Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/435a4520-90a7-4288-a55a-b74a6879fd02.roa
File:                     435a4520-90a7-4288-a55a-b74a6879fd02.roa (raw, json)
Hash identifier:          0iDFsenj7kFQmPBv9S/bvctdujVq3QhAMKng/KY0bpU=
Subject key identifier:   74:9E:F9:A2:6E:D7:50:9E:42:E0:B5:1A:E8:14:76:07:C1:52:E8:6C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0B840C75E6821FA05AF883247A9C4555F43CB12C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/435a4520-90a7-4288-a55a-b74a6879fd02.roa
Signing time:             Tue 10 Feb 2026 00:51:20 +0000
ROA not before:           Tue 10 Feb 2026 00:51:20 +0000
ROA not after:            Mon 11 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.128.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:84:0c:75:e6:82:1f:a0:5a:f8:83:24:7a:9c:45:55:f4:3c:b1:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 10 00:51:20 2026 GMT
            Not After : May 11 23:59:59 2026 GMT
        Subject: serialNumber=1f6f7eeba0afdac6f541138b2008bc6bacca36b20fa904a749ee26618d81783f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2c:be:c2:f3:0b:d7:3d:45:8d:0e:76:8e:1a:
                    9a:24:45:bc:95:0c:d2:c9:4f:91:fb:ac:f2:be:4c:
                    57:d8:f6:c7:5b:e1:4d:b8:61:2d:5e:46:88:1c:b7:
                    32:96:26:a6:77:d8:1d:f6:23:64:15:35:1f:07:09:
                    59:5b:c3:32:b6:2d:45:2a:74:04:27:0a:fa:51:7f:
                    24:3b:b9:b0:cb:e5:b6:11:f0:f4:15:f2:d8:fa:6b:
                    fa:02:7f:90:f8:a2:21:5b:b1:92:c2:06:59:e4:7f:
                    54:a9:65:75:bb:70:60:a1:4b:a1:70:17:e2:23:3f:
                    e1:50:b9:32:2a:eb:04:16:6a:7c:24:7e:1f:32:26:
                    9b:b7:75:3c:74:b9:c7:dd:3c:f3:83:cb:c3:05:81:
                    25:d1:a0:51:78:96:49:b2:7f:72:ad:a6:a7:1b:14:
                    1d:6c:79:27:38:d4:81:69:cd:c3:90:4c:92:55:c5:
                    f4:7b:78:b0:87:74:87:89:60:88:e7:4b:a2:7d:49:
                    cd:32:a6:11:7d:09:3b:3f:1b:eb:75:00:ee:8d:ee:
                    47:5d:14:e0:4a:3d:9c:28:77:de:39:fa:9c:73:ef:
                    05:6c:b3:b5:66:71:54:2d:0b:e3:78:6c:ea:eb:c9:
                    f2:f0:3b:c3:31:e8:b4:28:4a:d8:a1:38:cc:89:56:
                    63:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:9E:F9:A2:6E:D7:50:9E:42:E0:B5:1A:E8:14:76:07:C1:52:E8:6C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/435a4520-90a7-4288-a55a-b74a6879fd02.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         c0:84:8b:ce:2f:62:53:da:27:18:7b:61:04:7a:b5:1b:54:aa:
         c7:8d:e3:c3:51:1b:36:00:ee:a4:c8:ca:c6:1c:98:04:db:2a:
         4b:2c:a7:06:24:e3:17:a5:32:2e:80:ca:ae:75:cc:ae:36:ea:
         47:8a:18:ac:42:d1:0f:63:bd:67:17:85:fc:b1:9f:8c:8f:97:
         b1:33:89:35:cc:52:d3:18:68:3a:f1:37:04:dc:35:14:98:55:
         65:0f:22:e1:fd:03:c5:00:31:1e:ec:93:c6:9e:34:47:6b:71:
         54:e9:34:9f:bb:4c:19:29:02:7a:e3:c3:78:ae:41:27:34:5a:
         93:1c:eb:1a:51:ed:eb:e8:fc:ae:c4:4a:71:21:b9:a7:b6:8d:
         bc:28:c1:1f:3d:45:29:58:dc:5e:90:bc:55:50:53:a5:cd:59:
         c9:01:bd:56:15:d0:68:27:cd:f1:07:62:13:71:39:fe:88:fc:
         73:13:72:3f:90:b4:5f:1a:94:8a:71:a3:e3:16:e0:ce:14:c5:
         4d:be:41:36:d7:a8:36:7c:20:95:16:23:17:82:e1:4e:32:dd:
         67:9b:0a:83:c6:70:53:90:11:d9:f7:ca:bd:8a:b4:b5:7c:36:
         92:99:37:73:e5:28:37:3a:4e:ed:b7:87:70:63:94:10:50:e9:
         77:d0:37:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC4QMdeaCH6Ba+IMkepxFVfQ8sSwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjEwMDA1MTIwWhcNMjYwNTExMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZjZmN2VlYmEwYWZkYWM2ZjU0MTEzOGIyMDA4YmM2YmFj
Y2EzNmIyMGZhOTA0YTc0OWVlMjY2MThkODE3ODNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6LL7C8wvXPUWNDnaOGpokRbyVDNLJT5H7rPK+TFfY9sdb
4U24YS1eRogctzKWJqZ32B32I2QVNR8HCVlbwzK2LUUqdAQnCvpRfyQ7ubDL5bYR
8PQV8tj6a/oCf5D4oiFbsZLCBlnkf1SpZXW7cGChS6FwF+IjP+FQuTIq6wQWanwk
fh8yJpu3dTx0ucfdPPODy8MFgSXRoFF4lkmyf3KtpqcbFB1seSc41IFpzcOQTJJV
xfR7eLCHdIeJYIjnS6J9Sc0yphF9CTs/G+t1AO6N7kddFOBKPZwod945+pxz7wVs
s7VmcVQtC+N4bOrryfLwO8Mx6LQoStihOMyJVmN3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdJ75om7XUJ5C4LUa6BR2B8FS6GwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzNWE0NTIwLTkwYTctNDI4OC1hNTVhLWI3NGE2ODc5ZmQwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVM34AwDQYJKoZIhvcNAQELBQADggEBAMCEi84vYlPaJxh7YQR6tRtUqseN
48NRGzYA7qTIysYcmATbKksspwYk4xelMi6Ayq51zK426keKGKxC0Q9jvWcXhfyx
n4yPl7EziTXMUtMYaDrxNwTcNRSYVWUPIuH9A8UAMR7sk8aeNEdrcVTpNJ+7TBkp
Anrjw3iuQSc0WpMc6xpR7evo/K7ESnEhuae2jbwowR89RSlY3F6QvFVQU6XNWckB
vVYV0GgnzfEHYhNxOf6I/HMTcj+QtF8alIpxo+MW4M4UxU2+QTbXqDZ8IJUWIxeC
4U4y3WebCoPGcFOQEdn3yr2KtLV8NpKZN3PlKDc6Tu23h3BjlBBQ6XfQN7k=
-----END CERTIFICATE-----