Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27080014-4498-4888-909d-c1bed4c0abca.roa
File:                     27080014-4498-4888-909d-c1bed4c0abca.roa (raw, json)
Hash identifier:          sWuVe1/sBNbKzuA09MQbT3+rTX3oP1JHheCxSW3UzL4=
Subject key identifier:   33:45:79:92:89:21:9B:99:72:E4:BC:B0:FD:65:10:64:00:31:48:5F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3A819E4845AECEEE1A8939E1E91AE97EE71866F3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27080014-4498-4888-909d-c1bed4c0abca.roa
Signing time:             Tue 19 May 2026 02:50:05 +0000
ROA not before:           Tue 19 May 2026 02:50:05 +0000
ROA not after:            Mon 17 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        18.43.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 14 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:81:9e:48:45:ae:ce:ee:1a:89:39:e1:e9:1a:e9:7e:e7:18:66:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 19 02:50:05 2026 GMT
            Not After : Aug 17 23:59:59 2026 GMT
        Subject: serialNumber=b4060d1cc7f96c66c895f38cc496fcb4cbe73ab2f5ceb39562e6580aef34ef43, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:99:e8:82:89:b8:ce:75:5b:c0:03:96:d6:1e:
                    14:5d:e1:28:d0:f9:32:79:97:58:69:c8:32:3b:50:
                    dc:9e:bd:d6:fd:6b:2f:8d:db:be:de:26:a5:75:69:
                    9d:ab:ad:09:c3:67:22:96:58:79:b7:93:ab:c1:b1:
                    e2:0c:ba:03:a7:65:84:ff:d9:73:8f:bd:70:2e:21:
                    3e:0e:d9:d0:d0:9d:e0:17:fc:de:31:f7:9e:c1:af:
                    a6:25:1f:48:63:2f:e9:b1:71:c1:84:ef:f8:f8:ac:
                    10:d4:36:d7:22:3d:82:39:f4:2d:d1:4f:e6:e6:c8:
                    2e:94:0e:36:df:df:e7:9d:73:43:cb:5a:45:db:7c:
                    f1:d2:49:a9:f6:21:85:2c:af:66:15:09:23:de:a9:
                    44:3b:69:fa:fc:e5:7e:bd:1c:5a:01:3b:8e:4e:4f:
                    e6:40:59:53:66:ef:a0:dc:8a:65:0e:8b:8e:07:1b:
                    e0:49:60:9b:a8:f2:85:74:86:e3:65:4e:91:ff:21:
                    c3:2c:97:2e:0f:18:9d:4c:a4:f4:d2:ce:da:f3:25:
                    65:73:87:ff:38:63:f6:92:71:9b:d4:9b:15:65:8f:
                    9c:7a:f4:89:4d:d3:a6:6d:76:c1:5c:d2:e5:c5:f2:
                    90:dd:17:4f:be:f0:d2:d4:35:c0:9d:8e:99:11:97:
                    2a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:45:79:92:89:21:9B:99:72:E4:BC:B0:FD:65:10:64:00:31:48:5F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27080014-4498-4888-909d-c1bed4c0abca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.43.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ad:90:6d:c9:7d:bf:7a:9e:0e:60:ed:48:f6:f9:c3:0f:c1:25:
         ce:b5:45:46:a6:7e:ef:fd:53:34:16:d1:bd:2b:e3:0b:7a:16:
         f0:92:bd:2d:20:a0:77:fe:f5:dc:41:17:bd:bd:89:b6:5f:41:
         2f:b6:41:ae:c6:04:93:72:43:48:49:46:ad:45:5e:c1:98:f1:
         14:80:84:68:08:31:bf:db:85:70:eb:2f:08:2e:94:e2:73:28:
         2c:e6:9a:30:4e:5d:ba:92:e3:d6:ce:72:e8:fb:88:e4:ba:7a:
         d0:a7:fe:87:d8:35:ae:05:12:a8:0b:76:e9:9d:a2:ed:7b:fb:
         58:70:04:f8:a7:05:42:48:48:f3:06:e6:b0:a2:d5:27:b4:da:
         c0:98:c4:a7:bf:b8:17:cf:13:13:03:88:be:9c:f1:75:cc:20:
         83:15:b4:2f:7f:dd:35:c7:8f:fd:9d:75:b5:ee:94:e4:c1:bf:
         30:52:d0:67:c6:41:5c:41:28:18:a3:2d:b7:2b:48:69:21:1d:
         f4:a9:11:73:82:05:56:a3:86:88:c4:37:b9:81:4b:76:9d:7d:
         63:e0:0a:e2:14:4d:e9:5d:cb:f7:e2:63:36:ca:d1:69:66:38:
         b5:15:2b:42:79:e2:f2:52:b0:5b:84:c6:41:3d:92:2a:6a:8e:
         ab:b8:35:62
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUOoGeSEWuzu4aiTnh6RrpfucYZvMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTE5MDI1MDA1WhcNMjYwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNDA2MGQxY2M3Zjk2YzY2Yzg5NWYzOGNjNDk2ZmNiNGNi
ZTczYWIyZjVjZWIzOTU2MmU2NTgwYWVmMzRlZjQzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbmeiCibjOdVvAA5bWHhRd4SjQ+TJ5l1hpyDI7UNyevdb9
ay+N277eJqV1aZ2rrQnDZyKWWHm3k6vBseIMugOnZYT/2XOPvXAuIT4O2dDQneAX
/N4x957Br6YlH0hjL+mxccGE7/j4rBDUNtciPYI59C3RT+bmyC6UDjbf3+edc0PL
WkXbfPHSSan2IYUsr2YVCSPeqUQ7afr85X69HFoBO45OT+ZAWVNm76DcimUOi44H
G+BJYJuo8oV0huNlTpH/IcMsly4PGJ1MpPTSztrzJWVzh/84Y/aScZvUmxVlj5x6
9IlN06ZtdsFc0uXF8pDdF0++8NLUNcCdjpkRlypPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUM0V5kokhm5ly5Lyw/WUQZAAxSF8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI3MDgwMDE0LTQ0OTgtNDg4OC05MDlkLWMxYmVkNGMwYWJjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASKzANBgkqhkiG9w0BAQsFAAOCAQEArZBtyX2/ep4OYO1I9vnDD8ElzrVF
RqZ+7/1TNBbRvSvjC3oW8JK9LSCgd/713EEXvb2Jtl9BL7ZBrsYEk3JDSElGrUVe
wZjxFICEaAgxv9uFcOsvCC6U4nMoLOaaME5dupLj1s5y6PuI5Lp60Kf+h9g1rgUS
qAt26Z2i7Xv7WHAE+KcFQkhI8wbmsKLVJ7TawJjEp7+4F88TEwOIvpzxdcwggxW0
L3/dNceP/Z11te6U5MG/MFLQZ8ZBXEEoGKMttytIaSEd9KkRc4IFVqOGiMQ3uYFL
dp19Y+AK4hRN6V3L9+JjNsrRaWY4tRUrQnni8lKwW4TGQT2SKmqOq7g1Yg==
-----END CERTIFICATE-----