Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/241f4132-bfd8-45b5-8038-fc51213db63e.roa
File:                     241f4132-bfd8-45b5-8038-fc51213db63e.roa (raw, json)
Hash identifier:          E4upca69BOWq4/8wmlSoAp8Pef/PqoHebgnI4nP1RMw=
Subject key identifier:   86:06:2F:E5:D3:0E:69:CF:C4:8E:4A:98:40:9D:A6:AF:19:E5:68:2D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5CD52266F74A8A4B8F9080C3DFC6BB531DA5E574
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/241f4132-bfd8-45b5-8038-fc51213db63e.roa
Signing time:             Sat 28 Feb 2026 00:00:04 +0000
ROA not before:           Sat 28 Feb 2026 00:00:04 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1fef:3400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:d5:22:66:f7:4a:8a:4b:8f:90:80:c3:df:c6:bb:53:1d:a5:e5:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 28 00:00:04 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=a2e0670c4e7e73b3357b0fe9c3bbf5ddb3879da34935f35ebddb86634b66f9be, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0f:81:71:b6:57:43:ce:f7:3a:ca:3b:28:61:
                    45:d1:b8:f1:f8:b5:50:18:ab:57:c4:f2:c3:ba:ae:
                    04:ce:be:ea:6f:bb:88:9f:43:7e:c1:15:9a:7c:c9:
                    14:68:70:6d:b1:45:09:b7:ca:14:39:1d:01:22:81:
                    e5:0b:f5:d7:b3:d1:18:34:6a:77:a8:d5:f6:2e:07:
                    04:fd:2a:76:dd:9a:8d:4c:6a:62:e3:a2:25:ec:df:
                    b4:e6:c9:7e:94:03:c2:89:a4:7c:2b:b1:4e:d5:7f:
                    56:b0:52:25:e9:37:63:58:ae:90:35:d6:21:68:47:
                    59:79:19:9b:4b:3a:5c:fa:40:4f:ee:01:cc:3c:d6:
                    26:76:ad:16:28:16:7b:8d:7a:3c:c0:54:60:80:5a:
                    15:13:ae:5f:66:8b:96:91:0d:67:e2:7e:ed:aa:0b:
                    93:9c:8f:15:1a:e7:13:f1:34:13:dc:a2:35:1f:33:
                    34:0c:c0:9d:1d:ce:09:38:04:d9:8f:cb:3b:a5:ce:
                    07:98:25:f7:91:ed:f7:78:a8:3c:04:43:bd:d8:91:
                    60:96:d6:af:16:60:6d:48:db:16:3a:20:9d:3b:be:
                    32:f7:8e:cd:93:48:e1:7a:4e:92:04:ae:2f:dc:84:
                    f8:0b:49:ae:1c:7d:05:36:28:c5:02:b1:c0:0c:e4:
                    bc:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:06:2F:E5:D3:0E:69:CF:C4:8E:4A:98:40:9D:A6:AF:19:E5:68:2D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/241f4132-bfd8-45b5-8038-fc51213db63e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fef:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         6b:1f:c1:11:08:a9:f1:51:a9:fd:93:1a:05:26:31:27:f5:02:
         e2:75:a8:1c:54:14:1e:d5:9c:d1:9b:e3:f1:f7:36:d6:16:7f:
         ce:21:f8:c2:95:1d:fe:39:ba:d0:b1:7b:30:27:f7:af:b2:db:
         c1:32:f2:b8:ad:9c:5f:38:cf:3a:f4:2f:21:8d:b1:13:e2:15:
         fa:d2:a2:dd:e0:21:09:9a:90:e6:ef:a6:ed:43:10:2f:00:53:
         ce:8b:ae:a5:41:9c:75:a0:99:24:e5:5d:ad:20:d3:c8:1e:44:
         e8:51:1e:ca:f0:50:47:da:5c:0b:8d:90:1c:2e:f3:fc:23:31:
         50:38:4e:fe:5e:dc:f4:91:59:36:49:49:88:d2:fa:28:5a:61:
         56:a5:32:f0:28:ba:1d:ee:b5:ef:2a:16:3f:f3:1c:56:54:69:
         f7:a2:ea:13:6e:a5:2d:f3:19:76:fa:92:91:a4:2a:7a:0c:55:
         e4:cc:1e:c5:42:ff:f4:eb:70:25:a9:b0:78:75:68:34:96:e6:
         7e:f8:37:a0:54:ee:96:d4:40:ee:7a:c2:47:81:da:e7:db:42:
         4d:e6:c1:e3:fd:f2:3e:a9:49:f8:b6:13:10:25:cb:23:1f:16:
         5a:a5:51:b2:ab:db:7a:3d:25:eb:7e:90:c7:0f:8f:12:3d:b2:
         00:0e:59:82
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUXNUiZvdKikuPkIDD38a7Ux2l5XQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI4MDAwMDA0WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMmUwNjcwYzRlN2U3M2IzMzU3YjBmZTljM2JiZjVkZGIz
ODc5ZGEzNDkzNWYzNWViZGRiODY2MzRiNjZmOWJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiD4FxtldDzvc6yjsoYUXRuPH4tVAYq1fE8sO6rgTOvupv
u4ifQ37BFZp8yRRocG2xRQm3yhQ5HQEigeUL9dez0Rg0aneo1fYuBwT9Knbdmo1M
amLjoiXs37TmyX6UA8KJpHwrsU7Vf1awUiXpN2NYrpA11iFoR1l5GZtLOlz6QE/u
Acw81iZ2rRYoFnuNejzAVGCAWhUTrl9mi5aRDWfifu2qC5OcjxUa5xPxNBPcojUf
MzQMwJ0dzgk4BNmPyzulzgeYJfeR7fd4qDwEQ73YkWCW1q8WYG1I2xY6IJ07vjL3
js2TSOF6TpIEri/chPgLSa4cfQU2KMUCscAM5LzVAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUhgYv5dMOac/EjkqYQJ2mrxnlaC0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI0MWY0MTMyLWJmZDgtNDViNS04MDM4LWZjNTEyMTNkYjYzZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/vNDANBgkqhkiG9w0BAQsFAAOCAQEAax/BEQip8VGp/ZMaBSYxJ/UC
4nWoHFQUHtWc0Zvj8fc21hZ/ziH4wpUd/jm60LF7MCf3r7LbwTLyuK2cXzjPOvQv
IY2xE+IV+tKi3eAhCZqQ5u+m7UMQLwBTzouupUGcdaCZJOVdrSDTyB5E6FEeyvBQ
R9pcC42QHC7z/CMxUDhO/l7c9JFZNklJiNL6KFphVqUy8Ci6He617yoWP/McVlRp
96LqE26lLfMZdvqSkaQqegxV5MwexUL/9OtwJamweHVoNJbmfvg3oFTultRA7nrC
R4Ha59tCTebB4/3yPqlJ+LYTECXLIx8WWqVRsqvbej0l636Qxw+PEj2yAA5Zgg==
-----END CERTIFICATE-----