Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/258e6f29-ec78-4849-a049-84a7edb4a611.roa
File:                     258e6f29-ec78-4849-a049-84a7edb4a611.roa (raw, json)
Hash identifier:          nkz6JukgpQAf/fRdtL6dk3U5A212M3LASHCGHsPKNuo=
Subject key identifier:   F1:FB:7E:FF:57:DF:29:CB:40:A5:ED:85:68:48:68:BC:7B:2B:67:35
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       17423C9911A86BE1CA2DD2591183F2F079DD2A43
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/258e6f29-ec78-4849-a049-84a7edb4a611.roa
Signing time:             Thu 26 Feb 2026 00:00:09 +0000
ROA not before:           Thu 26 Feb 2026 00:00:09 +0000
ROA not after:            Wed 27 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        74.190.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:42:3c:99:11:a8:6b:e1:ca:2d:d2:59:11:83:f2:f0:79:dd:2a:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 26 00:00:09 2026 GMT
            Not After : May 27 23:59:59 2026 GMT
        Subject: serialNumber=f0aa3712a3ae3161dc8a329e1a6da6594b9f96083b9fc501f4edb6d42d742d75, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:7b:7d:71:3f:4f:2b:b6:57:33:de:4e:a3:d0:
                    f8:4d:d1:d0:f0:86:e2:07:a6:4a:47:a7:67:70:be:
                    e0:89:aa:fa:81:a5:99:b8:0b:20:1a:a7:57:7b:ff:
                    e6:13:c7:0c:ae:8a:4b:0c:ac:8a:51:fc:1b:00:2b:
                    87:c4:e7:bb:5c:5a:e4:67:47:08:c5:27:bd:8c:95:
                    8a:20:36:5d:03:73:b0:20:f0:e7:98:ff:ee:97:fc:
                    8e:78:e1:31:3b:55:5d:fb:15:73:a2:eb:c2:b7:f7:
                    9a:cf:78:ae:8d:88:56:02:15:ff:7d:3f:fa:02:4b:
                    72:14:1c:c7:99:12:17:e8:54:99:c0:08:76:e1:8b:
                    d6:4e:27:89:4f:05:8c:2a:a7:ed:41:c5:5a:e5:d4:
                    c9:ca:40:27:7b:93:2f:56:30:4c:25:1b:21:b7:b9:
                    08:8a:cf:45:23:f5:2f:86:2c:0c:4a:e2:9d:6b:de:
                    91:7c:a7:ce:c5:df:cc:00:a4:07:73:39:4b:6f:3a:
                    fe:39:69:b0:6f:c4:d9:64:7f:79:23:19:c0:18:c4:
                    2f:ba:37:01:72:77:e3:38:b1:4f:9e:8c:a7:be:32:
                    dd:ec:ff:08:c6:2a:1f:69:c7:bc:72:64:b2:6b:87:
                    ee:e6:3a:4a:8a:a9:66:51:1b:75:1c:44:89:99:a5:
                    47:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:FB:7E:FF:57:DF:29:CB:40:A5:ED:85:68:48:68:BC:7B:2B:67:35
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/258e6f29-ec78-4849-a049-84a7edb4a611.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.190.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d3:6b:89:45:ef:cf:e2:ff:84:18:fe:0a:16:a8:8e:cf:e6:ab:
         f4:ef:9c:d6:c5:b9:70:f4:65:f0:72:0c:a8:0c:74:15:f0:a8:
         d1:08:13:06:7d:98:36:4e:11:c0:dc:f9:42:2e:df:cb:29:33:
         64:37:ae:2d:78:cf:7b:f0:61:75:91:59:4b:f9:2d:68:82:73:
         a9:f1:48:5e:9a:41:49:ed:94:16:93:c5:b3:b9:33:6c:35:9d:
         ec:a7:bc:66:cb:4d:3a:26:44:97:46:a8:f6:93:1f:23:91:d4:
         8a:7d:68:8a:6e:70:2d:33:b9:b4:92:31:6c:f7:03:49:08:b8:
         3c:34:e1:a3:8e:e2:94:d8:1e:ad:5a:c5:38:f0:92:f4:39:48:
         be:ff:78:5e:46:0d:7f:b9:ec:d8:d8:24:7a:59:06:2b:90:16:
         b6:bb:52:be:ed:3a:62:4c:cf:7e:bc:43:30:cc:67:0d:e1:f1:
         e2:90:dd:5b:cd:b2:9c:56:80:d7:f4:b6:b5:f1:7d:ab:51:27:
         a0:76:18:37:f9:80:62:cd:5f:b5:d7:62:44:2d:51:97:68:e7:
         d3:2d:b5:0a:67:ab:79:c9:48:5f:0a:e7:05:59:06:58:c0:06:
         20:95:09:a6:70:92:23:51:d8:37:06:57:b3:08:e8:0d:ac:a4:
         af:6d:03:ad
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUF0I8mRGoa+HKLdJZEYPy8HndKkMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI2MDAwMDA5WhcNMjYwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMGFhMzcxMmEzYWUzMTYxZGM4YTMyOWUxYTZkYTY1OTRi
OWY5NjA4M2I5ZmM1MDFmNGVkYjZkNDJkNzQyZDc1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVe31xP08rtlcz3k6j0PhN0dDwhuIHpkpHp2dwvuCJqvqB
pZm4CyAap1d7/+YTxwyuiksMrIpR/BsAK4fE57tcWuRnRwjFJ72MlYogNl0Dc7Ag
8OeY/+6X/I544TE7VV37FXOi68K395rPeK6NiFYCFf99P/oCS3IUHMeZEhfoVJnA
CHbhi9ZOJ4lPBYwqp+1BxVrl1MnKQCd7ky9WMEwlGyG3uQiKz0Uj9S+GLAxK4p1r
3pF8p87F38wApAdzOUtvOv45abBvxNlkf3kjGcAYxC+6NwFyd+M4sU+ejKe+Mt3s
/wjGKh9px7xyZLJrh+7mOkqKqWZRG3UcRImZpUdJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8ft+/1ffKctApe2FaEhovHsrZzUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI1OGU2ZjI5LWVjNzgtNDg0OS1hMDQ5LTg0YTdlZGI0YTYxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBKvjANBgkqhkiG9w0BAQsFAAOCAQEA02uJRe/P4v+EGP4KFqiOz+ar9O+c
1sW5cPRl8HIMqAx0FfCo0QgTBn2YNk4RwNz5Qi7fyykzZDeuLXjPe/BhdZFZS/kt
aIJzqfFIXppBSe2UFpPFs7kzbDWd7Ke8ZstNOiZEl0ao9pMfI5HUin1oim5wLTO5
tJIxbPcDSQi4PDTho47ilNgerVrFOPCS9DlIvv94XkYNf7ns2NgkelkGK5AWtrtS
vu06YkzPfrxDMMxnDeHx4pDdW82ynFaA1/S2tfF9q1EnoHYYN/mAYs1ftddiRC1R
l2jn0y21CmereclIXwrnBVkGWMAGIJUJpnCSI1HYNwZXswjoDaykr20DrQ==
-----END CERTIFICATE-----