Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8ece0f2b-9572-4705-b673-7583881b70d8.roa
File:                     8ece0f2b-9572-4705-b673-7583881b70d8.roa (raw, json)
Hash identifier:          mS2xRGzEV2pP7zM9yentMJWq7ZLpiV1BrU+kEpPJqQQ=
Subject key identifier:   C0:B5:40:FB:E7:BB:98:A5:D3:69:1A:B4:57:3D:56:B4:94:48:52:45
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       56E8FD88520612AC96F80B7320129B0664CB4C85
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8ece0f2b-9572-4705-b673-7583881b70d8.roa
Signing time:             Tue 29 Jul 2025 17:31:23 +0000
ROA not before:           Tue 29 Jul 2025 17:31:23 +0000
ROA not after:            Tue 02 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.250.120.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:e8:fd:88:52:06:12:ac:96:f8:0b:73:20:12:9b:06:64:cb:4c:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jul 29 17:31:23 2025 GMT
            Not After : Sep  2 23:59:59 2025 GMT
        Subject: serialNumber=72c90ae82ae4f956842e14fdca7cd4805ddb6483b71f5e3b2ea8bcde7b162c42, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c6:f9:32:29:28:64:a7:a5:f9:f6:f0:5c:da:
                    d6:af:fb:f8:54:17:89:db:a7:8f:33:ff:b9:43:85:
                    f2:8e:67:71:da:f6:6e:74:79:9f:9f:82:b1:c6:9b:
                    58:a6:9c:eb:00:33:6c:0c:5f:01:46:97:64:47:dd:
                    c7:d8:10:5f:87:71:2b:53:d8:e5:f2:f1:fa:f4:b2:
                    e8:5e:56:a9:34:9c:e8:41:13:eb:b2:89:15:ac:c7:
                    df:fa:45:88:fa:1d:60:02:15:5b:6b:dd:8e:1f:73:
                    b1:b4:5d:33:ba:be:92:d7:17:47:07:55:9a:46:27:
                    03:ca:6d:f6:6e:9e:22:89:6b:20:f7:77:bc:9c:eb:
                    8b:21:df:c1:96:8c:99:11:ec:51:e2:c6:6b:aa:65:
                    b0:75:8c:71:6c:38:50:81:2c:b8:72:4b:06:c2:ea:
                    43:76:d6:ab:f8:7f:cb:84:83:b7:17:50:33:01:1b:
                    60:d1:e8:fe:6f:07:7a:7a:6d:98:26:a6:fb:dd:3b:
                    aa:16:03:7c:29:9e:0b:5d:8a:d5:d6:60:f1:19:d4:
                    e8:1c:da:f9:67:8a:aa:b9:bf:16:03:30:11:fe:70:
                    d5:f8:57:0e:4c:52:c6:1b:cb:41:f4:ac:23:9b:71:
                    70:d6:81:57:c1:e6:32:43:21:af:10:0a:78:3f:3f:
                    ec:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:B5:40:FB:E7:BB:98:A5:D3:69:1A:B4:57:3D:56:B4:94:48:52:45
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8ece0f2b-9572-4705-b673-7583881b70d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.250.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         05:b4:68:37:d3:43:1f:11:f9:b0:32:f6:e4:df:90:5f:da:b8:
         ea:ce:22:a6:2d:80:f3:53:2d:d0:82:55:be:d3:9a:64:0b:3b:
         6e:32:c5:51:c4:17:2b:26:23:b2:8c:35:0f:ae:ad:bb:2e:f9:
         a7:b8:64:69:54:6d:ac:f2:99:5d:16:c9:9a:53:b4:b2:e5:b0:
         82:b4:98:43:a3:51:7a:dc:ea:66:ba:ba:ce:5f:8f:23:33:a1:
         f7:b8:7e:84:e2:d0:7f:e2:36:07:a8:5b:1f:00:c8:93:0f:06:
         b1:53:26:01:66:7b:81:e6:75:40:2d:a2:2e:22:df:db:3a:ed:
         b3:1d:f5:74:14:31:cf:60:1b:a0:0c:0f:92:37:62:50:f3:a6:
         7a:4b:64:cd:66:b5:79:c4:f6:1a:73:db:96:be:1b:ec:33:e3:
         e1:70:52:07:7a:97:cc:2d:a4:8c:a8:08:88:26:00:a2:09:07:
         5d:71:46:17:c5:2f:cc:36:d9:aa:a6:60:99:cf:5b:5a:ec:59:
         63:23:22:f0:02:79:aa:08:0a:13:b7:c2:5b:bd:c0:fb:16:1e:
         57:48:41:0e:41:3e:d2:de:5d:9a:ca:c7:47:ce:3b:f8:06:f3:
         55:67:dc:26:16:35:54:7a:92:14:fc:9e:99:78:bc:ff:b9:63:
         b9:ca:4a:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVuj9iFIGEqyW+AtzIBKbBmTLTIUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNzI5MTczMTIzWhcNMjUwOTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MmM5MGFlODJhZTRmOTU2ODQyZTE0ZmRjYTdjZDQ4MDVk
ZGI2NDgzYjcxZjVlM2IyZWE4YmNkZTdiMTYyYzQyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvxvkyKShkp6X59vBc2tav+/hUF4nbp48z/7lDhfKOZ3Ha
9m50eZ+fgrHGm1imnOsAM2wMXwFGl2RH3cfYEF+HcStT2OXy8fr0suheVqk0nOhB
E+uyiRWsx9/6RYj6HWACFVtr3Y4fc7G0XTO6vpLXF0cHVZpGJwPKbfZuniKJayD3
d7yc64sh38GWjJkR7FHixmuqZbB1jHFsOFCBLLhySwbC6kN21qv4f8uEg7cXUDMB
G2DR6P5vB3p6bZgmpvvdO6oWA3wpngtditXWYPEZ1Ogc2vlniqq5vxYDMBH+cNX4
Vw5MUsYby0H0rCObcXDWgVfB5jJDIa8QCng/P+zhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwLVA++e7mKXTaRq0Vz1WtJRIUkUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhlY2UwZjJiLTk1NzItNDcwNS1iNjczLTc1ODM4ODFiNzBkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM2+ngwDQYJKoZIhvcNAQELBQADggEBAAW0aDfTQx8R+bAy9uTfkF/auOrO
IqYtgPNTLdCCVb7TmmQLO24yxVHEFysmI7KMNQ+urbsu+ae4ZGlUbazymV0WyZpT
tLLlsIK0mEOjUXrc6ma6us5fjyMzofe4foTi0H/iNgeoWx8AyJMPBrFTJgFme4Hm
dUAtoi4i39s67bMd9XQUMc9gG6AMD5I3YlDzpnpLZM1mtXnE9hpz25a+G+wz4+Fw
Ugd6l8wtpIyoCIgmAKIJB11xRhfFL8w22aqmYJnPW1rsWWMjIvACeaoIChO3wlu9
wPsWHldIQQ5BPtLeXZrKx0fOO/gG81Vn3CYWNVR6khT8npl4vP+5Y7nKSms=
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:52:29 2025 by rpki-client