Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42b52e1c-6128-43d3-a21b-f45a0ac151ae.roa
File:                     42b52e1c-6128-43d3-a21b-f45a0ac151ae.roa (raw, json)
Hash identifier:          axm3PfLyqCQBMVafhFQlVZFmK+cX0iNUr7HD3isnMPY=
Subject key identifier:   3F:54:6C:2A:A1:15:01:A5:B3:BB:AD:E2:43:EC:9A:3C:12:C3:16:6F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4CD7871A76BBC9D51D4E31FED8091664306FA50C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42b52e1c-6128-43d3-a21b-f45a0ac151ae.roa
Signing time:             Tue 04 Nov 2025 01:51:39 +0000
ROA not before:           Tue 04 Nov 2025 01:51:39 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.248.16.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:d7:87:1a:76:bb:c9:d5:1d:4e:31:fe:d8:09:16:64:30:6f:a5:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 01:51:39 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=eecef4f82662b334f76aded909a7151a72fe416646748ce3edf25af004b65751, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7b:a5:45:90:96:3e:5e:c0:0d:2b:cc:69:59:
                    04:9d:41:1b:f7:ee:43:76:33:e8:97:de:0d:47:4e:
                    b3:a9:a9:2e:db:66:02:14:ea:6f:ad:1b:64:49:00:
                    5d:b2:9e:b5:97:c7:83:bb:9e:a3:0d:6d:be:f4:ec:
                    f5:26:8a:47:da:55:6c:c9:d6:f4:59:b8:fa:9e:ac:
                    26:ff:7d:c4:92:b5:cd:9a:35:eb:11:63:b4:a8:e6:
                    07:16:4b:b9:39:c9:cd:b3:d1:67:10:f4:2e:ed:5c:
                    a5:d1:10:7b:94:7e:a4:82:7c:77:c1:f7:b7:62:a5:
                    3a:71:86:c6:8f:a2:05:47:b1:40:16:6a:52:b2:2d:
                    47:a2:55:cc:52:ed:19:0d:8a:1e:76:b3:88:11:58:
                    3d:ae:6a:fe:d2:cd:b7:11:92:23:c6:7c:09:63:7b:
                    aa:6b:93:f5:9b:61:16:07:6d:3b:ce:bd:50:28:e7:
                    88:fe:d5:29:06:68:d0:49:19:de:8a:78:e0:f9:41:
                    f6:ca:13:c5:75:7c:d9:ea:78:d7:ee:e4:85:0f:dc:
                    5a:6a:54:ac:d5:09:f4:e0:57:e9:8e:70:d7:e4:a6:
                    11:de:42:6a:be:09:d7:ff:e5:94:c7:5e:3e:d0:d2:
                    0a:a6:fa:fd:4e:44:5f:c7:a7:d9:01:8d:68:40:f5:
                    e0:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:54:6C:2A:A1:15:01:A5:B3:BB:AD:E2:43:EC:9A:3C:12:C3:16:6F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42b52e1c-6128-43d3-a21b-f45a0ac151ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.248.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         33:31:e7:a3:93:ec:2c:98:52:a3:84:ca:55:d2:6d:47:3d:7b:
         60:a6:d0:b8:c9:58:d6:d1:92:7d:39:52:86:bb:d8:89:bc:57:
         38:59:90:a3:aa:13:67:a0:38:6e:06:e1:b3:3f:d2:50:81:46:
         24:cf:b2:35:e7:77:85:0e:67:30:26:2d:90:b1:b8:b2:9f:79:
         df:0b:c1:11:4f:8b:a5:3a:10:c3:53:71:2f:84:35:fd:bd:e7:
         8b:c4:f6:b7:f9:47:41:4c:0d:87:bb:c9:d2:25:12:00:d5:db:
         4a:1c:76:33:cd:18:e2:9e:f7:9a:74:c9:b9:96:4b:89:74:e3:
         b9:2c:c4:a9:eb:75:d8:47:5c:26:6c:29:3d:cf:dd:2c:25:a7:
         86:25:64:73:6b:e9:32:36:79:2c:db:6a:c1:67:82:12:56:ba:
         0f:dd:04:f4:61:d2:4a:fd:04:8e:97:47:c6:72:51:04:fd:ae:
         b6:54:65:be:46:af:2e:ba:16:c6:1c:63:89:29:ab:c5:b5:4c:
         09:f8:31:cf:85:e8:97:ba:51:22:c4:e7:41:2f:4f:dc:95:52:
         2a:1b:ed:3e:f9:52:5f:75:29:be:97:50:49:f1:82:9e:92:29:
         52:61:18:90:29:4e:b4:f0:99:f4:ce:d2:db:64:f4:7c:98:81:
         16:0e:c9:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTNeHGna7ydUdTjH+2AkWZDBvpQwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDE1MTM5WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZWNlZjRmODI2NjJiMzM0Zjc2YWRlZDkwOWE3MTUxYTcy
ZmU0MTY2NDY3NDhjZTNlZGYyNWFmMDA0YjY1NzUxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/e6VFkJY+XsANK8xpWQSdQRv37kN2M+iX3g1HTrOpqS7b
ZgIU6m+tG2RJAF2ynrWXx4O7nqMNbb707PUmikfaVWzJ1vRZuPqerCb/fcSStc2a
NesRY7So5gcWS7k5yc2z0WcQ9C7tXKXREHuUfqSCfHfB97dipTpxhsaPogVHsUAW
alKyLUeiVcxS7RkNih52s4gRWD2uav7SzbcRkiPGfAlje6prk/WbYRYHbTvOvVAo
54j+1SkGaNBJGd6KeOD5QfbKE8V1fNnqeNfu5IUP3FpqVKzVCfTgV+mOcNfkphHe
Qmq+Cdf/5ZTHXj7Q0gqm+v1ORF/Hp9kBjWhA9eD3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUP1RsKqEVAaWzu63iQ+yaPBLDFm8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQyYjUyZTFjLTYxMjgtNDNkMy1hMjFiLWY0NWEwYWMxNTFhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMN+BAwDQYJKoZIhvcNAQELBQADggEBADMx56OT7CyYUqOEylXSbUc9e2Cm
0LjJWNbRkn05Uoa72Im8VzhZkKOqE2egOG4G4bM/0lCBRiTPsjXnd4UOZzAmLZCx
uLKfed8LwRFPi6U6EMNTcS+ENf2954vE9rf5R0FMDYe7ydIlEgDV20ocdjPNGOKe
95p0ybmWS4l047ksxKnrddhHXCZsKT3P3Swlp4YlZHNr6TI2eSzbasFnghJWug/d
BPRh0kr9BI6XR8ZyUQT9rrZUZb5Gry66FsYcY4kpq8W1TAn4Mc+F6Je6USLE50Ev
T9yVUiob7T75Ul91Kb6XUEnxgp6SKVJhGJApTrTwmfTO0ttk9HyYgRYOyes=
-----END CERTIFICATE-----