Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6166f91a-82ea-4409-a825-27c3c3bcb4e5.roa
File:                     6166f91a-82ea-4409-a825-27c3c3bcb4e5.roa (raw, json)
Hash identifier:          dSFFKVhAnxwVDb2x/LBvSwGXShod6pLeZyWKaMPKCoo=
Subject key identifier:   D7:CB:91:C8:E2:63:95:9C:21:B2:D3:42:2C:58:7C:28:C6:15:93:E8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4E27DC606C8561480AA860541BF0E3D24FA0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6166f91a-82ea-4409-a825-27c3c3bcb4e5.roa
Signing time:             Wed 20 May 2026 00:30:12 +0000
ROA not before:           Wed 20 May 2026 00:30:12 +0000
ROA not after:            Tue 18 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        202.174.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 14 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:27:dc:60:6c:85:61:48:0a:a8:60:54:1b:f0:e3:d2:4f:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 20 00:30:12 2026 GMT
            Not After : Aug 18 23:59:59 2026 GMT
        Subject: serialNumber=17bd4d1ba4b912d801e71c51b0a824c6370686af3b95d8294054b2cb2382ef40, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f9:3d:77:77:e8:2c:6f:87:d6:d6:61:39:e5:
                    cf:fb:28:eb:71:44:9e:3f:84:fa:bb:b7:21:24:fb:
                    e7:3f:73:bd:ac:a0:42:cc:00:4b:7c:96:4b:3c:9f:
                    58:79:53:af:1f:a8:39:9b:65:ac:72:a9:16:25:fc:
                    63:7c:7c:c2:d3:b6:bc:dc:bf:6c:57:42:2f:80:6a:
                    ed:9c:1d:0d:00:e6:e5:93:9e:aa:b9:af:ef:e3:37:
                    4e:17:e7:6f:27:b2:a3:3e:78:0d:e5:9b:99:a3:0b:
                    8f:64:5f:ac:94:b5:2f:10:64:59:88:45:8a:5d:13:
                    28:05:b7:01:8d:f1:a5:f2:1a:61:1e:9f:e5:5e:35:
                    53:77:b0:e8:83:a7:2e:36:9f:02:b3:4c:95:91:ef:
                    c3:ab:36:33:14:59:56:6b:7e:bb:af:87:7c:8d:e6:
                    98:40:1e:41:32:e8:d6:72:ce:3a:05:52:9a:ac:d9:
                    50:1a:ca:97:ba:5b:91:ed:cb:ab:22:c0:a6:0b:fe:
                    d7:6d:a4:23:69:71:a4:da:ad:c5:38:03:17:aa:77:
                    7a:fe:0a:12:b7:45:f8:72:51:7b:2b:03:71:1f:c0:
                    b0:12:72:94:36:b9:93:25:de:5b:90:ad:1e:5e:45:
                    b5:c8:2a:cd:67:0e:a1:61:87:3c:08:f2:85:4e:e0:
                    ce:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:CB:91:C8:E2:63:95:9C:21:B2:D3:42:2C:58:7C:28:C6:15:93:E8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6166f91a-82ea-4409-a825-27c3c3bcb4e5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.174.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:ba:17:39:2f:87:ef:b7:09:d1:fc:3f:da:ae:47:93:37:13:
         ed:d6:0d:9b:5d:fd:d1:83:42:ee:ab:f3:82:e1:65:ae:63:33:
         b1:fd:c0:6b:d5:39:4d:bb:2e:27:d3:26:87:d0:67:44:77:53:
         63:86:cc:3d:70:7f:12:92:12:19:f9:5b:8d:4f:83:84:d8:bf:
