Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ac628f17-781f-4720-8271-a0909d8a8f04.roa
File:                     ac628f17-781f-4720-8271-a0909d8a8f04.roa (raw, json)
Hash identifier:          bL+bIEcIUVnwjNxladNDqx2p3YfS5ZPB0ZO2kkt1YDw=
Subject key identifier:   95:FD:1F:A6:FE:62:55:61:0D:A6:33:35:20:F8:88:94:B3:1D:6A:BF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2FD1266542D16B871A5363A17932DAD21492769F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ac628f17-781f-4720-8271-a0909d8a8f04.roa
Signing time:             Mon 04 Aug 2025 18:01:04 +0000
ROA not before:           Mon 04 Aug 2025 18:01:04 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.41.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:d1:26:65:42:d1:6b:87:1a:53:63:a1:79:32:da:d2:14:92:76:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Aug  4 18:01:04 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=57aa6708392f75c44c851129410b2bd6272ac50fbe965705d4b9185db69ee048, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:bc:c7:5a:84:ec:81:13:a3:14:82:1c:4f:d0:
                    15:52:ee:64:b4:97:a9:51:cd:f0:e9:3c:16:f7:4c:
                    fe:2f:5a:3b:a5:40:7b:26:4b:cd:dc:37:b9:da:e0:
                    4a:e5:75:e7:48:43:ff:fc:5e:f3:d5:77:0c:a7:e4:
                    42:a4:7a:8a:a1:3f:53:23:01:39:1d:96:0e:38:a7:
                    76:12:1e:c1:2e:e9:07:4d:d9:ec:0a:d9:ba:70:46:
                    fb:ac:33:ce:de:81:b4:f6:b0:94:0e:c8:54:e2:64:
                    a1:32:f7:a4:40:c8:b4:72:42:22:08:0f:5b:2b:62:
                    75:e3:46:ab:3c:f4:e9:52:88:fc:8d:3a:37:d6:30:
                    83:67:3f:2c:99:fb:7a:ab:ca:d0:dc:de:d4:f1:8c:
                    f0:df:83:6c:cb:e3:14:c9:2c:69:b3:f3:14:73:20:
                    18:59:fc:b8:fa:77:91:65:a8:f4:2e:af:57:6b:65:
                    40:5d:5b:3e:5a:5f:0e:62:81:50:82:59:22:8b:b9:
                    87:fd:a0:bb:8d:1a:d0:4f:7e:e4:47:e5:b3:ee:3c:
                    1c:d2:a3:4f:38:3a:31:97:e8:35:f7:0a:4c:df:9b:
                    61:19:ad:d9:96:8f:b8:1a:b1:a9:e0:3a:b5:5f:a7:
                    1a:cd:c4:f4:54:ac:27:af:c9:d0:90:18:46:e6:25:
                    52:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:FD:1F:A6:FE:62:55:61:0D:A6:33:35:20:F8:88:94:B3:1D:6A:BF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ac628f17-781f-4720-8271-a0909d8a8f04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.41.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a5:b8:ec:0b:c6:16:99:84:0a:6e:d6:a4:ea:d4:25:61:08:03:
         79:3f:fa:b2:4e:a4:d7:cd:ef:e9:d0:5c:59:ce:cf:41:45:5b:
         14:ff:cf:55:7f:74:ca:3f:7f:0e:5b:21:f6:5d:30:c5:d2:03:
         7a:c8:63:ee:71:5f:f6:74:4e:a4:73:28:85:3e:2c:f3:a8:ec:
         b1:08:73:43:61:1b:6d:be:d6:d7:70:d0:c3:14:32:7c:4c:63:
         d3:fb:e9:22:80:32:7d:30:68:c6:f2:d9:f7:15:aa:d5:91:35:
         00:7e:69:8b:55:9f:a3:7c:82:66:b1:58:35:55:c0:f3:2b:52:
         c8:49:84:e6:74:0f:fe:77:88:fe:32:30:77:5e:aa:30:ed:42:
         52:6d:21:fe:f7:1b:a1:47:72:af:1f:48:4b:6f:37:09:d0:85:
         3e:52:83:b7:b7:be:91:0a:97:77:cd:c0:2e:60:ab:ec:cc:ac:
         c8:7d:d9:f7:94:51:51:85:a6:fe:7c:66:49:de:1e:b1:24:f1:
         d1:25:d3:d7:d7:4a:87:d4:09:d2:51:db:7b:2a:7e:0f:a2:0d:
         ed:fb:af:51:d5:d8:81:c2:d4:bb:d3:90:7e:97:6a:15:6d:5f:
         2a:8d:8a:6c:7a:d8:01:92:1e:43:07:e5:0d:39:07:0c:57:70:
         11:69:d6:5d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUL9EmZULRa4caU2OheTLa0hSSdp8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwODA0MTgwMTA0WhcNMjUwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1N2FhNjcwODM5MmY3NWM0NGM4NTExMjk0MTBiMmJkNjI3
MmFjNTBmYmU5NjU3MDVkNGI5MTg1ZGI2OWVlMDQ4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvvMdahOyBE6MUghxP0BVS7mS0l6lRzfDpPBb3TP4vWjul
QHsmS83cN7na4ErldedIQ//8XvPVdwyn5EKkeoqhP1MjATkdlg44p3YSHsEu6QdN
2ewK2bpwRvusM87egbT2sJQOyFTiZKEy96RAyLRyQiIID1srYnXjRqs89OlSiPyN
OjfWMINnPyyZ+3qrytDc3tTxjPDfg2zL4xTJLGmz8xRzIBhZ/Lj6d5FlqPQur1dr
ZUBdWz5aXw5igVCCWSKLuYf9oLuNGtBPfuRH5bPuPBzSo084OjGX6DX3Ckzfm2EZ
rdmWj7gasangOrVfpxrNxPRUrCevydCQGEbmJVK5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUlf0fpv5iVWENpjM1IPiIlLMdar8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2FjNjI4ZjE3LTc4MWYtNDcyMC04MjcxLWEwOTA5ZDhhOGYwNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASKTANBgkqhkiG9w0BAQsFAAOCAQEApbjsC8YWmYQKbtak6tQlYQgDeT/6
sk6k183v6dBcWc7PQUVbFP/PVX90yj9/Dlsh9l0wxdIDeshj7nFf9nROpHMohT4s
86jssQhzQ2Ebbb7W13DQwxQyfExj0/vpIoAyfTBoxvLZ9xWq1ZE1AH5pi1Wfo3yC
ZrFYNVXA8ytSyEmE5nQP/neI/jIwd16qMO1CUm0h/vcboUdyrx9IS283CdCFPlKD
t7e+kQqXd83ALmCr7MysyH3Z95RRUYWm/nxmSd4esSTx0SXT19dKh9QJ0lHbeyp+
D6IN7fuvUdXYgcLUu9OQfpdqFW1fKo2KbHrYAZIeQwflDTkHDFdwEWnWXQ==
-----END CERTIFICATE-----
Generated at Mon Aug 4 21:37:48 2025 by rpki-client