Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5888e779-11a4-4577-8042-8d5d09efae41.roa
File:                     5888e779-11a4-4577-8042-8d5d09efae41.roa (raw, json)
Hash identifier:          rdl7YGVeVKLyoLkXmJJaJJW7cLuFfrGIBps6DOxpd3g=
Subject key identifier:   16:39:18:53:F3:E0:CA:41:97:57:07:F0:F7:02:6F:1F:1B:5D:86:4E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2A2AC88651F7D7DE016831D4324212D3D2EC5928
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5888e779-11a4-4577-8042-8d5d09efae41.roa
Signing time:             Thu 16 Oct 2025 15:58:07 +0000
ROA not before:           Thu 16 Oct 2025 15:58:07 +0000
ROA not after:            Thu 20 Nov 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.68.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:2a:c8:86:51:f7:d7:de:01:68:31:d4:32:42:12:d3:d2:ec:59:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Oct 16 15:58:07 2025 GMT
            Not After : Nov 20 23:59:59 2025 GMT
        Subject: serialNumber=3dc32fc0d8662ff7c6167c6ada3b8bed670b5de6568feb833b35f4feb5a8b07e, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:92:5a:82:74:68:e9:e2:6c:0b:b2:a5:0b:24:
                    b0:36:d0:32:04:8b:31:29:25:c9:b5:e0:8f:16:dd:
                    46:ad:7c:a8:2f:6d:b0:da:c5:2f:b3:d8:f1:fb:d8:
                    f3:0c:56:b0:17:89:85:b1:71:a4:5b:d3:43:26:d0:
                    7e:08:36:e6:c5:ab:9f:ec:92:67:3b:4c:fc:53:9f:
                    b8:15:29:8d:75:6f:68:42:7d:cf:ea:8b:39:77:e0:
                    4d:0d:11:93:20:1c:87:bd:50:db:7f:c5:b8:52:99:
                    0c:91:6c:fd:ae:3d:5f:8a:64:4d:0c:9d:42:6c:51:
                    e4:f9:68:5c:d4:2e:fb:2e:52:31:09:ea:19:fc:55:
                    3c:43:55:18:c1:85:f9:b1:67:42:19:c4:13:1d:3b:
                    cb:8a:0e:f8:63:de:f5:54:c7:62:00:ba:2a:3f:90:
                    10:17:d3:40:00:6d:2d:ac:91:ec:0f:38:4a:ce:e3:
                    16:ea:dd:5e:93:11:aa:de:0d:5a:36:27:f1:5b:49:
                    5c:b9:ba:19:8d:ee:52:f4:5c:c5:7b:35:07:cb:37:
                    c5:15:71:42:e4:24:f3:f6:29:23:74:0c:c9:53:d9:
                    89:25:c1:0d:0b:0c:ba:20:dc:b2:c5:02:a3:b3:28:
                    8e:fa:8a:7a:60:14:52:36:eb:f0:73:18:d1:e5:2a:
                    3d:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:39:18:53:F3:E0:CA:41:97:57:07:F0:F7:02:6F:1F:1B:5D:86:4E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5888e779-11a4-4577-8042-8d5d09efae41.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.68.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:b7:c4:2a:78:be:af:09:db:fd:5e:f5:b3:4e:f2:9d:b2:95:
         43:0a:3e:57:d6:81:1f:ff:fc:f1:6a:5f:5b:a0:47:fd:de:aa:
         a6:64:f4:70:ce:0d:db:07:53:b2:3a:74:7e:ac:be:7b:ae:28:
         7a:b5:81:dd:81:b6:8d:a7:9d:38:03:d2:fa:38:23:d6:bd:11:
         6b:fd:32:42:60:49:2b:f8:2d:fb:c8:a1:b8:1d:07:f2:6d:cd:
         bf:58:d3:bf:fa:a7:e0:7c:ab:0c:fe:66:80:93:e7:a8:3b:49:
         bc:2d:a1:f4:2c:36:0c:7b:27:64:67:09:a7:e1:e7:4c:8a:f1:
         ff:67:5c:f0:36:cf:bf:b4:9f:8d:d0:f4:20:c9:39:d4:06:f1:
         5a:6f:ac:b6:f4:9b:86:31:aa:cc:9f:5a:83:b3:57:88:45:d0:
         12:dc:12:3b:2c:01:3e:7e:49:77:63:55:db:b3:00:dc:53:ec:
         12:53:51:e0:c8:ef:dc:b3:5f:0a:6e:4e:12:6f:cf:2d:e6:aa:
         d6:95:26:71:13:96:f0:c3:0b:da:ac:a7:e5:2d:53:e0:3e:fd:
         90:89:b0:51:45:f3:56:96:45:d4:3e:8c:12:da:d7:30:d2:98:
         8b:52:50:5d:9f:6e:74:ce:8b:8a:7d:8b:03:6b:92:36:96:00:
         87:b1:7d:53
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKirIhlH3194BaDHUMkIS09LsWSgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMDE2MTU1ODA3WhcNMjUxMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZGMzMmZjMGQ4NjYyZmY3YzYxNjdjNmFkYTNiOGJlZDY3
MGI1ZGU2NTY4ZmViODMzYjM1ZjRmZWI1YThiMDdlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUklqCdGjp4mwLsqULJLA20DIEizEpJcm14I8W3UatfKgv
bbDaxS+z2PH72PMMVrAXiYWxcaRb00Mm0H4INubFq5/skmc7TPxTn7gVKY11b2hC
fc/qizl34E0NEZMgHIe9UNt/xbhSmQyRbP2uPV+KZE0MnUJsUeT5aFzULvsuUjEJ
6hn8VTxDVRjBhfmxZ0IZxBMdO8uKDvhj3vVUx2IAuio/kBAX00AAbS2skewPOErO
4xbq3V6TEareDVo2J/FbSVy5uhmN7lL0XMV7NQfLN8UVcULkJPP2KSN0DMlT2Ykl
wQ0LDLog3LLFAqOzKI76inpgFFI26/BzGNHlKj3PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFjkYU/PgykGXVwfw9wJvHxtdhk4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU4ODhlNzc5LTExYTQtNDU3Ny04MDQyLThkNWQwOWVmYWU0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASRF4wDQYJKoZIhvcNAQELBQADggEBAKK3xCp4vq8J2/1e9bNO8p2ylUMK
PlfWgR///PFqX1ugR/3eqqZk9HDODdsHU7I6dH6svnuuKHq1gd2Bto2nnTgD0vo4
I9a9EWv9MkJgSSv4LfvIobgdB/Jtzb9Y07/6p+B8qwz+ZoCT56g7SbwtofQsNgx7
J2RnCafh50yK8f9nXPA2z7+0n43Q9CDJOdQG8VpvrLb0m4YxqsyfWoOzV4hF0BLc
EjssAT5+SXdjVduzANxT7BJTUeDI79yzXwpuThJvzy3mqtaVJnETlvDDC9qsp+Ut
U+A+/ZCJsFFF81aWRdQ+jBLa1zDSmItSUF2fbnTOi4p9iwNrkjaWAIexfVM=
-----END CERTIFICATE-----