Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14b1d285-4058-4a8b-9eda-f77806745e6a.roa
File:                     14b1d285-4058-4a8b-9eda-f77806745e6a.roa (raw, json)
Hash identifier:          mZesagZ9AdRSEZdMoZhHfP9LR903uYEsea1cQBapcEc=
Subject key identifier:   D1:8E:EE:35:E4:F6:52:27:F7:B4:64:2D:C3:31:66:51:17:CB:2D:FC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       24616EB5AF05F4FF13FE04A509D5854AE91EC674
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14b1d285-4058-4a8b-9eda-f77806745e6a.roa
Signing time:             Tue 24 Feb 2026 00:40:14 +0000
ROA not before:           Tue 24 Feb 2026 00:40:14 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:50c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:61:6e:b5:af:05:f4:ff:13:fe:04:a5:09:d5:85:4a:e9:1e:c6:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 24 00:40:14 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=2a1e939dc5c440880df822f24f5a8ff19d6a5f9a0b443e8b3866e966a9cc7c41, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:73:bb:7f:a3:63:c2:c3:59:64:d8:b9:6a:a8:
                    7f:d5:a3:e9:fe:47:c2:cf:7d:6b:7d:ba:89:4b:ea:
                    32:a4:36:80:5d:2b:57:66:8c:12:67:2b:15:44:39:
                    15:fe:f9:7c:5d:de:a0:d2:f3:d4:f2:a2:cf:4e:23:
                    7e:ff:23:59:90:24:82:6d:55:09:6e:76:69:02:0f:
                    38:18:8a:a0:ed:83:6f:b6:31:24:aa:ef:8e:c5:f0:
                    34:b4:9b:39:0a:79:c7:36:26:17:da:cc:9e:ec:a5:
                    68:20:d6:95:23:67:47:23:c3:dd:61:3c:d2:47:8b:
                    8f:74:27:93:39:b0:21:e6:f4:6f:52:7a:29:27:db:
                    1c:7c:62:b2:80:8f:e0:56:4f:6e:e5:4f:84:e2:63:
                    13:c6:e6:a4:8c:bf:fd:7c:f2:4f:97:f3:77:67:26:
                    9d:bf:ba:6d:04:ed:b8:62:3a:0b:f5:ca:2d:4a:b0:
                    df:c2:ed:11:4c:d5:a7:ba:bf:21:4c:69:3e:52:c0:
                    ba:b2:11:5e:9a:27:cf:e0:e1:66:e6:ca:27:5b:44:
                    34:8f:c2:71:97:94:e2:8b:49:ef:76:86:66:f5:2f:
                    ae:be:cc:01:79:5b:34:56:75:22:99:94:42:98:9e:
                    69:1b:01:c1:93:6a:b5:9f:cc:a8:54:34:7b:b6:90:
                    f2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:8E:EE:35:E4:F6:52:27:F7:B4:64:2D:C3:31:66:51:17:CB:2D:FC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14b1d285-4058-4a8b-9eda-f77806745e6a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:50c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:c3:2b:b1:f7:ba:5c:ab:63:b5:0e:2b:28:c9:26:f7:0c:33:
         90:68:a5:81:10:f5:89:99:73:d9:fb:f9:38:fa:a9:4e:99:0f:
         05:ae:c6:3f:ce:3c:d2:7a:23:32:5f:7a:c2:f2:34:f3:d5:74:
         2e:97:02:49:0d:84:76:59:74:69:fa:52:24:43:b3:98:c1:9b:
         5e:5c:1e:ea:48:46:14:af:ad:85:03:62:51:18:04:73:10:c6:
         02:d9:c9:fe:ec:e7:55:d8:ad:b0:c3:2e:07:20:c1:1f:f7:c8:
         1f:91:a6:17:bc:2f:1f:73:08:f7:6c:09:f9:be:93:a5:21:8a:
         70:2c:09:0b:da:da:47:7b:8e:6c:f6:4a:75:1f:82:97:14:b7:
         45:e1:fb:11:ac:13:79:c8:1b:23:31:f1:ba:f4:fc:6d:02:d5:
         2b:77:7e:ea:21:2b:55:63:e8:6b:f4:6f:7a:42:fe:1c:94:3e:
         f0:59:3d:9e:4f:8a:b9:9a:10:e5:3f:54:85:7a:ed:0c:b8:1e:
         26:ec:b0:d8:b1:4b:9e:dd:1d:20:90:98:9e:f4:e8:06:f8:08:
         0e:7e:4a:85:53:7e:21:e8:e6:13:a3:65:af:88:6e:53:5a:00:
         b3:22:3d:31:de:91:cc:91:21:e3:89:b5:74:73:59:bb:57:f6:
         54:5b:28:43
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUJGFuta8F9P8T/gSlCdWFSukexnQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI0MDA0MDE0WhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTFlOTM5ZGM1YzQ0MDg4MGRmODIyZjI0ZjVhOGZmMTlk
NmE1ZjlhMGI0NDNlOGIzODY2ZTk2NmE5Y2M3YzQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYc7t/o2PCw1lk2LlqqH/Vo+n+R8LPfWt9uolL6jKkNoBd
K1dmjBJnKxVEORX++Xxd3qDS89Tyos9OI37/I1mQJIJtVQludmkCDzgYiqDtg2+2
MSSq747F8DS0mzkKecc2JhfazJ7spWgg1pUjZ0cjw91hPNJHi490J5M5sCHm9G9S
eikn2xx8YrKAj+BWT27lT4TiYxPG5qSMv/188k+X83dnJp2/um0E7bhiOgv1yi1K
sN/C7RFM1ae6vyFMaT5SwLqyEV6aJ8/g4WbmyidbRDSPwnGXlOKLSe92hmb1L66+
zAF5WzRWdSKZlEKYnmkbAcGTarWfzKhUNHu2kPLbAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU0Y7uNeT2Uif3tGQtwzFmURfLLfwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE0YjFkMjg1LTQwNTgtNGE4Yi05ZWRhLWY3NzgwNjc0NWU2YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/yUMAwDQYJKoZIhvcNAQELBQADggEBACrDK7H3ulyrY7UOKyjJJvcM
M5BopYEQ9YmZc9n7+Tj6qU6ZDwWuxj/OPNJ6IzJfesLyNPPVdC6XAkkNhHZZdGn6
UiRDs5jBm15cHupIRhSvrYUDYlEYBHMQxgLZyf7s51XYrbDDLgcgwR/3yB+Rphe8
Lx9zCPdsCfm+k6UhinAsCQva2kd7jmz2SnUfgpcUt0Xh+xGsE3nIGyMx8br0/G0C
1St3fuohK1Vj6Gv0b3pC/hyUPvBZPZ5PirmaEOU/VIV67Qy4HibssNixS57dHSCQ
mJ706Ab4CA5+SoVTfiHo5hOjZa+IblNaALMiPTHekcyRIeOJtXRzWbtX9lRbKEM=
-----END CERTIFICATE-----