Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/33cf66c1-05eb-4cc7-be76-1cd1cf9af273.roa
File:                     33cf66c1-05eb-4cc7-be76-1cd1cf9af273.roa (raw, json)
Hash identifier:          1RbBWBbthqIMHjgJaIGQ8ksPM+3S2bE6cyCQygG5kmI=
Subject key identifier:   5B:75:9C:13:57:4D:D2:A2:77:E3:B0:D6:48:33:4A:3B:DB:0C:16:53
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       269AD5BE5745C804DC7A751229815E54B93B0290
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/33cf66c1-05eb-4cc7-be76-1cd1cf9af273.roa
Signing time:             Thu 16 Oct 2025 22:50:19 +0000
ROA not before:           Thu 16 Oct 2025 22:50:19 +0000
ROA not after:            Thu 20 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.182.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:9a:d5:be:57:45:c8:04:dc:7a:75:12:29:81:5e:54:b9:3b:02:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 16 22:50:19 2025 GMT
            Not After : Nov 20 23:59:59 2025 GMT
        Subject: serialNumber=3761a26dfe35128c09508ee42d5d6e2c2c09eada5263fd8c2c9cffa79ed2bc03, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:8b:48:48:aa:3d:ec:f3:69:4f:b7:d1:1e:af:
                    cb:b5:5a:2b:b7:64:48:6a:43:20:53:ea:7e:e9:1b:
                    05:c6:1e:91:b3:2d:1c:47:89:77:7a:25:3d:5a:4b:
                    de:33:ad:ef:a6:9e:16:fe:22:a2:05:ed:5e:fd:2a:
                    ae:05:ab:33:84:6d:3c:1f:b3:57:11:7d:ca:2d:95:
                    87:da:cd:14:e6:10:aa:0b:38:6a:a6:7e:91:3d:ec:
                    58:bb:3a:d4:4e:27:b2:bc:a7:05:25:ee:ae:d8:a9:
                    31:e1:ca:b3:60:72:0b:69:b1:6b:02:64:0b:90:ec:
                    a2:a5:82:4f:de:54:b6:ca:84:c8:17:b0:b3:bb:d1:
                    a0:e6:45:13:6d:bc:9f:3b:26:c1:95:ac:97:75:b5:
                    c8:b1:25:27:f0:6e:bb:95:9f:ee:c6:12:d3:c1:b2:
                    01:26:dc:e4:8e:9e:00:98:b8:8b:55:88:6d:5d:7e:
                    ff:08:aa:6e:d5:92:2e:90:2d:7b:80:3c:36:6f:82:
                    6e:76:5f:3f:13:a3:78:59:be:b1:67:37:cb:09:73:
                    90:7d:2a:0a:0d:ea:18:0d:64:ff:bd:3e:98:f7:b2:
                    da:4c:f9:f1:ac:fb:ec:30:3b:c0:0c:20:ab:1b:23:
                    6f:47:1c:f4:f7:57:12:3c:cc:4d:27:b7:84:aa:ac:
                    12:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:75:9C:13:57:4D:D2:A2:77:E3:B0:D6:48:33:4A:3B:DB:0C:16:53
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/33cf66c1-05eb-4cc7-be76-1cd1cf9af273.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.182.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:f6:9a:14:fc:8c:ad:24:e1:a5:42:f1:a0:3e:ff:18:52:ea:
         4e:ed:58:93:f9:9a:8b:18:b0:ae:b8:90:a1:40:2c:cc:6b:26:
         fa:c6:82:5d:d9:f1:fd:c6:b2:69:42:b8:2a:df:cd:c6:d3:f7:
         ea:aa:bd:de:ab:77:cf:7f:a3:fd:93:6d:7c:72:ee:72:8d:61:
         46:e9:fc:73:33:34:c8:84:e8:40:fc:ec:69:f2:e2:09:c2:71:
         55:8a:08:67:7a:c0:d5:c8:16:20:4a:6d:5a:65:83:cb:9b:e4:
         44:ed:ad:bc:ca:fa:d1:13:4a:4d:5b:af:56:05:91:c7:84:14:
         b3:5e:bc:0a:a0:5f:d4:23:4a:dd:7d:26:80:28:e7:22:ae:41:
         d6:de:18:90:a9:a4:e8:3f:cc:d4:b0:dc:d2:57:63:7b:91:d2:
         da:08:9d:2b:b7:ec:ad:56:d6:46:ec:58:eb:9e:57:12:2b:28:
         75:69:c3:c5:af:5f:ff:5f:41:73:ae:1b:7b:2f:0a:36:a2:65:
         0a:32:09:d6:68:7b:e7:0d:3a:ae:6c:0b:7d:f3:00:dc:e7:74:
         5e:9f:53:bd:39:dc:f6:4d:e9:1d:6c:8e:91:2e:c9:1d:45:da:
         e5:92:7f:9c:f2:f1:48:7f:2e:57:bb:6b:42:55:4e:2d:7c:3c:
         5a:4d:2d:5c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJprVvldFyATcenUSKYFeVLk7ApAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE2MjI1MDE5WhcNMjUxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNzYxYTI2ZGZlMzUxMjhjMDk1MDhlZTQyZDVkNmUyYzJj
MDllYWRhNTI2M2ZkOGMyYzljZmZhNzllZDJiYzAzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsi0hIqj3s82lPt9Eer8u1Wiu3ZEhqQyBT6n7pGwXGHpGz
LRxHiXd6JT1aS94zre+mnhb+IqIF7V79Kq4FqzOEbTwfs1cRfcotlYfazRTmEKoL
OGqmfpE97Fi7OtROJ7K8pwUl7q7YqTHhyrNgcgtpsWsCZAuQ7KKlgk/eVLbKhMgX
sLO70aDmRRNtvJ87JsGVrJd1tcixJSfwbruVn+7GEtPBsgEm3OSOngCYuItViG1d
fv8Iqm7Vki6QLXuAPDZvgm52Xz8To3hZvrFnN8sJc5B9KgoN6hgNZP+9Ppj3stpM
+fGs++wwO8AMIKsbI29HHPT3VxI8zE0nt4SqrBLrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUW3WcE1dN0qJ347DWSDNKO9sMFlMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMzY2Y2NmMxLTA1ZWItNGNjNy1iZTc2LTFjZDFjZjlhZjI3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI2tngwDQYJKoZIhvcNAQELBQADggEBAHT2mhT8jK0k4aVC8aA+/xhS6k7t
WJP5mosYsK64kKFALMxrJvrGgl3Z8f3GsmlCuCrfzcbT9+qqvd6rd89/o/2TbXxy
7nKNYUbp/HMzNMiE6ED87Gny4gnCcVWKCGd6wNXIFiBKbVplg8ub5ETtrbzK+tET
Sk1br1YFkceEFLNevAqgX9QjSt19JoAo5yKuQdbeGJCppOg/zNSw3NJXY3uR0toI
nSu37K1W1kbsWOueVxIrKHVpw8WvX/9fQXOuG3svCjaiZQoyCdZoe+cNOq5sC33z
ANzndF6fU7053PZN6R1sjpEuyR1F2uWSf5zy8Uh/Lle7a0JVTi18PFpNLVw=
-----END CERTIFICATE-----