Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dcd7e384-f30e-45f8-b9c4-ffc1a149e46e.roa
File:                     dcd7e384-f30e-45f8-b9c4-ffc1a149e46e.roa (raw, json)
Hash identifier:          0xgaMeq269pdYFFViHZeaBjQsPr7FA+w5gL+uZRhuaE=
Subject key identifier:   4C:93:D0:C5:A1:67:6C:A2:98:0B:FC:4C:E5:55:D5:9E:87:A3:38:03
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4D524CF063A9C9F44AE77871D578AE99141D5ABD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dcd7e384-f30e-45f8-b9c4-ffc1a149e46e.roa
Signing time:             Mon 09 Jun 2025 19:11:06 +0000
ROA not before:           Mon 09 Jun 2025 19:11:06 +0000
ROA not after:            Mon 14 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.250.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:52:4c:f0:63:a9:c9:f4:4a:e7:78:71:d5:78:ae:99:14:1d:5a:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jun  9 19:11:06 2025 GMT
            Not After : Jul 14 23:59:59 2025 GMT
        Subject: serialNumber=10f88c5f4a66768ccd5ae20efa612b8c592dd888fbf03ee2242e9c87c574fd11, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f3:aa:19:d6:21:34:e2:1c:a5:4e:14:72:af:
                    08:b0:90:f4:d4:e6:a6:0b:ee:f9:1f:64:db:3e:c9:
                    25:aa:92:93:d8:cc:b9:83:a0:12:7f:fe:a0:86:7c:
                    50:ed:69:b3:8d:ab:64:5e:73:1c:2a:f4:e4:bb:38:
                    f4:d0:4e:5f:a1:e4:e2:13:dd:20:52:2b:d1:d9:9c:
                    e0:54:f9:de:ca:df:37:fd:cf:20:e2:ff:6d:8b:73:
                    7c:69:ee:ec:a7:50:85:2b:06:6b:24:18:d9:09:6d:
                    e4:e2:37:c8:0a:1b:f6:26:b5:9d:3e:35:9d:63:3e:
                    77:42:fa:e3:26:3e:ff:59:fe:55:73:c3:0b:1b:cb:
                    7b:58:3a:e1:e7:e5:9b:de:41:20:d0:29:48:ed:b7:
                    22:d8:c6:a8:98:f5:08:82:de:5f:a6:ca:e6:1e:9b:
                    3d:2d:17:e3:c4:82:39:96:63:10:90:da:33:e1:76:
                    15:08:02:59:0e:62:d5:99:95:24:16:71:60:8c:0e:
                    ca:b3:dc:ef:3e:ea:2e:47:fb:28:24:57:23:1c:ac:
                    fd:a8:72:df:da:dc:18:23:e5:9a:45:13:e0:c3:34:
                    1b:83:b8:33:1c:c8:17:3b:4d:44:2c:e0:4e:49:2e:
                    32:87:0b:27:fe:d2:f5:e5:75:39:3f:94:7f:b1:99:
                    a7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:93:D0:C5:A1:67:6C:A2:98:0B:FC:4C:E5:55:D5:9E:87:A3:38:03
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dcd7e384-f30e-45f8-b9c4-ffc1a149e46e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.250.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         70:f1:46:a2:db:c9:09:2f:6a:aa:f3:15:e0:4c:3e:27:c3:01:
         ec:4c:11:0c:02:8a:78:42:c5:d7:4a:c8:ad:65:c7:88:77:92:
         d7:f8:af:4a:c9:74:cd:5d:0f:fa:12:c0:ff:52:ce:13:1c:e8:
         f3:c3:31:e4:a3:61:d1:1c:2f:83:b6:72:9b:0f:3b:f2:69:ed:
         0e:86:5d:ac:42:bc:9a:28:12:9b:6f:f6:18:e1:3b:fa:d8:35:
         7b:30:bb:3f:32:97:70:05:02:43:74:d6:24:51:73:f2:ff:cc:
         b5:c2:ae:8f:28:de:b3:f6:2e:d5:6d:05:8a:f1:8c:44:24:73:
         7d:d5:d5:7a:93:bc:aa:a8:c7:55:39:b6:9d:a3:40:0e:56:2a:
         12:ab:6d:b7:e1:33:fc:60:00:a4:a4:d0:23:ce:d6:ca:b0:02:
         1d:b6:10:c8:a5:7b:0c:e9:a0:fc:94:0c:93:2b:04:bb:f3:70:
         3e:cd:10:3a:4b:fa:a0:5e:9c:c7:68:21:07:20:25:0d:55:60:
         40:8d:7e:0a:a2:6b:ae:8c:14:7c:25:85:ae:83:82:5a:e6:59:
         02:fe:ec:31:55:78:8b:87:ec:00:7f:a1:8e:3f:51:8a:14:4b:
         ea:4b:a7:0a:8d:f8:85:d7:7c:be:e7:03:75:4d:05:8a:eb:3d:
         f5:32:78:11
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTVJM8GOpyfRK53hx1XiumRQdWr0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNjA5MTkxMTA2WhcNMjUwNzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMGY4OGM1ZjRhNjY3NjhjY2Q1YWUyMGVmYTYxMmI4YzU5
MmRkODg4ZmJmMDNlZTIyNDJlOWM4N2M1NzRmZDExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDP86oZ1iE04hylThRyrwiwkPTU5qYL7vkfZNs+ySWqkpPY
zLmDoBJ//qCGfFDtabONq2Recxwq9OS7OPTQTl+h5OIT3SBSK9HZnOBU+d7K3zf9
zyDi/22Lc3xp7uynUIUrBmskGNkJbeTiN8gKG/YmtZ0+NZ1jPndC+uMmPv9Z/lVz
wwsby3tYOuHn5ZveQSDQKUjttyLYxqiY9QiC3l+myuYemz0tF+PEgjmWYxCQ2jPh
dhUIAlkOYtWZlSQWcWCMDsqz3O8+6i5H+ygkVyMcrP2oct/a3Bgj5ZpFE+DDNBuD
uDMcyBc7TUQs4E5JLjKHCyf+0vXldTk/lH+xmacxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTJPQxaFnbKKYC/xM5VXVnoejOAMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RjZDdlMzg0LWYzMGUtNDVmOC1iOWM0LWZmYzFhMTQ5ZTQ2ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY2+sAwDQYJKoZIhvcNAQELBQADggEBAHDxRqLbyQkvaqrzFeBMPifDAexM
EQwCinhCxddKyK1lx4h3ktf4r0rJdM1dD/oSwP9SzhMc6PPDMeSjYdEcL4O2cpsP
O/Jp7Q6GXaxCvJooEptv9hjhO/rYNXswuz8yl3AFAkN01iRRc/L/zLXCro8o3rP2
LtVtBYrxjEQkc33V1XqTvKqox1U5tp2jQA5WKhKrbbfhM/xgAKSk0CPO1sqwAh22
EMilewzpoPyUDJMrBLvzcD7NEDpL+qBenMdoIQcgJQ1VYECNfgqia66MFHwlha6D
glrmWQL+7DFVeIuH7AB/oY4/UYoUS+pLpwqN+IXXfL7nA3VNBYrrPfUyeBE=
-----END CERTIFICATE-----