Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/55c57b25-f10f-4173-969b-c60f367e5ee0.roa
File:                     55c57b25-f10f-4173-969b-c60f367e5ee0.roa (raw, json)
Hash identifier:          qHrGeMAd0+IeOSwQ470ofB5ttW51NGpYAyAbSb0uryM=
Subject key identifier:   B4:A0:15:FF:66:62:30:1E:55:26:03:47:C6:60:17:C2:A9:94:88:1F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       638A6506903461C96D2587481D2A40F2F9D90C0B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/55c57b25-f10f-4173-969b-c60f367e5ee0.roa
Signing time:             Fri 25 Jul 2025 16:30:11 +0000
ROA not before:           Fri 25 Jul 2025 16:30:11 +0000
ROA not after:            Fri 29 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.210.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:8a:65:06:90:34:61:c9:6d:25:87:48:1d:2a:40:f2:f9:d9:0c:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 25 16:30:11 2025 GMT
            Not After : Aug 29 23:59:59 2025 GMT
        Subject: serialNumber=89b140aadaafbc3f20b6d6f498893d2ea7dd1d012e7e929ad899026f7bbcfd66, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:31:b9:02:a6:28:cd:7d:fe:6e:47:23:3d:62:
                    39:be:b6:e0:0a:78:80:8a:0b:8b:9a:4b:9f:45:7a:
                    87:19:25:61:7b:21:34:fa:da:fa:92:1c:61:84:53:
                    d6:fe:8b:b6:72:e2:9a:83:26:30:aa:8f:99:1e:af:
                    b3:af:62:a2:a4:9e:4a:c8:88:e4:00:80:85:68:ce:
                    af:f2:ee:0b:ca:a1:5e:b2:d3:3e:66:ab:e6:c1:27:
                    9c:3d:62:9e:e9:2c:13:b2:3a:a6:f1:28:7f:a3:10:
                    f7:9d:59:b2:09:18:48:67:d1:5f:b2:ec:33:55:c7:
                    4f:ee:24:ff:d1:f4:94:78:cb:6e:32:e6:f5:ee:ef:
                    fe:18:ce:1a:44:73:32:06:b4:37:db:98:75:cc:62:
                    d4:e0:df:26:3d:d8:e7:1a:be:e2:bf:06:4e:20:62:
                    0f:4e:77:c5:84:8a:d3:44:26:c3:c9:97:48:b9:ee:
                    c2:29:48:53:6e:81:60:04:76:e4:bd:c8:28:ec:07:
                    cd:13:3b:a4:09:65:25:e6:ca:7e:50:e3:e1:12:24:
                    ac:4a:7e:dc:8b:70:2e:42:ee:95:43:b4:9a:34:51:
                    b8:73:ef:3c:fc:86:bb:35:43:94:b8:6d:b0:3c:c1:
                    6f:77:4a:e5:d8:5c:0e:1c:e2:6a:cc:a6:45:38:49:
                    5c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:A0:15:FF:66:62:30:1E:55:26:03:47:C6:60:17:C2:A9:94:88:1F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/55c57b25-f10f-4173-969b-c60f367e5ee0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.210.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         36:a5:16:fe:60:08:ae:58:48:df:da:8b:b5:1e:7b:2a:b8:f1:
         24:d4:01:d9:5e:1d:8e:f7:97:8e:c1:d2:70:e7:05:20:ff:b4:
         81:4a:34:06:44:69:fe:58:bc:63:cb:de:f2:3f:ee:e8:4e:b9:
         de:d6:77:ba:5d:cf:6d:72:d7:e5:bc:f6:3c:d5:25:c9:3c:50:
         26:7f:5f:dd:4b:97:31:57:14:1f:76:eb:08:0e:49:92:10:b3:
         2f:50:97:07:f8:18:41:3c:38:2a:b3:8c:6a:eb:6b:fe:5e:2c:
         ac:b4:12:64:71:92:d0:76:3d:c7:77:33:82:97:f0:39:02:e8:
         5b:48:1c:e4:d1:dd:c3:88:02:00:a5:b4:8b:7f:ef:37:17:33:
         08:cd:a9:7b:59:94:3d:ba:73:d4:d3:f0:e2:bf:00:93:e3:3d:
         5a:c4:a2:b6:27:75:80:25:cc:66:fb:1c:43:0f:8c:3b:a3:cc:
         ab:45:d3:1f:ba:94:da:fb:58:0b:38:98:7e:f7:1e:cd:86:31:
         c5:ae:fc:7e:1e:9e:99:27:81:6e:a9:b9:6a:68:62:17:91:d1:
         93:78:23:93:6d:08:ed:e7:9f:b4:e1:d9:82:67:9f:f8:8e:75:
         54:b8:f8:a5:5a:b6:f1:00:e9:7e:e7:aa:69:dc:46:72:50:db:
         09:be:bb:90
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY4plBpA0YcltJYdIHSpA8vnZDAswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI1MTYzMDExWhcNMjUwODI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OWIxNDBhYWRhYWZiYzNmMjBiNmQ2ZjQ5ODg5M2QyZWE3
ZGQxZDAxMmU3ZTkyOWFkODk5MDI2ZjdiYmNmZDY2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTMbkCpijNff5uRyM9Yjm+tuAKeICKC4uaS59FeocZJWF7
ITT62vqSHGGEU9b+i7Zy4pqDJjCqj5ker7OvYqKknkrIiOQAgIVozq/y7gvKoV6y
0z5mq+bBJ5w9Yp7pLBOyOqbxKH+jEPedWbIJGEhn0V+y7DNVx0/uJP/R9JR4y24y
5vXu7/4YzhpEczIGtDfbmHXMYtTg3yY92OcavuK/Bk4gYg9Od8WEitNEJsPJl0i5
7sIpSFNugWAEduS9yCjsB80TO6QJZSXmyn5Q4+ESJKxKftyLcC5C7pVDtJo0Ubhz
7zz8hrs1Q5S4bbA8wW93SuXYXA4c4mrMpkU4SVwTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUtKAV/2ZiMB5VJgNHxmAXwqmUiB8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU1YzU3YjI1LWYxMGYtNDE3My05NjliLWM2MGYzNjdlNWVlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE20jANBgkqhkiG9w0BAQsFAAOCAQEANqUW/mAIrlhI39qLtR57KrjxJNQB
2V4djveXjsHScOcFIP+0gUo0BkRp/li8Y8ve8j/u6E653tZ3ul3PbXLX5bz2PNUl
yTxQJn9f3UuXMVcUH3brCA5JkhCzL1CXB/gYQTw4KrOMautr/l4srLQSZHGS0HY9
x3czgpfwOQLoW0gc5NHdw4gCAKW0i3/vNxczCM2pe1mUPbpz1NPw4r8Ak+M9WsSi
tid1gCXMZvscQw+MO6PMq0XTH7qU2vtYCziYfvcezYYxxa78fh6emSeBbqm5amhi
F5HRk3gjk20I7eeftOHZgmef+I51VLj4pVq28QDpfueqadxGclDbCb67kA==
-----END CERTIFICATE-----