Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a5792df6-bc33-4cc8-9de5-962486acb935.roa
File:                     a5792df6-bc33-4cc8-9de5-962486acb935.roa (raw, json)
Hash identifier:          cfokDq0f5mi/1Aham6b3XjHChFNr+TAM7kMeL4NG9TQ=
Subject key identifier:   7D:36:40:54:E0:02:8B:DD:D6:A7:79:BE:2F:53:79:1C:8B:70:78:6F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5DDE6EDEC8676F93189922133A272838F8C2564F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a5792df6-bc33-4cc8-9de5-962486acb935.roa
Signing time:             Thu 02 Apr 2026 00:00:11 +0000
ROA not before:           Thu 02 Apr 2026 00:00:11 +0000
ROA not after:            Wed 01 Jul 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        3.5.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Apr 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:de:6e:de:c8:67:6f:93:18:99:22:13:3a:27:28:38:f8:c2:56:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Apr  2 00:00:11 2026 GMT
            Not After : Jul  1 23:59:59 2026 GMT
        Subject: serialNumber=22d2086418778efc6c1f2dc2b5e5ac4edf7d84fe0331bec6b7729a3700c387b8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:80:9a:c8:b5:6b:32:31:5f:5a:84:2a:66:96:
                    4d:ad:26:c5:bf:e6:20:12:36:95:f2:5c:81:38:a7:
                    4d:83:06:b2:dd:37:01:74:ba:0a:b7:72:5d:b8:fd:
                    0b:b3:0e:51:70:15:b2:fc:b3:0a:fa:0e:1b:29:5a:
                    e5:67:e4:e9:11:2a:be:f9:66:ca:eb:c0:e9:c2:3d:
                    70:81:61:18:d4:76:be:ec:68:3b:03:16:0b:86:ca:
                    b2:ee:d6:fd:e5:0b:c6:87:00:ba:d6:53:e6:07:db:
                    d9:7c:67:69:a4:21:6c:17:31:70:93:43:a9:16:1f:
                    ac:3b:6a:20:70:de:36:27:d7:67:d7:bd:36:ab:02:
                    db:d6:9d:03:72:6a:44:c7:ae:47:97:51:03:db:db:
                    eb:13:1e:12:60:0d:b7:e3:3e:75:72:42:ac:89:82:
                    31:da:c0:d5:d4:4e:2b:ea:96:c9:a5:66:08:c8:3e:
                    20:9d:af:48:ad:e4:78:b9:e4:2f:03:18:43:b9:fa:
                    a3:60:7e:0d:4c:2e:77:b8:87:ff:6e:c8:39:0a:cd:
                    4c:9d:b2:ec:f2:86:6b:43:65:53:f6:1b:a7:25:65:
                    e3:f5:a1:e2:fa:3b:13:71:d3:97:1f:41:66:4a:f6:
                    ed:a3:41:ce:1d:7c:f9:88:0e:9d:9e:18:b3:3d:1f:
                    d6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:36:40:54:E0:02:8B:DD:D6:A7:79:BE:2F:53:79:1C:8B:70:78:6F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a5792df6-bc33-4cc8-9de5-962486acb935.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.5.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:4d:fd:aa:ad:ce:4c:85:28:10:8a:ed:81:73:16:6e:a9:3f:
         80:8c:78:7f:70:8c:16:1c:30:10:8b:de:79:a5:d4:00:40:ab:
         31:e5:9c:aa:d5:90:7a:4b:52:c0:f4:db:d8:d0:64:0a:d3:15:
         01:22:7f:23:a3:0a:ec:6f:6e:87:17:ea:e6:f0:0a:ab:11:93:
         36:0b:cd:91:64:89:e4:a1:e1:ca:d4:0a:dc:dd:e0:61:c5:63:
         ed:69:ad:2e:bb:de:8c:55:9d:21:74:03:48:9d:b8:22:16:21:
         13:6f:b3:95:d1:6e:06:4a:1e:5d:28:26:2c:de:1b:83:b5:b4:
         e5:08:a1:09:76:d1:f5:aa:e0:fa:22:14:1e:39:2e:bb:3a:b7:
         81:cc:74:12:d3:18:91:20:c9:ec:0c:8a:0d:6a:21:e1:2d:e0:
         65:bc:ce:b6:33:f7:19:46:be:46:6c:bf:7a:fe:31:47:eb:dc:
         78:aa:28:fd:b6:78:1c:2c:3f:26:19:24:77:96:79:21:2d:26:
         62:25:42:b7:87:30:61:51:00:57:c5:9b:2f:9e:70:eb:e9:fb:
         5b:7d:7d:94:24:ea:71:13:fb:ac:39:af:6d:32:ce:45:1d:54:
         01:3a:0a:25:40:98:c1:bf:66:23:7e:bb:e5:c9:ee:53:46:b5:
         42:3e:b6:7a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXd5u3shnb5MYmSITOicoOPjCVk8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNDAyMDAwMDExWhcNMjYwNzAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMmQyMDg2NDE4Nzc4ZWZjNmMxZjJkYzJiNWU1YWM0ZWRm
N2Q4NGZlMDMzMWJlYzZiNzcyOWEzNzAwYzM4N2I4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSgJrItWsyMV9ahCpmlk2tJsW/5iASNpXyXIE4p02DBrLd
NwF0ugq3cl24/QuzDlFwFbL8swr6DhspWuVn5OkRKr75ZsrrwOnCPXCBYRjUdr7s
aDsDFguGyrLu1v3lC8aHALrWU+YH29l8Z2mkIWwXMXCTQ6kWH6w7aiBw3jYn12fX
vTarAtvWnQNyakTHrkeXUQPb2+sTHhJgDbfjPnVyQqyJgjHawNXUTivqlsmlZgjI
PiCdr0it5Hi55C8DGEO5+qNgfg1MLne4h/9uyDkKzUydsuzyhmtDZVP2G6clZeP1
oeL6OxNx05cfQWZK9u2jQc4dfPmIDp2eGLM9H9ZXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfTZAVOACi93Wp3m+L1N5HItweG8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E1NzkyZGY2LWJjMzMtNGNjOC05ZGU1LTk2MjQ4NmFjYjkzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAADBXowDQYJKoZIhvcNAQELBQADggEBAJlN/aqtzkyFKBCK7YFzFm6pP4CM
eH9wjBYcMBCL3nml1ABAqzHlnKrVkHpLUsD029jQZArTFQEifyOjCuxvbocX6ubw
CqsRkzYLzZFkieSh4crUCtzd4GHFY+1prS673oxVnSF0A0iduCIWIRNvs5XRbgZK
Hl0oJizeG4O1tOUIoQl20fWq4PoiFB45Lrs6t4HMdBLTGJEgyewMig1qIeEt4GW8
zrYz9xlGvkZsv3r+MUfr3HiqKP22eBwsPyYZJHeWeSEtJmIlQreHMGFRAFfFmy+e
cOvp+1t9fZQk6nET+6w5r20yzkUdVAE6CiVAmMG/ZiN+u+XJ7lNGtUI+tno=
-----END CERTIFICATE-----