Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/da582ca6-2c06-4b1e-8b99-3e314735161b.roa
File:                     da582ca6-2c06-4b1e-8b99-3e314735161b.roa (raw, json)
Hash identifier:          IVuleo3U1d38ZXTD/zCRahO1hMr87Dk2pzoJTQpdadI=
Subject key identifier:   EA:CB:A5:20:3B:8E:A2:5B:80:E9:A5:C3:3F:E3:68:CB:FB:E3:52:F7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7179B8D120A07C8EDEB0ED4CBB5CE728D1C338DB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/da582ca6-2c06-4b1e-8b99-3e314735161b.roa
Signing time:             Tue 04 Nov 2025 02:11:14 +0000
ROA not before:           Tue 04 Nov 2025 02:11:14 +0000
ROA not after:            Tue 09 Dec 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.20.0.0/14 maxlen: 14
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 06 Nov 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:79:b8:d1:20:a0:7c:8e:de:b0:ed:4c:bb:5c:e7:28:d1:c3:38:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Nov  4 02:11:14 2025 GMT
            Not After : Dec  9 23:59:59 2025 GMT
        Subject: serialNumber=bc438ee8c1e1ea47ab3c76499d2e5c704f61044b8e0ec7954f4b3cc377fbe0f8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:83:e3:d7:ef:73:f6:07:68:71:0a:c3:99:6e:
                    8c:94:51:73:3d:dc:34:a2:e2:59:5e:4d:f5:38:e7:
                    f6:3e:56:43:06:4a:3c:e7:45:2d:ba:26:43:ea:25:
                    72:12:23:55:f9:99:00:13:95:84:8a:9b:79:b7:1d:
                    8e:c0:b6:93:fa:ea:51:76:a9:5c:c2:78:b6:29:b4:
                    91:50:89:c8:f0:52:f2:31:1d:06:d0:9f:aa:fa:9e:
                    fe:cf:58:8f:70:65:e5:70:72:c0:2a:58:5d:04:15:
                    7e:11:a7:bd:9e:c3:8e:0b:0b:9f:27:a2:b2:a8:dd:
                    af:9f:13:40:0b:42:c9:45:a8:71:b5:cc:a4:8b:9b:
                    1f:b7:cd:29:79:6d:01:52:5f:b8:40:24:c5:ac:42:
                    e4:64:98:38:0f:7a:28:63:14:83:fb:b9:fc:a1:9c:
                    df:d1:23:93:42:cb:53:8d:13:75:11:ed:dd:cb:74:
                    2c:f9:ae:fa:2d:41:e4:0e:11:0c:e1:d1:28:4d:26:
                    32:61:82:6d:70:33:55:17:e4:30:20:04:3d:2c:b9:
                    84:bb:4f:ec:22:db:17:9b:f0:06:33:29:0d:c0:6b:
                    99:ca:c0:b5:ed:e6:28:28:b6:6e:51:6c:b6:7e:61:
                    51:ff:5b:13:0c:2c:5b:80:47:77:eb:4b:49:2c:a8:
                    7c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:CB:A5:20:3B:8E:A2:5B:80:E9:A5:C3:3F:E3:68:CB:FB:E3:52:F7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/da582ca6-2c06-4b1e-8b99-3e314735161b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.20.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         0c:7a:a2:f7:35:6a:7a:91:1e:79:30:4a:7a:6d:4a:f9:3f:f0:
         ad:ff:65:74:88:63:1e:4c:d1:6c:57:60:75:82:70:a3:b2:12:
         87:0e:33:41:a9:5d:5f:c2:9d:8b:57:fa:f1:59:2b:28:71:5c:
         15:71:e1:e1:01:73:5b:5e:79:5f:7b:f8:4a:4c:3d:d1:53:50:
         0a:5f:8c:b5:2c:3f:f1:71:e5:0b:9e:3a:70:6b:17:8c:43:55:
         b9:37:67:ac:38:66:74:53:2b:a2:6a:6a:ee:23:f6:90:13:d8:
         8f:26:57:db:c7:e5:af:eb:08:e0:2d:8e:7c:cc:e3:f5:4c:c9:
         34:8b:ae:d7:f2:69:7f:53:99:bc:c5:8d:75:69:c0:f8:34:bb:
         4e:25:29:ea:d1:d2:ff:81:ed:3f:77:57:00:1e:ef:c6:f8:c0:
         b4:8d:7f:65:ec:24:7d:67:fe:1c:71:a2:20:2b:30:8e:b1:d8:
         34:48:37:34:7f:eb:0f:55:7b:67:d6:f2:c9:bb:37:cb:d8:70:
         dc:d9:b9:5d:13:99:69:4a:88:28:3c:fc:03:a0:a2:62:57:f2:
         50:23:ac:43:82:ec:1f:b5:0f:cf:5a:16:56:a9:18:39:1e:bb:
         77:17:06:62:eb:e1:03:a1:7e:42:f9:f9:93:97:08:0f:68:98:
         f1:5b:a7:54
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcXm40SCgfI7esO1Mu1znKNHDONswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUxMTA0MDIxMTE0WhcNMjUxMjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYzQzOGVlOGMxZTFlYTQ3YWIzYzc2NDk5ZDJlNWM3MDRm
NjEwNDRiOGUwZWM3OTU0ZjRiM2NjMzc3ZmJlMGY4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCug+PX73P2B2hxCsOZboyUUXM93DSi4lleTfU45/Y+VkMG
SjznRS26JkPqJXISI1X5mQATlYSKm3m3HY7AtpP66lF2qVzCeLYptJFQicjwUvIx
HQbQn6r6nv7PWI9wZeVwcsAqWF0EFX4Rp72ew44LC58norKo3a+fE0ALQslFqHG1
zKSLmx+3zSl5bQFSX7hAJMWsQuRkmDgPeihjFIP7ufyhnN/RI5NCy1ONE3UR7d3L
dCz5rvotQeQOEQzh0ShNJjJhgm1wM1UX5DAgBD0suYS7T+wi2xeb8AYzKQ3Aa5nK
wLXt5igotm5RbLZ+YVH/WxMMLFuAR3frS0ksqHwrAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU6sulIDuOoluA6aXDP+Noy/vjUvcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RhNTgyY2E2LTJjMDYtNGIxZS04Yjk5LTNlMzE0NzM1MTYxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwI0FDANBgkqhkiG9w0BAQsFAAOCAQEADHqi9zVqepEeeTBKem1K+T/wrf9l
dIhjHkzRbFdgdYJwo7IShw4zQaldX8Kdi1f68VkrKHFcFXHh4QFzW155X3v4Skw9
0VNQCl+MtSw/8XHlC546cGsXjENVuTdnrDhmdFMrompq7iP2kBPYjyZX28flr+sI
4C2OfMzj9UzJNIuu1/Jpf1OZvMWNdWnA+DS7TiUp6tHS/4HtP3dXAB7vxvjAtI1/
ZewkfWf+HHGiICswjrHYNEg3NH/rD1V7Z9byybs3y9hw3Nm5XROZaUqIKDz8A6Ci
YlfyUCOsQ4LsH7UPz1oWVqkYOR67dxcGYuvhA6F+Qvn5k5cID2iY8VunVA==
-----END CERTIFICATE-----