Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/490b6781-139e-4caf-a10e-fecef09f1c02.roa
File:                     490b6781-139e-4caf-a10e-fecef09f1c02.roa (raw, json)
Hash identifier:          PFDXv7IlBkvfPX2g+eY2a0IVuD5h5CQFVMW1A8DABu4=
Subject key identifier:   14:17:80:E3:F6:9B:D2:CB:14:0B:9C:A4:A7:4E:65:4D:14:A3:81:E0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4833B1DB4AC94AB5C1980AC5B01599163018CF55
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/490b6781-139e-4caf-a10e-fecef09f1c02.roa
Signing time:             Tue 24 Feb 2026 00:30:15 +0000
ROA not before:           Tue 24 Feb 2026 00:30:15 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f00:5040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:33:b1:db:4a:c9:4a:b5:c1:98:0a:c5:b0:15:99:16:30:18:cf:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 24 00:30:15 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=7bb992bf5afcc1977b0c48ec1b74d1849391be53845d50d92ede4f44510bf313, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:2d:c8:aa:a0:5c:c5:45:23:20:ac:69:1a:a1:
                    dd:49:c6:52:25:95:6e:40:b1:c8:aa:3a:0d:95:89:
                    eb:19:04:7d:ee:47:b0:1a:c2:aa:43:ef:0f:9b:fb:
                    0f:ad:67:18:01:e5:e0:16:94:3f:ec:e3:99:bf:16:
                    21:8e:8d:5b:0a:c5:23:90:0c:d3:90:18:8f:2f:8f:
                    a8:1d:71:80:e2:a7:fb:17:92:74:ba:76:ce:d5:ec:
                    02:c3:ff:e1:57:80:e0:d0:ae:30:37:9e:af:89:5e:
                    e0:69:9a:6d:bb:65:0e:8a:2d:2f:b1:36:db:d7:95:
                    8a:1c:a3:45:b4:79:ba:cc:de:46:54:1c:d8:b0:93:
                    79:1a:2d:04:0a:f3:59:be:e3:64:8a:e6:98:63:27:
                    a1:7f:a4:f3:b8:9d:72:92:ac:86:e2:1d:50:20:77:
                    42:86:ad:1c:0a:83:85:4d:9a:e9:fd:a0:33:6f:97:
                    e0:c5:7b:95:e6:0c:fa:0d:b8:5e:b5:0b:b4:05:84:
                    bd:6f:d4:5f:73:93:a5:0a:de:70:05:a2:f5:d7:1f:
                    d2:4b:11:6c:de:6a:26:a7:76:49:0b:00:66:ff:71:
                    08:02:ac:ef:3d:5a:de:89:9a:c3:f5:81:00:ff:62:
                    7d:c1:d5:a9:17:21:9e:ab:07:9c:25:a6:b9:c5:c0:
                    33:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:17:80:E3:F6:9B:D2:CB:14:0B:9C:A4:A7:4E:65:4D:14:A3:81:E0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/490b6781-139e-4caf-a10e-fecef09f1c02.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:5040::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:68:1e:d4:f2:13:3c:e8:e7:e6:30:eb:1c:17:e7:33:d1:71:
         a8:de:ac:20:7d:74:90:69:20:7f:11:4f:3d:ba:c7:49:7f:a3:
         57:87:1c:e3:76:d6:0e:47:58:d3:da:b1:a3:be:6b:48:dc:d9:
         5f:f5:8f:cc:09:1a:a6:65:9d:4f:7d:00:da:cd:a8:b9:37:98:
         4b:45:6a:ad:0a:ac:85:7a:a6:d7:6a:d4:51:b5:e6:a1:fb:2f:
         2f:96:57:b8:c5:6b:77:19:b4:4c:57:90:46:54:ed:b4:88:41:
         24:0b:61:04:ba:33:aa:08:31:e4:f9:75:95:05:cc:4f:32:33:
         3b:9d:e4:92:19:5b:47:12:93:79:bd:02:4e:23:80:47:80:79:
         f9:eb:4e:0f:e1:2b:8e:d9:30:39:3b:4e:7e:2b:ae:07:e6:62:
         c4:ff:3f:56:8d:7c:ba:7c:b4:a2:3c:45:db:4b:18:11:d4:ec:
         a9:ee:af:de:3d:10:78:58:06:76:57:ee:3e:be:02:4d:79:c7:
         e7:ed:e2:80:8d:7c:e6:d7:24:47:27:3c:2e:91:68:4c:c2:8c:
         03:94:3c:27:d2:11:13:7c:a4:d2:e9:1f:df:45:1c:5c:a7:c9:
         85:bc:f6:f8:b7:e8:1e:70:54:28:fe:86:a7:b2:d4:92:ed:59:
         b8:bd:80:02
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUSDOx20rJSrXBmArFsBWZFjAYz1UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI0MDAzMDE1WhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YmI5OTJiZjVhZmNjMTk3N2IwYzQ4ZWMxYjc0ZDE4NDkz
OTFiZTUzODQ1ZDUwZDkyZWRlNGY0NDUxMGJmMzEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgLciqoFzFRSMgrGkaod1JxlIllW5AsciqOg2ViesZBH3u
R7AawqpD7w+b+w+tZxgB5eAWlD/s45m/FiGOjVsKxSOQDNOQGI8vj6gdcYDip/sX
knS6ds7V7ALD/+FXgODQrjA3nq+JXuBpmm27ZQ6KLS+xNtvXlYoco0W0ebrM3kZU
HNiwk3kaLQQK81m+42SK5phjJ6F/pPO4nXKSrIbiHVAgd0KGrRwKg4VNmun9oDNv
l+DFe5XmDPoNuF61C7QFhL1v1F9zk6UK3nAFovXXH9JLEWzeaiandkkLAGb/cQgC
rO89Wt6JmsP1gQD/Yn3B1akXIZ6rB5wlprnFwDO1AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUFBeA4/ab0ssUC5ykp05lTRSjgeAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5MGI2NzgxLTEzOWUtNGNhZi1hMTBlLWZlY2VmMDlmMWMwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AUEAwDQYJKoZIhvcNAQELBQADggEBAKVoHtTyEzzo5+Yw6xwX5zPR
cajerCB9dJBpIH8RTz26x0l/o1eHHON21g5HWNPasaO+a0jc2V/1j8wJGqZlnU99
ANrNqLk3mEtFaq0KrIV6ptdq1FG15qH7Ly+WV7jFa3cZtExXkEZU7bSIQSQLYQS6
M6oIMeT5dZUFzE8yMzud5JIZW0cSk3m9Ak4jgEeAefnrTg/hK47ZMDk7Tn4rrgfm
YsT/P1aNfLp8tKI8RdtLGBHU7Knur949EHhYBnZX7j6+Ak15x+ft4oCNfObXJEcn
PC6RaEzCjAOUPCfSERN8pNLpH99FHFynyYW89vi36B5wVCj+hqey1JLtWbi9gAI=
-----END CERTIFICATE-----