Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0b375cfb-c594-4719-8ced-254505eae482.roa
File:                     0b375cfb-c594-4719-8ced-254505eae482.roa (raw, json)
Hash identifier:          N+pcv5Iq0cLQLfoxps5hog1EPQRTSWyTbq/mBOhfcdk=
Subject key identifier:   50:9F:0F:60:00:8D:FB:22:A0:E8:B5:70:7F:21:51:F2:4E:15:B9:3F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2776AE580B55255B9F1E408DA0BC2B1DB588C4AB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0b375cfb-c594-4719-8ced-254505eae482.roa
Signing time:             Sun 01 Mar 2026 00:40:59 +0000
ROA not before:           Sun 01 Mar 2026 00:40:59 +0000
ROA not after:            Sat 30 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        161.188.150.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:76:ae:58:0b:55:25:5b:9f:1e:40:8d:a0:bc:2b:1d:b5:88:c4:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Mar  1 00:40:59 2026 GMT
            Not After : May 30 23:59:59 2026 GMT
        Subject: serialNumber=e92c214d632cb961bf52409a150b516ca415bb87357d0d2403c87d5d8bad8a12, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d9:0f:9d:81:0d:d9:4f:78:48:c7:7b:c1:bd:
                    40:6b:25:6d:73:99:af:f0:26:0f:24:53:cf:26:0b:
                    f4:87:15:82:1e:96:02:8d:1b:27:58:65:0a:f7:65:
                    d0:bd:cc:69:d8:26:8e:7e:1d:10:2c:e6:99:15:7c:
                    d9:39:df:a8:bc:98:8b:c1:05:a6:b2:81:96:f2:e2:
                    71:57:25:ff:04:c4:ed:5b:20:0d:a2:3e:8e:ad:1a:
                    85:bf:50:3e:f1:9e:54:97:fa:4b:0c:75:25:6c:90:
                    c4:f7:00:dd:0e:5e:6a:99:7c:a6:d8:b1:8e:65:bd:
                    34:bd:9f:72:e0:3f:37:93:f4:4a:12:91:98:59:7f:
                    d4:61:37:79:33:8b:32:02:48:32:f3:9f:f4:da:98:
                    84:c2:88:60:95:95:c6:44:ad:19:f3:15:f9:99:b5:
                    8f:d8:81:13:19:dd:14:7a:ad:da:46:39:b8:01:1d:
                    40:70:ea:d6:83:99:44:a5:a4:6c:63:ed:a3:68:fb:
                    cf:97:ca:e1:c5:b0:8b:37:1a:b6:19:01:76:ff:3b:
                    46:09:46:51:d4:e1:9f:42:36:8b:e9:68:9d:ef:d0:
                    81:64:d8:d3:2b:65:37:62:ce:fb:fe:c6:29:6a:2f:
                    a7:a5:cc:46:55:63:3d:16:18:23:bf:44:a9:fc:a5:
                    a5:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:9F:0F:60:00:8D:FB:22:A0:E8:B5:70:7F:21:51:F2:4E:15:B9:3F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0b375cfb-c594-4719-8ced-254505eae482.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.188.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:fd:cc:83:59:03:ae:7b:c3:e1:a6:77:95:f4:e9:f1:39:bc:
         c2:26:65:bd:bd:29:87:43:b4:06:7a:29:ca:11:cc:b6:f6:5e:
         58:c9:de:c9:6c:04:c8:ab:d5:48:90:a0:c1:f9:00:69:75:89:
         56:f1:bf:59:8d:f0:4a:0f:8e:a1:45:1d:9a:63:99:ba:cf:f6:
         88:07:e5:23:b1:7e:f0:46:61:4e:11:e8:c5:e2:53:63:46:f3:
         b0:df:d6:10:ff:fb:14:64:b9:c8:63:77:33:11:e0:1c:60:3e:
         cc:c5:00:6e:d6:07:43:33:96:cc:c1:04:42:d2:ec:67:1e:6a:
         d8:66:ad:fa:38:a7:98:d6:b0:c4:9e:95:33:aa:d1:d4:48:18:
         20:6a:80:32:c2:c7:90:6e:ea:1d:3a:02:b0:52:2e:b3:1e:81:
         29:25:3d:da:d7:b5:d5:3f:93:97:a5:9f:69:69:ce:43:bb:ce:
         47:62:67:0f:4a:41:09:69:93:af:2c:cd:ba:51:9a:86:0f:0b:
         2f:09:4f:1f:57:64:b3:11:ad:c7:4a:47:35:7b:8f:48:33:f1:
         d2:39:41:47:63:27:2f:92:ae:fb:19:5c:96:72:f0:5b:8f:0f:
         8a:b7:d0:09:e4:d8:ba:7c:e5:1b:70:de:8b:05:ff:50:b0:be:
         21:d3:05:bb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJ3auWAtVJVufHkCNoLwrHbWIxKswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMzAxMDA0MDU5WhcNMjYwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlOTJjMjE0ZDYzMmNiOTYxYmY1MjQwOWExNTBiNTE2Y2E0
MTViYjg3MzU3ZDBkMjQwM2M4N2Q1ZDhiYWQ4YTEyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC32Q+dgQ3ZT3hIx3vBvUBrJW1zma/wJg8kU88mC/SHFYIe
lgKNGydYZQr3ZdC9zGnYJo5+HRAs5pkVfNk536i8mIvBBaaygZby4nFXJf8ExO1b
IA2iPo6tGoW/UD7xnlSX+ksMdSVskMT3AN0OXmqZfKbYsY5lvTS9n3LgPzeT9EoS
kZhZf9RhN3kzizICSDLzn/TamITCiGCVlcZErRnzFfmZtY/YgRMZ3RR6rdpGObgB
HUBw6taDmUSlpGxj7aNo+8+XyuHFsIs3GrYZAXb/O0YJRlHU4Z9CNovpaJ3v0IFk
2NMrZTdizvv+xilqL6elzEZVYz0WGCO/RKn8paWLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUJ8PYACN+yKg6LVwfyFR8k4VuT8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBiMzc1Y2ZiLWM1OTQtNDcxOS04Y2VkLTI1NDUwNWVhZTQ4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGhvJYwDQYJKoZIhvcNAQELBQADggEBAHD9zINZA657w+Gmd5X06fE5vMIm
Zb29KYdDtAZ6KcoRzLb2XljJ3slsBMir1UiQoMH5AGl1iVbxv1mN8EoPjqFFHZpj
mbrP9ogH5SOxfvBGYU4R6MXiU2NG87Df1hD/+xRkuchjdzMR4BxgPszFAG7WB0Mz
lszBBELS7Gceathmrfo4p5jWsMSelTOq0dRIGCBqgDLCx5Bu6h06ArBSLrMegSkl
PdrXtdU/k5eln2lpzkO7zkdiZw9KQQlpk68szbpRmoYPCy8JTx9XZLMRrcdKRzV7
j0gz8dI5QUdjJy+SrvsZXJZy8FuPD4q30Ank2Lp85Rtw3osF/1CwviHTBbs=
-----END CERTIFICATE-----