Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5f5ec269-4223-4a97-9c74-2227dc1f1b15.roa
File:                     5f5ec269-4223-4a97-9c74-2227dc1f1b15.roa (raw, json)
Hash identifier:          nofH6T7o/dIl/UePXDlWpKmPUePNj0B3K0QsiYGh0+c=
Subject key identifier:   9F:4B:E6:96:64:45:61:68:0A:FE:89:95:36:B3:3F:51:18:06:E3:D3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4A1F7482D6C7FC2B67159FBE018FDE7C42DCE871
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5f5ec269-4223-4a97-9c74-2227dc1f1b15.roa
Signing time:             Sat 28 Feb 2026 03:10:54 +0000
ROA not before:           Sat 28 Feb 2026 03:10:54 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        18.70.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:1f:74:82:d6:c7:fc:2b:67:15:9f:be:01:8f:de:7c:42:dc:e8:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 03:10:54 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=6e1bbe475587e801410464271d681b7c9fb9772727dbeff88d5867efed59c571, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e1:a1:8e:a6:05:3d:69:9d:fe:e2:b8:c9:da:
                    bc:25:54:14:bc:02:08:f6:f2:b7:ff:9a:2f:69:94:
                    bd:29:05:2a:b8:0a:39:27:19:4a:d2:bc:37:1b:ff:
                    9d:54:f1:37:50:30:5d:92:62:bf:e6:d1:56:a3:b1:
                    4e:db:c1:b5:91:f8:46:11:7d:33:4a:8a:6e:a5:69:
                    e9:62:7b:72:98:77:98:27:a7:86:1f:0f:c3:5e:1b:
                    10:09:67:6f:26:0a:e9:1f:b0:c1:f4:b1:9b:1e:a7:
                    cc:3d:d6:cd:24:27:43:2d:8e:2c:f8:5b:f7:a9:2b:
                    9f:1b:f1:c1:5a:7c:cd:88:8f:5d:be:d2:c3:fd:63:
                    b9:15:85:99:bc:0a:81:4a:2b:be:dc:f9:cb:09:4c:
                    c3:b3:35:8c:7e:78:83:3e:ac:98:74:95:01:b1:05:
                    f1:59:e2:d6:91:72:7f:b9:3f:e6:c9:8f:f7:16:fe:
                    e7:3b:2b:b1:15:bd:57:06:10:b6:ac:2b:ba:a4:22:
                    b9:db:f4:9e:9d:33:36:2e:9e:bc:ca:b9:30:5c:65:
                    f2:c7:6b:d2:8b:17:81:69:9a:50:48:5f:da:eb:87:
                    77:94:b0:aa:37:b7:13:21:11:21:72:08:09:2e:b8:
                    cc:3f:1e:a4:8d:15:3c:bc:1e:d9:25:b9:ac:b9:a2:
                    a0:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:4B:E6:96:64:45:61:68:0A:FE:89:95:36:B3:3F:51:18:06:E3:D3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5f5ec269-4223-4a97-9c74-2227dc1f1b15.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.70.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         65:07:2f:13:04:da:a3:3a:4a:98:71:3b:ce:ef:36:81:e5:da:
         16:4b:99:d8:84:3e:d3:3d:6f:00:bd:73:57:50:f7:1e:7d:84:
         b0:8c:79:ec:1f:42:fe:fd:8d:1a:d2:ee:aa:89:c6:a9:8d:62:
         68:74:7a:07:36:e4:9a:49:b0:37:80:7a:17:b6:ba:f7:39:3b:
         ea:10:ff:83:79:40:d1:53:66:20:d5:ce:b2:17:19:84:ca:3f:
         9c:1a:78:d3:79:43:eb:98:93:27:bd:2a:ef:2f:bb:a0:84:ec:
         7a:06:35:e5:d2:a5:67:f4:1b:df:8b:52:08:33:2e:75:47:95:
         35:8d:54:fd:79:32:28:d6:f2:4a:73:64:47:6c:af:60:4e:4d:
         a8:8d:02:12:28:01:1e:62:a5:20:88:f3:fc:c0:99:8d:1d:42:
         81:8e:eb:11:bc:51:65:56:97:2e:88:89:40:2d:ff:04:83:e7:
         4d:e7:ef:56:a4:cf:88:e7:bc:b4:fb:86:32:4b:cb:85:1f:95:
         fd:56:24:f4:e5:1f:d6:d5:ac:10:e3:b3:05:e7:ab:c6:92:45:
         8a:16:7f:c7:dc:b0:5d:8c:cf:95:e7:32:d2:50:99:9e:9f:c0:
         eb:fa:d6:52:2e:ac:67:c6:52:57:3f:f5:b6:84:78:6d:12:66:
         02:bb:ce:ac
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSh90gtbH/CtnFZ++AY/efELc6HEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDMxMDU0WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZTFiYmU0NzU1ODdlODAxNDEwNDY0MjcxZDY4MWI3Yzlm
Yjk3NzI3MjdkYmVmZjg4ZDU4NjdlZmVkNTljNTcxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDE4aGOpgU9aZ3+4rjJ2rwlVBS8Agj28rf/mi9plL0pBSq4
CjknGUrSvDcb/51U8TdQMF2SYr/m0VajsU7bwbWR+EYRfTNKim6laelie3KYd5gn
p4YfD8NeGxAJZ28mCukfsMH0sZsep8w91s0kJ0Mtjiz4W/epK58b8cFafM2Ij12+
0sP9Y7kVhZm8CoFKK77c+csJTMOzNYx+eIM+rJh0lQGxBfFZ4taRcn+5P+bJj/cW
/uc7K7EVvVcGELasK7qkIrnb9J6dMzYunrzKuTBcZfLHa9KLF4FpmlBIX9rrh3eU
sKo3txMhESFyCAkuuMw/HqSNFTy8Htkluay5oqBhAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUn0vmlmRFYWgK/omVNrM/URgG49MwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzVmNWVjMjY5LTQyMjMtNGE5Ny05Yzc0LTIyMjdkYzFmMWIxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwESRjANBgkqhkiG9w0BAQsFAAOCAQEAZQcvEwTaozpKmHE7zu82geXaFkuZ
2IQ+0z1vAL1zV1D3Hn2EsIx57B9C/v2NGtLuqonGqY1iaHR6BzbkmkmwN4B6F7a6
9zk76hD/g3lA0VNmINXOshcZhMo/nBp403lD65iTJ70q7y+7oITsegY15dKlZ/Qb
34tSCDMudUeVNY1U/XkyKNbySnNkR2yvYE5NqI0CEigBHmKlIIjz/MCZjR1CgY7r
EbxRZVaXLoiJQC3/BIPnTefvVqTPiOe8tPuGMkvLhR+V/VYk9OUf1tWsEOOzBeer
xpJFihZ/x9ywXYzPlecy0lCZnp/A6/rWUi6sZ8ZSVz/1toR4bRJmArvOrA==
-----END CERTIFICATE-----