Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46ffd29f-2469-4e53-b48f-865865efa7e1.roa
File:                     46ffd29f-2469-4e53-b48f-865865efa7e1.roa (raw, json)
Hash identifier:          WJVuuYa2XjsrkXy4Lfla53qX99ygLxH0TIV1IGl5gp4=
Subject key identifier:   30:E7:E8:BC:C5:D9:51:9F:67:B2:F6:FC:91:D1:C4:AD:81:1B:F7:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       23E2D647A253CABE46E89314F3E4267B71DCCDD3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46ffd29f-2469-4e53-b48f-865865efa7e1.roa
Signing time:             Sat 07 Feb 2026 00:31:06 +0000
ROA not before:           Sat 07 Feb 2026 00:31:06 +0000
ROA not after:            Fri 08 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        16.124.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:e2:d6:47:a2:53:ca:be:46:e8:93:14:f3:e4:26:7b:71:dc:cd:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb  7 00:31:06 2026 GMT
            Not After : May  8 23:59:59 2026 GMT
        Subject: serialNumber=dbce0f8fc2ed036733218e96117f74bbb2ea163d9573277b84e6b8e7316fb9cc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:08:50:c1:09:53:4b:13:8a:df:2c:33:3d:6d:
                    aa:eb:49:af:a1:01:21:96:cb:4b:16:86:64:7f:29:
                    1b:22:d5:71:e5:c3:91:1a:e3:1e:40:ad:07:95:1e:
                    26:ff:91:6d:b2:6f:ed:90:9f:cc:24:92:ff:42:7f:
                    26:c0:24:42:32:be:dc:fc:28:51:f4:b9:6e:27:16:
                    05:cb:d3:c7:06:c4:5e:07:dc:bf:07:f2:bc:8f:10:
                    ca:c9:79:9b:66:b6:e2:83:ee:74:a3:cf:0a:09:9f:
                    68:78:01:c7:f4:05:a8:b8:12:8e:d7:a8:41:74:da:
                    11:f4:9a:9b:b5:25:6a:5e:d0:14:98:97:f8:8d:35:
                    96:15:2d:55:86:f6:02:3a:fe:a7:74:0a:94:7a:56:
                    98:3a:9f:18:d5:03:8e:bb:76:73:05:ad:11:e1:e9:
                    92:57:34:88:d3:f5:64:85:4a:0a:fc:45:1f:75:36:
                    e4:40:ca:30:1c:d0:e7:be:8a:08:cf:72:0f:68:47:
                    0f:33:eb:43:db:6a:33:78:7d:eb:62:05:64:fe:ac:
                    da:18:b2:50:f4:92:5c:4e:a3:34:0a:22:fc:89:ff:
                    32:96:f5:3c:8a:63:a9:18:c9:1e:17:dc:b6:bd:4b:
                    3b:f5:b0:a7:c1:4c:90:c6:ba:e4:52:73:a3:88:50:
                    e6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:E7:E8:BC:C5:D9:51:9F:67:B2:F6:FC:91:D1:C4:AD:81:1B:F7:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46ffd29f-2469-4e53-b48f-865865efa7e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.124.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a6:01:11:eb:ed:e6:e8:ec:f4:94:89:bb:44:a0:af:c1:9b:d0:
         1d:70:c1:d0:5f:68:0d:d8:ba:75:2c:53:94:aa:a9:a8:b0:d3:
         cb:a7:a1:12:29:b3:68:c8:da:a3:88:7a:fc:e2:ad:32:17:ce:
         ba:fd:4c:3b:31:46:a9:cf:0b:f0:90:aa:95:0d:1c:a7:f4:1e:
         6f:81:89:66:a7:c5:e3:ab:11:51:9b:aa:51:33:a0:bf:fe:6a:
         61:2f:06:b5:5f:32:6a:e0:29:13:dd:0a:4a:1e:8f:49:1c:12:
         6a:8b:53:ef:64:bd:33:c7:14:2b:96:b3:42:99:32:85:a5:1f:
         7e:31:35:84:58:2b:28:f7:38:5a:3f:28:18:51:c9:ff:e7:ba:
         ad:c1:32:a0:54:2a:d2:17:57:8e:c1:87:df:37:1f:67:68:dc:
         31:c6:55:7a:f9:5b:23:60:a9:a3:ea:1f:b5:43:70:cb:3b:dd:
         28:eb:b9:0f:61:65:74:bf:7c:a7:97:03:e9:06:90:a5:14:bf:
         32:55:d9:b3:03:e5:3e:90:23:10:fb:5d:e9:9a:76:25:dc:75:
         3b:bd:9a:e8:27:a2:33:fa:71:38:91:bf:0e:ae:fc:47:80:ef:
         6a:1f:c2:3d:e8:20:7d:cb:4c:10:c9:40:cd:5c:f7:b6:4a:a3:
         b2:c9:71:f1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUI+LWR6JTyr5G6JMU8+Qme3HczdMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjA3MDAzMTA2WhcNMjYwNTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYmNlMGY4ZmMyZWQwMzY3MzMyMThlOTYxMTdmNzRiYmIy
ZWExNjNkOTU3MzI3N2I4NGU2YjhlNzMxNmZiOWNjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6CFDBCVNLE4rfLDM9barrSa+hASGWy0sWhmR/KRsi1XHl
w5Ea4x5ArQeVHib/kW2yb+2Qn8wkkv9CfybAJEIyvtz8KFH0uW4nFgXL08cGxF4H
3L8H8ryPEMrJeZtmtuKD7nSjzwoJn2h4Acf0Bai4Eo7XqEF02hH0mpu1JWpe0BSY
l/iNNZYVLVWG9gI6/qd0CpR6Vpg6nxjVA467dnMFrRHh6ZJXNIjT9WSFSgr8RR91
NuRAyjAc0Oe+igjPcg9oRw8z60PbajN4fetiBWT+rNoYslD0klxOozQKIvyJ/zKW
9TyKY6kYyR4X3La9Szv1sKfBTJDGuuRSc6OIUOYvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMOfovMXZUZ9nsvb8kdHErYEb930wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ2ZmZkMjlmLTI0NjktNGU1My1iNDhmLTg2NTg2NWVmYTdlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQfDANBgkqhkiG9w0BAQsFAAOCAQEApgER6+3m6Oz0lIm7RKCvwZvQHXDB
0F9oDdi6dSxTlKqpqLDTy6ehEimzaMjao4h6/OKtMhfOuv1MOzFGqc8L8JCqlQ0c
p/Qeb4GJZqfF46sRUZuqUTOgv/5qYS8GtV8yauApE90KSh6PSRwSaotT72S9M8cU
K5azQpkyhaUffjE1hFgrKPc4Wj8oGFHJ/+e6rcEyoFQq0hdXjsGH3zcfZ2jcMcZV
evlbI2Cpo+oftUNwyzvdKOu5D2FldL98p5cD6QaQpRS/MlXZswPlPpAjEPtd6Zp2
Jdx1O72a6CeiM/pxOJG/Dq78R4Dvah/CPeggfctMEMlAzVz3tkqjsslx8Q==
-----END CERTIFICATE-----