fa:c7:65:
         9b:9d:27:6f
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUQEd5CKYgpjIjgggpxw3K3UlBJUMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjUwNzI1MDA0MDIzWhcNMjUwODI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OGE2NjRlOTYxNTFjN2EzYzZjMzY1OTg4Mjk3YjEwNDEx
ZGM0YmExZmI2ZDYyYWE5NDRmYmVhMTBhODJjOWZjMS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJbNlnM5tZK1R/rVuz8oF9pPm3gH6O+5w8dfMC4UJ2FR26
81aEsAaIW69M9RIlh8LdZW2fpJ3sKdPWzLPF9hgMhzxc5vyC1vWFmjONRrJOSO4K
gGzVy1xtr5JX9Bi6sWowuWJASGRpJQvLY2UUMn+O6sH8wk5ObCUxeHOv9svDA5+F
LSCx8HqLNpk0bGHlOBXzhRj9hagb1bww/RW2+BCo2OFh5JmyGuoHI+hteXGGHFip
1ddKOk9L246pKLSWJwBOKy5oNsMvMrPdQhPZ6cN0uWG6JNcixY7xjvcGNIeTP6G7
IheyAk+fdqWVFSuNkwH1MxVHuhjAFdXm3m8l+yEZAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUeDmPq0z8BkEXskf11+YpsSwZLMAwHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1LzEzMDdhZDhlLWRmMGUtNGFiZS04ZjM3LTQ5NGRkYzM1NTRlYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmIAEI0AAwDQYJKoZIhvcNAQELBQADggEBAHue5jJDeGlHIq0DEoirJd1x
ByMEGTJMIWxRFFgYrR2b6WZ9K7ZkcitTzV4mo0kcjJ0jEkS3t91AIXiahG3pbP4p
J3ty4aYveZKbzRf58RC/7JuCiX5CuwUpIz1o8jCZw6hUITrmDqOarzRD9jRv684G
O/Bh+v6g6QfU4VLwUGfOY5cZxwioCIHpMrz2bgOIgOlp89dUMdzEpC1nQOofyi74
RZZdUY6L0XkWAYJfyMmf0TYJODz8tKzphlq06j5k/N5nARMWepIgKYxZ5mckvEVV
PAotcvityzaXv1uvbMg8sypkjhdLTu6XmbRR+ykNS7kyZr9A3CxJ3vrHZZudJ28=
-----END CERTIFICATE-----