Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27080014-4498-4888-909d-c1bed4c0abca.roa
File:                     27080014-4498-4888-909d-c1bed4c0abca.roa (raw, json)
Hash identifier:          rwDYMr8zjH5EneqypmqvZCiRsIDPHojMbIja8uDlCPA=
Subject key identifier:   6B:06:CF:6A:9F:A6:3A:62:26:CE:8C:27:AE:F0:33:91:D8:68:28:FE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7CB526165A6F7D0F62EB537259CC6025105D739D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27080014-4498-4888-909d-c1bed4c0abca.roa
Signing time:             Tue 21 Oct 2025 09:00:04 +0000
ROA not before:           Tue 21 Oct 2025 09:00:04 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.43.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:b5:26:16:5a:6f:7d:0f:62:eb:53:72:59:cc:60:25:10:5d:73:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 09:00:04 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=c3f534966cab56525a6dd4c72bbb7ecf1e7bd4e238bbe58c657e8c755860dad8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:50:0c:b4:ae:d8:b8:27:0b:ef:2f:61:2b:86:
                    80:1b:eb:10:db:b4:84:50:d1:ef:2f:f4:6e:89:df:
                    8f:5f:19:d7:25:97:da:dc:8f:c4:c1:65:d2:ef:93:
                    5d:8f:3f:79:37:95:b9:03:f9:b4:a5:13:ac:2a:60:
                    d8:69:0d:ca:4b:47:06:5d:f8:22:92:87:08:cf:ab:
                    2b:a0:02:f0:1d:10:a9:23:88:07:c7:37:f6:d4:86:
                    32:32:62:58:c5:1e:a5:77:5c:41:31:7d:48:90:f9:
                    cc:63:e6:79:bd:58:d6:2f:6d:6f:37:50:58:2b:46:
                    7b:62:73:e3:e8:ad:4a:a3:09:44:8e:68:96:5e:9d:
                    66:e6:88:af:8e:90:22:0c:07:7b:66:77:53:cf:44:
                    ec:52:42:ef:ca:b4:c1:a1:e9:fd:76:75:2b:f3:65:
                    03:2e:a7:05:cc:d2:83:a7:2f:19:2f:d2:df:93:ae:
                    13:06:3c:38:ff:cc:f9:1a:9b:aa:1e:e0:24:73:b8:
                    6a:48:61:f2:d7:d9:d1:1c:07:b6:37:14:bf:b6:75:
                    19:b9:80:33:ff:d8:b0:3e:7a:f9:07:49:da:b2:f5:
                    62:2f:38:18:2d:52:b9:2f:c0:d1:25:d6:39:4b:b7:
                    52:2f:55:d1:47:f8:71:10:33:ec:85:c2:a8:43:9b:
                    e0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:06:CF:6A:9F:A6:3A:62:26:CE:8C:27:AE:F0:33:91:D8:68:28:FE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/27080014-4498-4888-909d-c1bed4c0abca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.43.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         42:40:79:45:8a:65:9f:53:b1:03:f6:80:8f:45:01:fa:d0:0c:
         ed:d9:3d:7a:ac:de:f8:77:58:df:a0:cd:43:d7:67:62:9e:53:
         92:8c:aa:e6:8d:1b:a8:70:6b:d3:b1:ed:da:52:43:67:68:c0:
         02:f2:59:d4:71:c4:83:ff:79:ef:55:fc:06:91:71:9d:e7:30:
         32:39:30:b8:43:95:61:e6:2f:e8:bb:47:d6:97:50:56:71:ae:
         32:7a:f5:09:7c:f7:ff:8d:0d:18:0f:6b:4f:a1:fc:08:fc:3c:
         58:90:05:13:19:1d:0e:53:aa:02:12:ec:d4:61:cf:5e:e2:b3:
         39:d3:06:cc:88:7d:0e:e8:00:43:97:2d:58:86:41:92:d9:f2:
         d7:86:eb:b0:bf:7a:47:00:dd:15:7c:4e:8c:0d:41:04:cc:89:
         1d:a2:66:86:d3:93:07:7d:a9:c2:39:fe:2d:50:cf:90:51:59:
         2a:90:d2:a8:52:9c:b1:1c:35:1a:0b:a3:53:13:78:8a:ed:a5:
         eb:ef:69:06:6e:b9:8e:e3:2f:bc:44:db:f9:b5:84:99:12:4c:
         b2:e3:21:7d:e8:30:ec:16:f6:4f:36:62:c9:b0:42:50:84:14:
         1d:99:05:66:29:00:c6:10:bc:b1:2a:53:ac:81:e9:17:b5:3d:
         99:62:20:4a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfLUmFlpvfQ9i61NyWcxgJRBdc50wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDkwMDA0WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjM2Y1MzQ5NjZjYWI1NjUyNWE2ZGQ0YzcyYmJiN2VjZjFl
N2JkNGUyMzhiYmU1OGM2NTdlOGM3NTU4NjBkYWQ4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbUAy0rti4JwvvL2ErhoAb6xDbtIRQ0e8v9G6J349fGdcl
l9rcj8TBZdLvk12PP3k3lbkD+bSlE6wqYNhpDcpLRwZd+CKShwjPqyugAvAdEKkj
iAfHN/bUhjIyYljFHqV3XEExfUiQ+cxj5nm9WNYvbW83UFgrRntic+PorUqjCUSO
aJZenWbmiK+OkCIMB3tmd1PPROxSQu/KtMGh6f12dSvzZQMupwXM0oOnLxkv0t+T
rhMGPDj/zPkam6oe4CRzuGpIYfLX2dEcB7Y3FL+2dRm5gDP/2LA+evkHSdqy9WIv
OBgtUrkvwNEl1jlLt1IvVdFH+HEQM+yFwqhDm+A7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUawbPap+mOmImzownrvAzkdhoKP4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI3MDgwMDE0LTQ0OTgtNDg4OC05MDlkLWMxYmVkNGMwYWJjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASKzANBgkqhkiG9w0BAQsFAAOCAQEAQkB5RYpln1OxA/aAj0UB+tAM7dk9
eqze+HdY36DNQ9dnYp5Tkoyq5o0bqHBr07Ht2lJDZ2jAAvJZ1HHEg/9571X8BpFx
necwMjkwuEOVYeYv6LtH1pdQVnGuMnr1CXz3/40NGA9rT6H8CPw8WJAFExkdDlOq
AhLs1GHPXuKzOdMGzIh9DugAQ5ctWIZBktny14brsL96RwDdFXxOjA1BBMyJHaJm
htOTB32pwjn+LVDPkFFZKpDSqFKcsRw1GgujUxN4iu2l6+9pBm65juMvvETb+bWE
mRJMsuMhfegw7Bb2TzZiybBCUIQUHZkFZikAxhC8sSpTrIHpF7U9mWIgSg==
-----END CERTIFICATE-----