Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0bd38cb3-a515-4ab0-a345-33cb83acf28d.roa
File:                     0bd38cb3-a515-4ab0-a345-33cb83acf28d.roa (raw, json)
Hash identifier:          GzcU/goOgcXQGJzpoiHReKZ6FV6c24/N1vLMEzv1czc=
Subject key identifier:   11:BA:7D:A0:6D:46:D5:C2:4C:1B:EE:08:E9:3E:EA:1A:F1:DC:7D:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0CEDD9585B70320CB2F331D01D04BAE613FCD9AF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0bd38cb3-a515-4ab0-a345-33cb83acf28d.roa
Signing time:             Wed 18 Feb 2026 00:20:37 +0000
ROA not before:           Wed 18 Feb 2026 00:20:37 +0000
ROA not after:            Tue 19 May 2026 23:59:59 +0000
asID:                     8987
IP address blocks:        56.136.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:ed:d9:58:5b:70:32:0c:b2:f3:31:d0:1d:04:ba:e6:13:fc:d9:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 18 00:20:37 2026 GMT
            Not After : May 19 23:59:59 2026 GMT
        Subject: serialNumber=8f3bac709b3b2880064d46a78b47d3e91825989aefe02fa13f343112530f2d99, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:c9:91:07:2d:53:68:1c:e2:34:13:7e:f4:48:
                    3a:c9:10:98:8a:f4:d3:80:c8:20:89:cc:0b:ad:28:
                    8d:cc:c7:d8:3e:3f:20:c2:7b:82:f5:13:93:d2:82:
                    59:af:5f:e8:f0:e3:d4:e1:dd:85:e8:14:87:2b:7b:
                    a2:0e:7a:a8:29:8b:64:22:23:d8:54:e1:d1:d5:35:
                    47:0c:9f:fe:4c:39:0a:1b:2c:6b:df:4f:2c:33:d1:
                    e1:35:b1:29:84:98:40:4d:fe:fa:f4:88:43:d1:10:
                    51:8a:48:7c:3d:02:86:79:23:22:d8:fd:ff:57:ef:
                    8c:16:2a:79:05:3d:04:88:04:13:06:79:b2:f1:8f:
                    bd:a3:bc:14:66:88:ed:d2:02:54:7f:20:3a:32:a2:
                    65:b8:be:24:b5:0b:9c:0d:17:9f:56:58:9b:63:2a:
                    4c:2b:73:b3:83:ba:13:da:fb:d4:e2:e7:e2:9f:b1:
                    99:87:e2:5b:ae:ff:00:06:56:d3:ab:69:f3:34:70:
                    7f:67:e2:ff:63:dd:0e:de:a6:ce:fc:75:29:c3:93:
                    ed:2a:62:bb:18:f0:d5:54:cb:1f:d7:b8:01:cb:30:
                    12:e4:8d:d7:fa:e0:87:e1:06:8f:18:35:5b:18:17:
                    3d:2a:f1:38:82:00:3c:81:a0:df:66:15:96:da:f0:
                    17:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:BA:7D:A0:6D:46:D5:C2:4C:1B:EE:08:E9:3E:EA:1A:F1:DC:7D:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0bd38cb3-a515-4ab0-a345-33cb83acf28d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.136.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         68:b6:af:bb:c1:99:43:58:4c:61:34:3f:bb:7a:07:d7:e2:d0:
         58:78:3c:b9:16:2f:a9:be:bf:d4:96:62:39:7c:77:60:12:84:
         0f:9c:ab:a5:45:bf:0c:fc:38:9b:03:6e:b3:3f:14:e0:ed:72:
         61:62:c9:99:b1:1c:34:9f:27:8a:c2:3a:26:44:20:aa:e8:83:
         14:a7:93:8a:94:ce:09:54:49:1e:d5:ce:8d:b3:4c:97:97:01:
         43:1b:82:66:a6:a3:0b:54:0c:e3:50:7f:d4:dd:64:56:33:6d:
         a3:62:e3:ed:25:a9:2b:7c:eb:25:47:14:15:45:e0:5a:13:4e:
         6e:0c:24:f0:80:67:fd:07:49:0a:7a:d9:ba:55:b7:d2:aa:06:
         17:f3:0e:97:34:1f:3e:8f:b6:cb:1d:4c:30:61:96:ce:fd:b4:
         df:a9:ae:7a:20:54:39:c2:f9:da:4e:7d:67:45:a5:60:c7:8a:
         c4:7b:76:16:04:65:e9:de:a2:64:fb:44:fa:3b:2c:9e:89:8c:
         56:56:de:ed:f5:d7:44:39:e8:bc:65:05:b4:a4:66:2e:4d:6e:
         35:b4:37:81:d4:e6:fb:a0:30:97:b9:1a:f5:82:0a:87:07:02:
         69:fc:4d:d6:56:80:76:97:15:3d:23:d5:a6:77:ba:68:20:ab:
         ff:01:76:7d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDO3ZWFtwMgyy8zHQHQS65hP82a8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjE4MDAyMDM3WhcNMjYwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZjNiYWM3MDliM2IyODgwMDY0ZDQ2YTc4YjQ3ZDNlOTE4
MjU5ODlhZWZlMDJmYTEzZjM0MzExMjUzMGYyZDk5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDzyZEHLVNoHOI0E370SDrJEJiK9NOAyCCJzAutKI3Mx9g+
PyDCe4L1E5PSglmvX+jw49Th3YXoFIcre6IOeqgpi2QiI9hU4dHVNUcMn/5MOQob
LGvfTywz0eE1sSmEmEBN/vr0iEPREFGKSHw9AoZ5IyLY/f9X74wWKnkFPQSIBBMG
ebLxj72jvBRmiO3SAlR/IDoyomW4viS1C5wNF59WWJtjKkwrc7ODuhPa+9Ti5+Kf
sZmH4luu/wAGVtOrafM0cH9n4v9j3Q7eps78dSnDk+0qYrsY8NVUyx/XuAHLMBLk
jdf64IfhBo8YNVsYFz0q8TiCADyBoN9mFZba8BdXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUEbp9oG1G1cJMG+4I6T7qGvHcfQEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBiZDM4Y2IzLWE1MTUtNGFiMC1hMzQ1LTMzY2I4M2FjZjI4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4iDANBgkqhkiG9w0BAQsFAAOCAQEAaLavu8GZQ1hMYTQ/u3oH1+LQWHg8
uRYvqb6/1JZiOXx3YBKED5yrpUW/DPw4mwNusz8U4O1yYWLJmbEcNJ8nisI6JkQg
quiDFKeTipTOCVRJHtXOjbNMl5cBQxuCZqajC1QM41B/1N1kVjNto2Lj7SWpK3zr
JUcUFUXgWhNObgwk8IBn/QdJCnrZulW30qoGF/MOlzQfPo+2yx1MMGGWzv2036mu
eiBUOcL52k59Z0WlYMeKxHt2FgRl6d6iZPtE+jssnomMVlbe7fXXRDnovGUFtKRm
Lk1uNbQ3gdTm+6Awl7ka9YIKhwcCafxN1laAdpcVPSPVpne6aCCr/wF2fQ==
-----END CERTIFICATE-----