Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/12b6201c-9d02-4277-832d-0f1c79e967c0.roa
File:                     12b6201c-9d02-4277-832d-0f1c79e967c0.roa (raw, json)
Hash identifier:          GAwP8NsU1r5HA/ngcuWdp2lj9JZXzPj2xg2h0B9dLGQ=
Subject key identifier:   D1:2B:99:1E:93:E7:CB:51:78:97:45:DC:16:6A:F3:83:36:A6:A6:66
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       03917BC6A4677801A6E9C64C4569BF540ADC5A51
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/12b6201c-9d02-4277-832d-0f1c79e967c0.roa
Signing time:             Wed 25 Feb 2026 01:50:36 +0000
ROA not before:           Wed 25 Feb 2026 01:50:36 +0000
ROA not after:            Tue 26 May 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        23.23.80.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:91:7b:c6:a4:67:78:01:a6:e9:c6:4c:45:69:bf:54:0a:dc:5a:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 25 01:50:36 2026 GMT
            Not After : May 26 23:59:59 2026 GMT
        Subject: serialNumber=5374377edfe1633e70975911186013ee482c4f3f6de362d2c38be51d8e3a82fb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:37:41:4d:be:a4:57:9d:b9:28:eb:bf:9b:f5:
                    be:14:5a:75:af:06:0f:30:bf:ee:cd:d2:b7:d8:82:
                    d3:60:17:77:10:4c:17:36:b8:bf:da:77:c1:d8:c0:
                    8e:69:b5:ed:bd:7b:2b:bc:66:f9:d4:18:e6:d4:50:
                    35:35:26:b3:b9:5c:c3:70:9b:37:fc:b8:68:f6:1b:
                    31:5f:cc:42:94:1d:52:31:53:22:fe:f8:9b:a6:f7:
                    d7:7c:5d:f3:71:6f:39:8c:78:74:3d:f6:d1:09:8b:
                    ad:b2:9d:57:44:26:f4:a0:f2:ac:31:8b:4e:d5:67:
                    be:76:f0:35:9f:cd:e0:c9:67:d0:69:02:db:b7:74:
                    e7:6e:0d:2f:37:3a:f3:a2:29:c1:86:94:2f:10:1a:
                    d6:c4:8a:ab:d0:0c:4b:ce:26:ac:be:b3:9f:78:bb:
                    a4:16:3b:86:3d:a1:bf:f1:41:f2:8a:c2:54:96:fc:
                    28:18:88:cc:d8:9a:c2:39:83:30:d7:d2:af:f4:c7:
                    57:8d:71:e4:51:6b:27:bc:f7:d6:b4:09:bb:8f:bb:
                    9c:d4:bc:16:44:64:b4:25:1d:05:84:af:4b:56:7c:
                    41:88:8e:4b:57:45:01:78:d4:64:49:6e:46:c6:ba:
                    b8:8d:a6:57:34:20:f9:43:ed:2f:f7:98:2c:40:d8:
                    d3:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:2B:99:1E:93:E7:CB:51:78:97:45:DC:16:6A:F3:83:36:A6:A6:66
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/12b6201c-9d02-4277-832d-0f1c79e967c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.23.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6b:d7:30:25:95:fe:00:1f:3f:6c:c8:d0:76:af:af:a5:3a:ce:
         b3:ab:0f:0d:7f:23:88:a6:0f:04:54:d6:2b:95:8f:1a:de:0e:
         db:c1:38:c8:e0:e8:f1:76:da:65:4e:be:61:c4:e1:02:b8:e7:
         02:8c:2e:e0:82:e4:f2:7f:7d:8d:c1:90:73:3b:c7:50:3f:18:
         57:7d:e3:90:03:b4:47:17:0f:f0:14:d6:50:b5:fb:09:96:35:
         3c:03:78:b6:39:50:f6:a5:09:45:e1:37:e7:69:b6:85:0c:68:
         c7:4b:61:68:fe:45:2b:3f:1b:c6:7e:88:7d:e4:15:f5:28:3a:
         80:cf:43:0e:b2:6b:ca:4b:bb:5e:fc:aa:91:b0:3c:af:81:57:
         39:b9:94:35:1b:0d:7b:3e:47:10:b9:72:c7:8b:6c:bf:51:3a:
         9e:4d:d1:9f:3d:26:5b:a5:ec:49:8c:9f:ec:e8:e1:e8:81:40:
         b5:dc:86:85:7b:4d:bd:a3:07:48:95:7d:13:35:28:64:f5:95:
         7a:57:49:86:3b:04:a4:30:34:54:f2:42:af:69:fd:cb:25:b7:
         3f:38:df:8a:ea:9c:e6:91:e1:53:72:89:40:78:bd:ea:a1:cb:
         63:97:6f:41:53:6c:c8:82:4a:46:23:0a:22:16:e3:d7:6b:60:
         ca:5a:26:74
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA5F7xqRneAGm6cZMRWm/VArcWlEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI1MDE1MDM2WhcNMjYwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Mzc0Mzc3ZWRmZTE2MzNlNzA5NzU5MTExODYwMTNlZTQ4
MmM0ZjNmNmRlMzYyZDJjMzhiZTUxZDhlM2E4MmZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUN0FNvqRXnbko67+b9b4UWnWvBg8wv+7N0rfYgtNgF3cQ
TBc2uL/ad8HYwI5pte29eyu8ZvnUGObUUDU1JrO5XMNwmzf8uGj2GzFfzEKUHVIx
UyL++Jum99d8XfNxbzmMeHQ99tEJi62ynVdEJvSg8qwxi07VZ7528DWfzeDJZ9Bp
Atu3dOduDS83OvOiKcGGlC8QGtbEiqvQDEvOJqy+s594u6QWO4Y9ob/xQfKKwlSW
/CgYiMzYmsI5gzDX0q/0x1eNceRRaye899a0CbuPu5zUvBZEZLQlHQWEr0tWfEGI
jktXRQF41GRJbkbGuriNplc0IPlD7S/3mCxA2NOfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0SuZHpPny1F4l0XcFmrzgzampmYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEyYjYyMDFjLTlkMDItNDI3Ny04MzJkLTBmMWM3OWU5NjdjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQXF1AwDQYJKoZIhvcNAQELBQADggEBAGvXMCWV/gAfP2zI0Havr6U6zrOr
Dw1/I4imDwRU1iuVjxreDtvBOMjg6PF22mVOvmHE4QK45wKMLuCC5PJ/fY3BkHM7
x1A/GFd945ADtEcXD/AU1lC1+wmWNTwDeLY5UPalCUXhN+dptoUMaMdLYWj+RSs/
G8Z+iH3kFfUoOoDPQw6ya8pLu178qpGwPK+BVzm5lDUbDXs+RxC5cseLbL9ROp5N
0Z89Jlul7EmMn+zo4eiBQLXchoV7Tb2jB0iVfRM1KGT1lXpXSYY7BKQwNFTyQq9p
/csltz8434rqnOaR4VNyiUB4veqhy2OXb0FTbMiCSkYjCiIW49drYMpaJnQ=
-----END CERTIFICATE-----