Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/067db7a0-98da-4f57-9f73-acefae7c5ebb.roa
File:                     067db7a0-98da-4f57-9f73-acefae7c5ebb.roa (raw, json)
Hash identifier:          xunpk5Acvv3fOr/C6QmuHvk4b7ddCwDg+awTVA7uf4o=
Subject key identifier:   30:EB:B5:4B:A1:D0:02:D3:97:F9:AE:99:AC:04:2D:7F:65:9F:38:30
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4E0F91C8407433B013F0BAE407DEC94DA5205B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/067db7a0-98da-4f57-9f73-acefae7c5ebb.roa
Signing time:             Wed 25 Feb 2026 01:01:00 +0000
ROA not before:           Wed 25 Feb 2026 01:01:00 +0000
ROA not after:            Tue 26 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff6:8000::/39 maxlen: 39
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:0f:91:c8:40:74:33:b0:13:f0:ba:e4:07:de:c9:4d:a5:20:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 25 01:01:00 2026 GMT
            Not After : May 26 23:59:59 2026 GMT
        Subject: serialNumber=39801e894973be9965aba57d2125429ab680dded7b4ef02ac3ad7e4a364aa786, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:43:95:01:36:5b:34:8e:ca:ca:04:80:fb:14:
                    74:6f:78:3b:9d:b6:00:f2:69:25:37:36:6d:b0:ec:
                    50:14:9d:dc:d4:37:15:48:70:93:c7:96:82:08:c8:
                    e1:99:78:8f:3c:0d:57:39:7e:ec:e7:c3:e3:3c:e9:
                    11:9f:c8:b3:22:07:0c:47:2a:9d:a8:3e:27:36:b9:
                    7d:28:99:70:ce:58:04:7e:6b:83:86:d3:39:59:52:
                    d7:a5:9a:42:db:e7:ca:e8:a6:3a:09:9c:c5:26:3c:
                    f4:54:a5:80:32:8a:e2:aa:12:24:3b:52:90:d6:ed:
                    73:2f:1c:57:b9:7e:b0:b7:d0:2f:72:bb:62:34:69:
                    0e:d2:3a:ab:4e:9f:45:71:7c:60:21:32:9c:54:4d:
                    8b:d2:7b:ce:5e:85:0c:5c:8f:e3:1c:e0:f2:19:5f:
                    e9:63:f1:6d:92:c3:92:c6:45:a6:59:b9:8b:b9:f7:
                    f6:b4:73:c4:89:51:ca:4d:6c:00:82:c9:4a:75:80:
                    db:77:b2:9e:0d:f7:2e:32:58:ab:d5:80:5f:fb:12:
                    ab:28:71:27:74:ef:1a:28:9e:a0:0a:61:03:b1:f1:
                    e4:7a:c0:af:17:28:be:b3:5e:46:5a:76:f8:c2:90:
                    91:1e:0a:2d:0f:d1:7e:44:23:c0:a5:a8:c8:df:7b:
                    38:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:EB:B5:4B:A1:D0:02:D3:97:F9:AE:99:AC:04:2D:7F:65:9F:38:30
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/067db7a0-98da-4f57-9f73-acefae7c5ebb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff6:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         d0:28:61:b9:29:54:6f:a1:85:d8:41:47:d2:3d:5c:20:ee:3c:
         6a:c7:bf:43:a3:33:43:bb:d2:c6:61:6b:90:05:e2:5f:87:2c:
         3b:9e:46:4d:d2:d1:84:f4:6f:22:81:34:ed:51:a3:1a:a9:9a:
         79:c2:c0:8a:0c:37:48:31:71:e0:4a:c4:64:3f:22:d0:f2:58:
         c8:40:50:b5:ce:3a:ae:b7:9d:f2:bb:85:53:4f:90:0f:09:42:
         56:eb:2b:ca:35:44:08:d3:c7:21:7c:d0:51:72:8c:12:4d:8b:
         bd:39:5e:af:06:a9:aa:9a:08:a9:0c:e9:da:b0:59:22:bc:a7:
         1e:5f:47:45:1e:d8:28:ac:71:e1:1a:d0:a8:f6:40:3b:ea:b2:
         12:20:74:23:e4:06:01:1e:69:fa:3a:f8:f3:a1:91:2f:a8:88:
         53:2b:c5:ac:b2:0f:c7:1d:0a:57:8d:c7:4d:48:a9:ca:dd:04:
         ae:d8:93:4f:cf:1e:78:81:21:54:5b:f7:5d:b7:a1:35:d1:f2:
         32:0a:10:9a:2f:fa:2f:58:60:c9:c3:36:91:83:93:82:be:f1:
         12:46:18:f9:96:61:bc:93:e8:bb:59:06:65:8b:ed:d6:33:dd:
         8f:88:93:74:20:a0:60:9f:bd:f1:7b:fc:3c:29:f7:cd:a4:b7:
         93:3f:97:11
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgITTg+RyEB0M7AT8LrkB97JTaUgWzANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNjAyMjUwMTAxMDBaFw0yNjA1MjYyMzU5NTla
MHoxSTBHBgNVBAUTQDM5ODAxZTg5NDk3M2JlOTk2NWFiYTU3ZDIxMjU0MjlhYjY4
MGRkZWQ3YjRlZjAyYWMzYWQ3ZTRhMzY0YWE3ODYxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM5DlQE2WzSOysoEgPsUdG94O522APJpJTc2bbDsUBSd3NQ3
FUhwk8eWggjI4Zl4jzwNVzl+7OfD4zzpEZ/IsyIHDEcqnag+Jza5fSiZcM5YBH5r
g4bTOVlS16WaQtvnyuimOgmcxSY89FSlgDKK4qoSJDtSkNbtcy8cV7l+sLfQL3K7
YjRpDtI6q06fRXF8YCEynFRNi9J7zl6FDFyP4xzg8hlf6WPxbZLDksZFplm5i7n3
9rRzxIlRyk1sAILJSnWA23eyng33LjJYq9WAX/sSqyhxJ3TvGiieoAphA7Hx5HrA
rxcovrNeRlp2+MKQkR4KLQ/RfkQjwKWoyN97ODECAwEAAaOCArMwggKvMB0GA1Ud
DgQWBBQw67VLodAC05f5rpmsBC1/ZZ84MDAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvMDY3ZGI3YTAtOThkYS00ZjU3LTlmNzMtYWNlZmFlN2M1ZWJiLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIw
CAMGASYAH/aAMA0GCSqGSIb3DQEBCwUAA4IBAQDQKGG5KVRvoYXYQUfSPVwg7jxq
x79DozNDu9LGYWuQBeJfhyw7nkZN0tGE9G8igTTtUaMaqZp5wsCKDDdIMXHgSsRk
PyLQ8ljIQFC1zjqut53yu4VTT5APCUJW6yvKNUQI08chfNBRcowSTYu9OV6vBqmq
mgipDOnasFkivKceX0dFHtgorHHhGtCo9kA76rISIHQj5AYBHmn6OvjzoZEvqIhT
K8Wssg/HHQpXjcdNSKnK3QSu2JNPzx54gSFUW/ddt6E10fIyChCaL/ovWGDJwzaR
g5OCvvESRhj5lmG8k+i7WQZli+3WM92PiJN0IKBgn73xe/w8KffNpLeTP5cR
-----END CERTIFICATE-----