         ad:e7:7a:e2:f1:b2:e5:08:d3:4f:29:b8:9d:0e:34:56:57:e3:
         e2:92:ff:5a:b4:83:3d:ab:8d:5e:09:8e:3e:d3:78:56:3c:14:
         e6:bb:9f:92:43:61:04:7d:b9:4d:33:36:55:db:78:44:98:6f:
         6c:5a:2d:df:18:7b:ed:d9:1b:9f:2b:e7:ce:ec:1b:a9:da:2c:
         0d:c7:f9:72:1f:e0:31:cd:e1:fd:9d:d2:c3:bf:59:62:98:90:
         11:7c:0e:e3:fd:9c:61:77:c6:26:1d:75:d1:4e:68:55:e3:f4:
         49:c2:37:88:02:78:d0:35:ac:69:47:a6:44:5a:3e:66:24:40:
         a6:a9:50:02:f7:29:c0:d6:bd:c0:cf:a0:39:31:87:fe:00:8e:
         66:e2:a7:9e:93:56:af:0e:c1:af:a3:06:57:74:17:1c:92:56:
         8d:de:f3:09:86:50:b8:03:b4:93:1f:53:45:e4:5a:de:0b:0c:
         a8:04:d5:29
-----BEGIN CERTIFICATE-----
MIIF9jCCBN6gAwIBAgISTifcYGyFYUgKqGBUG/Dj0k+gMA0GCSqGSIb3DQEBCwUA
MD0xOzA5BgNVBAMTMjZlZDg4Y2FkMTFmZWFjNzc0NDlmMDE4ZDQyYmUzNThlYjM3
MTA3ZGJlOGNiNzFkMGE3MB4XDTI2MDUyMDAwMzAxMloXDTI2MDgxODIzNTk1OVow
ejFJMEcGA1UEBRNAMTdiZDRkMWJhNGI5MTJkODAxZTcxYzUxYjBhODI0YzYzNzA2
ODZhZjNiOTVkODI5NDA1NGIyY2IyMzgyZWY0MDEtMCsGA1UEAxMkYjI1Yzk3MGYt
ZDgxMy00NDVjLWJmZTItNjI2Njg1MThjODdlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAqvk9d3foLG+H1tZhOeXP+yjrcUSeP4T6u7chJPvnP3O9rKBC
zABLfJZLPJ9YeVOvH6g5m2WscqkWJfxjfHzC07a83L9sV0IvgGrtnB0NAOblk56q
ua/v4zdOF+dvJ7KjPngN5ZuZowuPZF+slLUvEGRZiEWKXRMoBbcBjfGl8hphHp/l
XjVTd7Dog6cuNp8Cs0yVke/DqzYzFFlWa367r4d8jeaYQB5BMujWcs46BVKarNlQ
GsqXuluR7curIsCmC/7XbaQjaXGk2q3FOAMXqnd6/goSt0X4clF7KwNxH8CwEnKU
NrmTJd5bkK0eXkW1yCrNZw6hYYc8CPKFTuDONwIDAQABo4ICsTCCAq0wHQYDVR0O
BBYEFNfLkcjiY5WcIbLTQixYfCjGFZPoMB8GA1UdIwQYMBaAFBBd141VeECrQ129
FSEgjyn6ST+uMA4GA1UdDwEB/wQEAwIHgDCB8wYIKwYBBQUHAQEEgeYwgeMwgeAG
CCsGAQUFBzAChoHTcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJp
bi1ycGtpLXRhLzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8y
YTI0Njk0Ny0yZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvMWJhMzAyYjgtOGRh
Yi00OTFkLWI5ZWQtZDdjOTJkMDMwZDgyLzZlZDg4Y2FkMTFmZWFjNzc0NDlmMDE4
ZDQyYmUzNThlYjM3MTA3ZGJlOGNiNzFkMGE3LmNlcjCBngYIKwYBBQUHAQsEgZEw
gY4wgYsGCCsGAQUFBzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFt
YXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUzLTA5NzI1
YzA0Mjk0Mi82MTY2ZjkxYS04MmVhLTQ0MDktYTgyNS0yN2MzYzNiY2I0ZTUucm9h
MIGIBgNVHR8EgYAwfjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3Qt
Mi5hbWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0w
OTcyNWMwNDI5NDIvX3F4M1JKOEJqVUstTlk2emNRZmI2TXR4MEtjLmNybDAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAG
AwQAyq6aMA0GCSqGSIb3DQEBCwUAA4IBAQBLuhc5L4fvtwnR/D/arkeTNxPt1g2b
Xf3Rg0Luq/OC4WWuYzOx/cBr1TlNuy4n0yaH0GdEd1Njhsw9cH8SkhIZ+VuNT4OE
2L+t53ri8bLlCNNPKbidDjRWV+Pikv9atIM9q41eCY4+03hWPBTmu5+SQ2EEfblN
MzZV23hEmG9sWi3fGHvt2RufK+fO7Bup2iwNx/lyH+AxzeH9ndLDv1limJARfA7j
/Zxhd8YmHXXRTmhV4/RJwjeIAnjQNaxpR6ZEWj5mJECmqVAC9ynA1r3Az6A5MYf+
AI5m4qeek1avDsGvowZXdBccklaN3vMJhlC4A7STH1NF5FreCwyoBNUp
-----END CERTIFICATE-----