Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/01ff9c8f-8da9-44ae-9b64-115add0db1f6.roa
File:                     01ff9c8f-8da9-44ae-9b64-115add0db1f6.roa (raw, json)
Hash identifier:          4eICH8/i/U7KJW/hw8eFbRC4MBHQ8nFzNfc35PtAb/8=
Subject key identifier:   D9:EC:FB:FC:7C:14:4E:8A:9A:EB:9D:5C:87:97:66:D6:60:88:14:9A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       452D95BCFE7F28D91B4015085F13A58F08CA123E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/01ff9c8f-8da9-44ae-9b64-115add0db1f6.roa
Signing time:             Wed 25 Feb 2026 00:21:20 +0000
ROA not before:           Wed 25 Feb 2026 00:21:20 +0000
ROA not after:            Tue 26 May 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        204.236.192.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:2d:95:bc:fe:7f:28:d9:1b:40:15:08:5f:13:a5:8f:08:ca:12:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 25 00:21:20 2026 GMT
            Not After : May 26 23:59:59 2026 GMT
        Subject: serialNumber=c8869211e7d8bf256fafc4a3ad6d312e11c662a365cd6cb98a05c4efb4e50c28, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:42:90:bd:d9:54:be:bd:24:f4:4c:13:2b:2b:
                    9c:c4:f1:e7:72:75:af:7a:46:83:1d:0b:da:5a:1f:
                    03:70:4d:cd:28:87:e6:fb:24:46:1d:61:27:f0:49:
                    22:dd:ac:9c:e7:44:1c:1c:2e:f9:2b:fc:98:bd:e0:
                    31:52:7e:8c:81:5f:df:32:bb:ba:27:01:01:8e:9b:
                    23:d5:bc:5f:d4:12:91:76:71:1b:de:ed:27:64:7a:
                    a3:2c:3d:ce:77:c8:5f:b4:50:0d:1d:49:76:53:3e:
                    d7:05:c9:fc:23:51:98:dd:67:99:43:7f:e9:d8:bd:
                    0c:2d:e7:2e:b6:65:16:cd:c2:e0:ae:f7:c9:7a:5d:
                    78:a6:09:78:25:90:fc:30:60:1c:1c:38:20:6c:a6:
                    09:36:f1:ef:19:0b:af:77:1f:52:d9:76:c6:fc:5c:
                    86:d2:df:b0:e8:3f:d8:7e:50:cc:c4:aa:8c:5d:b4:
                    35:b2:c2:d5:91:51:c1:62:6e:1b:65:e8:d4:99:de:
                    9c:f3:08:d7:2b:9f:93:8b:fc:64:f5:d0:b8:d7:82:
                    57:cf:70:9e:8e:8a:5b:8f:1e:2f:4c:31:b8:91:1d:
                    07:4a:f6:db:1d:43:2f:d6:d9:39:03:7f:b8:29:68:
                    17:e8:c8:1f:8f:ba:bd:22:9c:33:0e:8e:f6:3c:17:
                    d2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:EC:FB:FC:7C:14:4E:8A:9A:EB:9D:5C:87:97:66:D6:60:88:14:9A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/01ff9c8f-8da9-44ae-9b64-115add0db1f6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.236.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         02:7a:5f:32:99:da:41:52:c8:be:41:ed:04:73:74:51:ca:b1:
         94:99:46:90:09:91:fa:58:c7:35:84:ed:0b:da:c6:f7:3d:2d:
         13:43:7e:9c:51:19:16:2c:38:12:a1:ad:94:d7:43:57:e6:b1:
         c9:9b:a7:63:18:00:00:0b:c9:2a:5b:0c:77:0a:0e:23:7c:b5:
         55:6a:b9:38:c3:7f:3c:29:05:89:4d:f5:eb:4d:3b:b4:80:bc:
         d9:18:4f:68:bc:7f:14:76:2f:ab:0a:50:80:56:47:04:48:e1:
         69:59:60:51:02:19:b6:b1:05:4c:dd:2f:dd:00:55:96:dc:0a:
         90:92:be:c9:01:9c:a0:ba:eb:0c:a5:9b:64:fb:56:fd:9c:43:
         49:6f:64:0a:90:58:17:2a:d0:32:d1:83:f5:b4:4e:b4:28:64:
         d4:86:e6:54:d0:c1:53:aa:7b:ba:8f:27:a1:d7:5d:2f:db:f2:
         ce:f5:03:df:50:44:e2:55:90:be:ff:cc:f7:51:24:6e:ff:8d:
         ca:f4:75:ad:6c:00:3b:a3:e4:b7:3f:e8:0e:07:1a:c7:28:38:
         94:46:25:86:5f:ed:05:5e:f2:a5:8a:52:3d:d0:45:8a:dc:89:
         df:78:a1:f4:c0:70:0c:dd:69:06:72:21:d8:36:f2:cf:d4:96:
         d4:4e:67:d9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURS2VvP5/KNkbQBUIXxOljwjKEj4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI1MDAyMTIwWhcNMjYwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjODg2OTIxMWU3ZDhiZjI1NmZhZmM0YTNhZDZkMzEyZTEx
YzY2MmEzNjVjZDZjYjk4YTA1YzRlZmI0ZTUwYzI4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgQpC92VS+vST0TBMrK5zE8edyda96RoMdC9paHwNwTc0o
h+b7JEYdYSfwSSLdrJznRBwcLvkr/Ji94DFSfoyBX98yu7onAQGOmyPVvF/UEpF2
cRve7SdkeqMsPc53yF+0UA0dSXZTPtcFyfwjUZjdZ5lDf+nYvQwt5y62ZRbNwuCu
98l6XXimCXglkPwwYBwcOCBspgk28e8ZC693H1LZdsb8XIbS37DoP9h+UMzEqoxd
tDWywtWRUcFibhtl6NSZ3pzzCNcrn5OL/GT10LjXglfPcJ6OiluPHi9MMbiRHQdK
9tsdQy/W2TkDf7gpaBfoyB+Pur0inDMOjvY8F9LbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2ez7/HwUToqa651ch5dm1mCIFJowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAxZmY5YzhmLThkYTktNDRhZS05YjY0LTExNWFkZDBkYjFmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbM7MAwDQYJKoZIhvcNAQELBQADggEBAAJ6XzKZ2kFSyL5B7QRzdFHKsZSZ
RpAJkfpYxzWE7Qvaxvc9LRNDfpxRGRYsOBKhrZTXQ1fmscmbp2MYAAALySpbDHcK
DiN8tVVquTjDfzwpBYlN9etNO7SAvNkYT2i8fxR2L6sKUIBWRwRI4WlZYFECGbax
BUzdL90AVZbcCpCSvskBnKC66wylm2T7Vv2cQ0lvZAqQWBcq0DLRg/W0TrQoZNSG
5lTQwVOqe7qPJ6HXXS/b8s71A99QROJVkL7/zPdRJG7/jcr0da1sADuj5Lc/6A4H
GscoOJRGJYZf7QVe8qWKUj3QRYrcid94ofTAcAzdaQZyIdg28s/UltROZ9k=
-----END CERTIFICATE-----