Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43ece126-f995-47cb-b50e-4dba25e127a8.roa
File:                     43ece126-f995-47cb-b50e-4dba25e127a8.roa (raw, json)
Hash identifier:          0OJEzEMYlepqakbVA4UV4Dl+oYEB3DSVc1OvC/9SlFw=
Subject key identifier:   69:1D:65:C5:8C:34:B6:9E:8E:F7:10:A0:B4:5C:77:81:50:75:A3:98
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3EF951F2EB02415B345D269628350009477308FC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43ece126-f995-47cb-b50e-4dba25e127a8.roa
Signing time:             Tue 24 Feb 2026 02:00:56 +0000
ROA not before:           Tue 24 Feb 2026 02:00:56 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        107.20.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:f9:51:f2:eb:02:41:5b:34:5d:26:96:28:35:00:09:47:73:08:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 24 02:00:56 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=ac5d90beeae99c7d7b9fd32d91f48b5357e900c97087446242e316865f73847b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2b:b6:78:6d:87:34:c9:af:ff:da:b7:a0:52:
                    cd:87:6a:66:3b:f9:19:d4:19:78:7b:40:fc:3a:f0:
                    44:58:e2:06:f4:d0:9d:23:5c:90:13:59:e9:95:eb:
                    79:86:e2:8b:d7:15:9e:13:ba:c4:85:00:4e:d5:d8:
                    9a:59:ea:c4:f5:ee:bd:a5:91:65:5d:e7:30:d2:00:
                    7d:71:72:dd:bf:f7:a9:f2:d4:87:d9:9d:3f:67:d0:
                    d7:ab:03:cd:0a:39:db:e4:cd:7d:6a:b2:d5:dc:f8:
                    2b:e4:f9:a9:36:c4:be:dc:6b:73:52:15:ae:c3:29:
                    d8:70:fa:48:e8:e1:2a:b7:5c:c3:00:d4:5e:33:9a:
                    65:18:c5:11:53:f4:38:23:8a:6a:a8:5e:e1:4e:d4:
                    ac:1d:f2:49:39:a0:0f:93:e5:8d:0c:af:17:64:a0:
                    bb:68:f2:43:05:f6:53:8e:e5:51:60:3e:a6:d3:22:
                    76:a7:2b:f7:e1:aa:42:8a:5d:ff:ce:5f:12:6b:af:
                    86:18:fd:43:69:8e:99:40:37:fa:e3:13:34:87:85:
                    93:14:99:f1:54:ff:9d:c2:28:6c:4c:d5:84:f0:b9:
                    e5:69:0f:df:37:32:9f:f0:75:fe:66:4d:08:b6:e2:
                    f7:ff:a1:a0:de:55:23:8b:ea:38:13:f7:08:fb:b6:
                    d7:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:1D:65:C5:8C:34:B6:9E:8E:F7:10:A0:B4:5C:77:81:50:75:A3:98
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43ece126-f995-47cb-b50e-4dba25e127a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.20.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         29:0f:5a:a9:3d:7b:ab:20:97:27:35:d9:95:cb:4b:5d:8d:c9:
         29:6b:df:fd:53:e7:a4:c2:98:32:2e:db:04:19:eb:ab:6e:3c:
         9f:e5:da:ea:cf:be:31:e2:14:4b:8f:ab:1a:a8:41:7f:93:32:
         e9:71:db:3c:eb:37:dd:76:0a:e9:2a:01:3e:cf:7e:09:4d:7c:
         ba:29:f1:98:41:a2:49:23:06:f7:25:fe:59:3e:a1:b7:7a:59:
         0b:54:24:12:94:a1:2d:ad:80:d1:37:8b:9d:85:0b:a4:8e:47:
         2c:36:e7:10:33:0e:3a:3e:52:7e:c4:a0:24:13:95:cb:e8:71:
         ee:91:5c:1f:1c:ab:da:a0:df:85:35:09:21:bf:11:70:e1:26:
         e6:59:f1:71:7a:c3:ea:82:f8:cc:86:15:25:9f:f5:f8:e6:b4:
         b0:e1:6a:83:4e:2e:cd:af:c0:ff:6a:f6:36:1f:50:08:11:af:
         54:24:13:3e:d6:ac:24:eb:8d:fa:0d:64:b0:69:dc:b1:b7:32:
         c0:8d:53:81:6b:43:49:45:f5:d8:21:ab:6f:a3:94:21:bd:e4:
         8b:5d:e7:69:14:a5:44:26:9e:57:ca:b0:20:4e:cb:8c:04:15:
         83:b0:01:0d:cc:4e:ad:89:1d:34:f7:c8:ce:4f:de:cd:d1:a0:
         7b:28:51:43
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPvlR8usCQVs0XSaWKDUACUdzCPwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI0MDIwMDU2WhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYzVkOTBiZWVhZTk5YzdkN2I5ZmQzMmQ5MWY0OGI1MzU3
ZTkwMGM5NzA4NzQ0NjI0MmUzMTY4NjVmNzM4NDdiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+K7Z4bYc0ya//2regUs2HamY7+RnUGXh7QPw68ERY4gb0
0J0jXJATWemV63mG4ovXFZ4TusSFAE7V2JpZ6sT17r2lkWVd5zDSAH1xct2/96ny
1IfZnT9n0NerA80KOdvkzX1qstXc+Cvk+ak2xL7ca3NSFa7DKdhw+kjo4Sq3XMMA
1F4zmmUYxRFT9DgjimqoXuFO1Kwd8kk5oA+T5Y0MrxdkoLto8kMF9lOO5VFgPqbT
InanK/fhqkKKXf/OXxJrr4YY/UNpjplAN/rjEzSHhZMUmfFU/53CKGxM1YTwueVp
D983Mp/wdf5mTQi24vf/oaDeVSOL6jgT9wj7ttfdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUaR1lxYw0tp6O9xCgtFx3gVB1o5gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzZWNlMTI2LWY5OTUtNDdjYi1iNTBlLTRkYmEyNWUxMjdhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBrFDANBgkqhkiG9w0BAQsFAAOCAQEAKQ9aqT17qyCXJzXZlctLXY3JKWvf
/VPnpMKYMi7bBBnrq248n+Xa6s++MeIUS4+rGqhBf5My6XHbPOs33XYK6SoBPs9+
CU18uinxmEGiSSMG9yX+WT6ht3pZC1QkEpShLa2A0TeLnYULpI5HLDbnEDMOOj5S
fsSgJBOVy+hx7pFcHxyr2qDfhTUJIb8RcOEm5lnxcXrD6oL4zIYVJZ/1+Oa0sOFq
g04uza/A/2r2Nh9QCBGvVCQTPtasJOuN+g1ksGncsbcywI1TgWtDSUX12CGrb6OU
Ib3ki13naRSlRCaeV8qwIE7LjAQVg7ABDcxOrYkdNPfIzk/ezdGgeyhRQw==
-----END CERTIFICATE-----