Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5509b865-3941-4094-bf73-1b07caf81ab7.roa
File:                     5509b865-3941-4094-bf73-1b07caf81ab7.roa (raw, json)
Hash identifier:          M1Gu7ZlM/0vQXWSn1oLZuM/VLSmSL2gjsKqhQUvrnPo=
Subject key identifier:   52:AD:50:E3:91:98:2B:8B:C1:72:EB:EF:15:5B:63:DF:E1:FC:84:A1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       02A0FBF434E502CAD230A0D9A7B43A13CCDDDFF7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5509b865-3941-4094-bf73-1b07caf81ab7.roa
Signing time:             Tue 21 Oct 2025 08:22:28 +0000
ROA not before:           Tue 21 Oct 2025 08:22:28 +0000
ROA not after:            Tue 25 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.66.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:a0:fb:f4:34:e5:02:ca:d2:30:a0:d9:a7:b4:3a:13:cc:dd:df:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 21 08:22:28 2025 GMT
            Not After : Nov 25 23:59:59 2025 GMT
        Subject: serialNumber=980b627f6f2de3b7a4fd051fb88ce61d819720fd5310783c5432852223ca0b69, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:40:ec:2a:d9:26:38:78:53:79:c6:3e:4f:1f:
                    a2:7a:29:d8:3e:1c:f5:8c:95:7f:e2:85:0f:34:cb:
                    30:d6:eb:5b:7c:e1:3a:b7:89:70:48:50:c5:63:e7:
                    a2:18:f2:94:59:00:22:0c:52:31:ad:ce:ca:82:85:
                    fa:57:b9:e0:84:ad:d1:f5:29:08:4a:14:8d:c0:d1:
                    ac:f7:a3:6f:9d:58:6d:ef:ec:41:e6:51:ad:ba:a0:
                    66:37:74:96:5f:92:80:cd:92:1a:44:7f:d0:3d:05:
                    68:ac:db:60:a5:f7:03:94:01:fd:1c:bb:e7:5d:72:
                    94:a8:aa:72:56:ec:97:c4:aa:58:41:4a:f1:da:7d:
                    73:6a:09:64:bf:42:3e:91:19:87:5a:38:72:50:32:
                    11:f7:04:03:4f:9b:76:d2:89:9e:30:85:17:f9:54:
                    25:fa:b9:a0:f7:f1:3f:d9:85:d9:9e:9c:ea:1a:e2:
                    54:bb:cd:21:04:ab:6d:c9:f5:18:bc:0f:75:06:cb:
                    6c:3f:56:1f:d9:ac:02:6a:84:41:e8:69:b8:fb:a6:
                    2e:e7:20:cb:ef:83:b3:7c:c2:52:d1:0a:1f:7d:8a:
                    54:e6:b2:59:bf:ba:1c:2e:af:cf:a2:0f:8d:c1:ba:
                    5f:9c:a0:47:97:30:b3:19:84:4d:25:3d:03:e6:1f:
                    93:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:AD:50:E3:91:98:2B:8B:C1:72:EB:EF:15:5B:63:DF:E1:FC:84:A1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5509b865-3941-4094-bf73-1b07caf81ab7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.66.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         98:c6:74:3d:6f:37:dc:0d:76:95:29:a0:0c:2d:6c:1b:8f:43:
         03:21:25:d8:76:12:33:a8:b1:1d:f0:9a:b1:81:b3:94:a7:69:
         c3:3b:b8:b0:36:5a:8c:02:34:8b:84:55:af:2c:6d:29:6f:1f:
         7c:14:4e:34:a2:b3:07:ae:ec:8f:66:1d:e4:12:81:85:c2:cc:
         52:f9:e7:e9:f8:07:4f:18:6e:e1:7c:d9:0a:30:79:0d:80:89:
         66:87:a6:c0:a6:64:74:c3:fd:f3:ae:ba:a8:e7:0b:d7:6b:5a:
         16:6a:0e:3a:b0:ae:20:93:7b:01:28:ee:06:bf:dd:0c:e8:a9:
         17:2c:11:77:3e:d5:71:47:68:50:30:6d:46:80:56:32:30:a1:
         85:ae:29:6c:33:9a:9d:02:b0:87:77:60:cc:b4:08:32:86:2e:
         56:c5:cc:35:33:55:ad:82:de:11:a6:93:cf:92:d7:3e:aa:bf:
         eb:6c:c9:49:81:1f:82:3c:34:4a:bc:d6:76:2c:b7:91:90:8c:
         dc:31:0f:f6:8b:95:2c:50:b8:62:8d:c3:49:6c:21:ce:fc:51:
         6f:5c:4e:f4:58:ea:42:66:df:1f:11:4b:69:1a:1d:4c:57:eb:
         f8:ad:c9:ff:e0:16:72:4b:04:65:9d:c4:d9:93:cb:84:e0:64:
         21:2d:cd:a0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAqD79DTlAsrSMKDZp7Q6E8zd3/cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDIxMDgyMjI4WhcNMjUxMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ODBiNjI3ZjZmMmRlM2I3YTRmZDA1MWZiODhjZTYxZDgx
OTcyMGZkNTMxMDc4M2M1NDMyODUyMjIzY2EwYjY5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOQOwq2SY4eFN5xj5PH6J6Kdg+HPWMlX/ihQ80yzDW61t8
4Tq3iXBIUMVj56IY8pRZACIMUjGtzsqChfpXueCErdH1KQhKFI3A0az3o2+dWG3v
7EHmUa26oGY3dJZfkoDNkhpEf9A9BWis22Cl9wOUAf0cu+ddcpSoqnJW7JfEqlhB
SvHafXNqCWS/Qj6RGYdaOHJQMhH3BANPm3bSiZ4whRf5VCX6uaD38T/ZhdmenOoa
4lS7zSEEq23J9Ri8D3UGy2w/Vh/ZrAJqhEHoabj7pi7nIMvvg7N8wlLRCh99ilTm
slm/uhwur8+iD43Bul+coEeXMLMZhE0lPQPmH5MpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUq1Q45GYK4vBcuvvFVtj3+H8hKEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU1MDliODY1LTM5NDEtNDA5NC1iZjczLTFiMDdjYWY4MWFiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2QgAwDQYJKoZIhvcNAQELBQADggEBAJjGdD1vN9wNdpUpoAwtbBuPQwMh
Jdh2EjOosR3wmrGBs5SnacM7uLA2WowCNIuEVa8sbSlvH3wUTjSisweu7I9mHeQS
gYXCzFL55+n4B08YbuF82QoweQ2AiWaHpsCmZHTD/fOuuqjnC9drWhZqDjqwriCT
ewEo7ga/3QzoqRcsEXc+1XFHaFAwbUaAVjIwoYWuKWwzmp0CsId3YMy0CDKGLlbF
zDUzVa2C3hGmk8+S1z6qv+tsyUmBH4I8NEq81nYst5GQjNwxD/aLlSxQuGKNw0ls
Ic78UW9cTvRY6kJm3x8RS2kaHUxX6/ityf/gFnJLBGWdxNmTy4TgZCEtzaA=
-----END CERTIFICATE-----
Generated at Wed Nov 5 12:16:27 2025 by rpki-client