Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d99d9ec-42c4-4861-afdc-51606b09cc48.roa
File:                     2d99d9ec-42c4-4861-afdc-51606b09cc48.roa (raw, json)
Hash identifier:          +wJNeKjRoxb+sKLnjyORjSPJQ54MZ8QzIoRU4Ymyc2c=
Subject key identifier:   74:C5:1E:A3:2B:95:DC:D7:7B:DB:B7:AC:1C:4B:74:DA:25:1F:3F:3F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       65CA39290DFD4E8950DA8A9A39D64F0C2CE3A38F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d99d9ec-42c4-4861-afdc-51606b09cc48.roa
Signing time:             Tue 19 May 2026 02:31:47 +0000
ROA not before:           Tue 19 May 2026 02:31:47 +0000
ROA not after:            Mon 17 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.239.32.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 18 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:ca:39:29:0d:fd:4e:89:50:da:8a:9a:39:d6:4f:0c:2c:e3:a3:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 19 02:31:47 2026 GMT
            Not After : Aug 17 23:59:59 2026 GMT
        Subject: serialNumber=6975c114f7b0f32bba216c20672e51f2bc2552f3b9a840d518801e51f7219772, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a0:1d:80:44:5a:f3:4b:02:90:e5:61:01:d1:
                    ef:94:2a:ac:59:31:cf:40:41:4e:1a:e5:43:4c:99:
                    bc:02:58:cf:f7:37:a5:62:30:b0:88:76:eb:6b:12:
                    da:f0:45:a8:d0:14:17:95:74:0d:c4:a9:7f:95:a7:
                    61:de:be:cb:c4:b8:b3:cd:64:b8:d6:96:b5:6e:ae:
                    00:4b:d0:2c:91:f0:24:73:52:d4:d8:fa:62:68:bc:
                    68:c2:e3:cc:55:25:b7:27:5e:29:a9:2a:fa:97:f0:
                    ba:3f:22:a3:49:c6:2d:a7:be:a8:60:61:77:52:9b:
                    ab:d6:f4:5f:0a:04:13:42:f4:a5:6d:91:a0:af:dd:
                    7c:d3:9e:33:0f:f9:4f:96:d8:34:11:d8:66:2d:f8:
                    62:94:55:1d:17:e2:c3:4e:35:db:60:44:3f:25:f2:
                    82:e0:0d:23:7a:2c:f5:f9:45:11:00:76:96:0b:5c:
                    c2:0b:f9:76:8c:94:bb:42:c5:1f:35:b4:3f:73:f2:
                    bf:84:bf:93:45:51:a5:f7:e3:b4:bf:01:fe:a4:f8:
                    5f:d8:27:70:d5:a7:b9:d9:fc:01:3f:d1:da:10:5c:
                    1e:74:48:9e:89:1d:c5:89:40:04:73:7c:5f:b0:14:
                    ca:6f:66:c6:d5:b4:a3:83:03:ef:18:23:e1:ce:ac:
                    14:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:C5:1E:A3:2B:95:DC:D7:7B:DB:B7:AC:1C:4B:74:DA:25:1F:3F:3F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2d99d9ec-42c4-4861-afdc-51606b09cc48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.239.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         17:2c:10:d2:8b:69:ed:1c:f4:98:22:fa:46:93:ca:f5:fb:d0:
         ef:42:46:f0:7e:5c:c1:a4:17:6a:02:20:2c:cd:44:23:1d:be:
         7f:75:0b:cd:05:c1:ba:55:67:ab:3a:5a:68:e0:44:c9:0f:c4:
         97:76:78:6f:34:87:37:14:b5:2d:aa:70:d8:7b:4c:3b:7e:30:
         ab:7d:85:0c:fb:11:62:38:b2:0a:58:cc:9b:05:a9:22:e5:20:
         32:3a:0c:fa:f9:e6:8c:8e:5e:4c:3f:91:ca:f1:39:92:34:52:
         7c:84:6e:a8:7b:08:cc:cd:35:cb:3e:04:5c:3e:95:1f:7e:f8:
         a9:6d:2c:c0:7b:00:a8:0e:41:b4:1f:73:17:f3:62:08:cc:27:
         57:40:b4:e9:9c:05:a6:49:fa:7f:09:b8:f7:a9:8a:67:cf:de:
         d5:cd:ed:02:02:83:23:e8:71:a7:bb:7d:38:17:08:59:f7:2c:
         b2:ca:40:e8:c1:80:60:5e:82:09:d4:c7:db:a1:0a:96:c5:a5:
         91:1d:7e:7f:11:c8:06:8f:7c:91:1d:ff:a5:ed:a0:d6:c5:4d:
         1c:c8:88:97:dc:cc:39:11:6f:dc:30:a5:ad:4a:be:e5:6e:87:
         e8:cb:5f:55:aa:64:90:19:54:b3:df:8c:b5:8f:8e:0b:a5:ef:
         85:3e:7c:f1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZco5KQ39TolQ2oqaOdZPDCzjo48wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTE5MDIzMTQ3WhcNMjYwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTc1YzExNGY3YjBmMzJiYmEyMTZjMjA2NzJlNTFmMmJj
MjU1MmYzYjlhODQwZDUxODgwMWU1MWY3MjE5NzcyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOoB2ARFrzSwKQ5WEB0e+UKqxZMc9AQU4a5UNMmbwCWM/3
N6ViMLCIdutrEtrwRajQFBeVdA3EqX+Vp2HevsvEuLPNZLjWlrVurgBL0CyR8CRz
UtTY+mJovGjC48xVJbcnXimpKvqX8Lo/IqNJxi2nvqhgYXdSm6vW9F8KBBNC9KVt
kaCv3XzTnjMP+U+W2DQR2GYt+GKUVR0X4sNONdtgRD8l8oLgDSN6LPX5RREAdpYL
XMIL+XaMlLtCxR81tD9z8r+Ev5NFUaX347S/Af6k+F/YJ3DVp7nZ/AE/0doQXB50
SJ6JHcWJQARzfF+wFMpvZsbVtKODA+8YI+HOrBRBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdMUeoyuV3Nd727esHEt02iUfPz8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJkOTlkOWVjLTQyYzQtNDg2MS1hZmRjLTUxNjA2YjA5Y2M0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM27yAwDQYJKoZIhvcNAQELBQADggEBABcsENKLae0c9Jgi+kaTyvX70O9C
RvB+XMGkF2oCICzNRCMdvn91C80FwbpVZ6s6WmjgRMkPxJd2eG80hzcUtS2qcNh7
TDt+MKt9hQz7EWI4sgpYzJsFqSLlIDI6DPr55oyOXkw/kcrxOZI0UnyEbqh7CMzN
Ncs+BFw+lR9++KltLMB7AKgOQbQfcxfzYgjMJ1dAtOmcBaZJ+n8JuPepimfP3tXN
7QICgyPocae7fTgXCFn3LLLKQOjBgGBeggnUx9uhCpbFpZEdfn8RyAaPfJEd/6Xt
oNbFTRzIiJfczDkRb9wwpa1KvuVuh+jLX1WqZJAZVLPfjLWPjgul74U+fPE=
-----END CERTIFICATE-----