Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f525a0b2-7ca2-43f1-951c-7eff24265dc3.roa
File:                     f525a0b2-7ca2-43f1-951c-7eff24265dc3.roa (raw, json)
Hash identifier:          m2lIYhOagKDKLzSMq+WiwpjlFXU/qI4/TfXzmb0Uw7A=
Subject key identifier:   7A:9F:05:7B:04:71:C9:B6:F0:C0:0E:A1:C2:65:9C:75:8B:67:00:D3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4A3D647041E8C3CE1897A057DC11226A733D0F9B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f525a0b2-7ca2-43f1-951c-7eff24265dc3.roa
Signing time:             Sat 28 Feb 2026 02:31:44 +0000
ROA not before:           Sat 28 Feb 2026 02:31:44 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        18.45.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:3d:64:70:41:e8:c3:ce:18:97:a0:57:dc:11:22:6a:73:3d:0f:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 02:31:44 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=26b06908ce80ad6645558e9f2bb0cb1e2e7059976c41d8e5324712bdb86bcb4a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:25:ef:55:49:99:38:14:f4:ea:3e:96:15:cf:
                    c4:05:75:e2:47:b7:8b:21:2e:4e:6f:a0:b1:96:1c:
                    d2:33:83:8f:23:ec:57:d7:96:e8:b9:46:b3:e6:0b:
                    f5:3c:4f:4e:e8:4b:29:b3:17:1e:9e:7e:38:e2:d8:
                    0f:f8:97:a0:c3:b7:ea:95:79:7c:87:e0:c1:51:a6:
                    08:5b:47:e8:c4:8e:0a:29:a1:73:ca:1d:45:cf:52:
                    96:ea:5c:a4:67:42:36:9b:f3:71:62:5b:f2:a9:bc:
                    e8:d6:ed:5c:a6:b1:77:5b:d3:5c:1c:7e:f0:a4:60:
                    f2:9a:71:c8:ce:10:53:d2:7d:b4:df:2a:94:36:e9:
                    99:83:50:b5:01:24:f9:de:f4:ec:b6:3e:d8:56:b7:
                    a8:08:63:32:f5:05:d9:57:b8:d8:bb:36:22:17:3f:
                    4d:06:da:99:7c:9c:84:46:19:e2:b3:b8:1d:65:cb:
                    36:6b:c7:d9:04:73:b8:fb:88:81:18:da:2b:75:64:
                    b5:cf:9f:e0:ef:14:dc:95:ab:fc:d7:2c:f5:31:36:
                    a8:f2:5c:49:80:3c:51:04:a0:d3:c4:70:cb:54:99:
                    4a:e7:63:d3:db:6a:b5:62:02:4d:fb:27:b0:eb:56:
                    7e:6d:ee:a1:81:61:61:d6:c2:6a:43:da:b8:35:92:
                    d4:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:9F:05:7B:04:71:C9:B6:F0:C0:0E:A1:C2:65:9C:75:8B:67:00:D3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f525a0b2-7ca2-43f1-951c-7eff24265dc3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.45.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         01:84:5e:33:a1:01:70:2c:53:0d:2e:44:eb:40:b4:d8:6d:46:
         80:3e:0f:3b:63:b4:7d:db:f5:ee:a6:80:77:86:d1:25:8e:ad:
         29:af:32:ca:15:98:4d:19:c2:ec:8f:9c:b7:0d:22:74:f2:da:
         78:0f:5a:9c:6b:c6:73:5b:1f:ea:84:00:f3:39:eb:28:b0:70:
         d5:44:9c:ae:be:bc:c8:64:e9:bc:45:f3:40:d6:8d:69:be:1a:
         60:d5:f9:65:88:5e:15:d0:a5:c0:20:88:01:77:b2:62:f6:63:
         ac:b2:0d:98:e5:21:ff:18:34:a7:99:86:e3:01:32:f4:da:93:
         bb:ac:80:e8:33:44:d9:a1:9e:02:0b:06:01:bb:ec:b0:42:b8:
         7f:95:04:e8:b7:f5:dd:c8:47:95:88:94:45:ba:68:aa:c2:d7:
         e1:78:83:72:bd:20:9b:40:1d:3d:5b:df:05:9c:61:05:41:86:
         b8:56:59:59:a7:dd:d3:fb:2c:06:1e:30:ac:12:7f:2c:07:9e:
         d0:6b:5f:39:d7:d6:bd:69:ce:df:95:06:86:56:89:92:7a:75:
         ee:45:d6:74:c4:f7:27:3b:18:61:63:8c:91:27:c3:21:f9:74:
         a5:2e:6f:9d:dd:89:aa:3e:fc:12:fe:44:ce:3f:35:a8:6e:63:
         2b:f5:56:6e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSj1kcEHow84Yl6BX3BEianM9D5swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDIzMTQ0WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNmIwNjkwOGNlODBhZDY2NDU1NThlOWYyYmIwY2IxZTJl
NzA1OTk3NmM0MWQ4ZTUzMjQ3MTJiZGI4NmJjYjRhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNJe9VSZk4FPTqPpYVz8QFdeJHt4shLk5voLGWHNIzg48j
7FfXlui5RrPmC/U8T07oSymzFx6efjji2A/4l6DDt+qVeXyH4MFRpghbR+jEjgop
oXPKHUXPUpbqXKRnQjab83FiW/KpvOjW7VymsXdb01wcfvCkYPKaccjOEFPSfbTf
KpQ26ZmDULUBJPne9Oy2PthWt6gIYzL1BdlXuNi7NiIXP00G2pl8nIRGGeKzuB1l
yzZrx9kEc7j7iIEY2it1ZLXPn+DvFNyVq/zXLPUxNqjyXEmAPFEEoNPEcMtUmUrn
Y9PbarViAk37J7DrVn5t7qGBYWHWwmpD2rg1ktQxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUep8FewRxybbwwA6hwmWcdYtnANMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y1MjVhMGIyLTdjYTItNDNmMS05NTFjLTdlZmYyNDI2NWRjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASLTANBgkqhkiG9w0BAQsFAAOCAQEAAYReM6EBcCxTDS5E60C02G1GgD4P
O2O0fdv17qaAd4bRJY6tKa8yyhWYTRnC7I+ctw0idPLaeA9anGvGc1sf6oQA8znr
KLBw1UScrr68yGTpvEXzQNaNab4aYNX5ZYheFdClwCCIAXeyYvZjrLINmOUh/xg0
p5mG4wEy9NqTu6yA6DNE2aGeAgsGAbvssEK4f5UE6Lf13chHlYiURbpoqsLX4XiD
cr0gm0AdPVvfBZxhBUGGuFZZWafd0/ssBh4wrBJ/LAee0GtfOdfWvWnO35UGhlaJ
knp17kXWdMT3JzsYYWOMkSfDIfl0pS5vnd2Jqj78Ev5Ezj81qG5jK/VWbg==
-----END CERTIFICATE-----