Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7ef4e196-86eb-46d1-a251-131917dd667f.roa
File:                     7ef4e196-86eb-46d1-a251-131917dd667f.roa (raw, json)
Hash identifier:          LoWr9fuexh5+I8hctdbi9r32/gYoArWir8UttPjaI7s=
Subject key identifier:   EE:1D:F8:81:6E:D5:83:2C:22:59:3A:C8:3D:F9:1D:44:14:EB:B0:76
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2C02E7F5D43E7A85F42E173A333D512D0F77329C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7ef4e196-86eb-46d1-a251-131917dd667f.roa
Signing time:             Thu 26 Feb 2026 01:01:29 +0000
ROA not before:           Thu 26 Feb 2026 01:01:29 +0000
ROA not after:            Wed 27 May 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        56.244.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:02:e7:f5:d4:3e:7a:85:f4:2e:17:3a:33:3d:51:2d:0f:77:32:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 26 01:01:29 2026 GMT
            Not After : May 27 23:59:59 2026 GMT
        Subject: serialNumber=0ab37070e215c4aaa9a8d11588a3e99d85509c20e46d871c4b0031295437d29a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:da:ae:dc:66:4c:10:dd:9b:d3:bd:de:2b:dc:
                    7c:25:94:9a:b6:87:28:18:23:d9:43:01:b3:5f:bc:
                    ea:f0:55:f9:3a:97:ca:d0:55:d6:55:3b:82:d8:43:
                    7e:ea:9c:4b:76:db:a6:13:20:fb:b6:fb:ce:58:35:
                    64:fc:d0:07:3e:94:83:29:8f:73:b4:ff:ed:72:cb:
                    66:18:5f:4b:88:6a:85:19:bc:36:2d:30:d0:ad:7c:
                    57:54:fb:d5:7b:19:3b:cb:9c:39:68:27:bb:d9:c3:
                    c9:c7:b4:e2:a1:b0:e9:7c:59:d9:94:f3:83:08:0c:
                    06:20:19:ab:19:d3:d5:73:58:46:05:79:8c:10:48:
                    98:7c:a6:60:cb:5f:87:86:b3:34:dc:fa:fc:26:7d:
                    5a:82:16:08:67:1c:d0:c2:74:a3:92:3f:68:8d:82:
                    1d:e5:c0:a1:8d:13:bd:ed:c6:44:7c:bb:88:41:f6:
                    8b:bd:4f:22:92:bb:c4:84:47:3e:89:44:b3:e5:5a:
                    40:24:65:be:07:c0:e3:d0:a4:33:8b:da:5f:9e:cb:
                    8f:8a:e0:26:3b:64:56:cc:07:4c:e1:ff:75:a0:55:
                    2a:04:c8:71:7c:b7:09:b7:40:d3:3b:ac:51:6c:c3:
                    83:7e:8d:9d:f5:11:e7:02:bb:6d:7f:62:d0:96:d2:
                    e8:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:1D:F8:81:6E:D5:83:2C:22:59:3A:C8:3D:F9:1D:44:14:EB:B0:76
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7ef4e196-86eb-46d1-a251-131917dd667f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.244.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9b:c1:c3:1a:c7:43:4c:12:7c:6f:58:eb:e2:90:9c:bf:4b:89:
         d1:f1:52:57:53:16:f4:f5:47:b9:21:1b:17:4d:8e:4c:67:3f:
         49:fe:b7:9d:0b:29:28:93:a3:72:c8:61:6a:b0:07:0e:8a:3c:
         e8:27:1c:5a:d3:74:c7:32:64:0f:ee:b3:ba:2b:25:12:39:fc:
         80:7b:4d:f5:da:0e:47:aa:db:20:4e:97:cf:a3:8b:83:66:ea:
         63:55:33:78:ac:70:58:3b:7d:45:20:28:22:5f:fd:91:83:4a:
         0d:dc:f1:f0:01:ae:20:b2:e7:50:61:70:b7:0f:8e:e9:99:8a:
         ba:fe:c7:0c:34:0b:4b:6c:98:8e:ed:e6:24:1c:08:2d:1c:8f:
         25:19:c5:a6:2f:30:af:81:86:fd:da:7f:0b:79:b8:93:ed:3e:
         1b:98:3c:ed:19:26:6c:c8:11:a3:ef:ac:ab:c5:df:8f:2e:df:
         18:5d:d3:ac:42:ef:74:de:ce:96:9c:4a:82:d6:0e:2a:97:de:
         01:50:59:f7:60:52:e9:1e:ac:98:bc:42:b4:f0:7e:45:b2:50:
         b1:1e:17:36:0b:7f:3c:88:7d:a3:25:91:65:95:36:04:7a:4b:
         a5:90:02:bb:81:81:5d:b3:38:2e:b2:ce:a4:66:f5:35:79:5f:
         9d:12:a3:15
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULALn9dQ+eoX0Lhc6Mz1RLQ93MpwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI2MDEwMTI5WhcNMjYwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYWIzNzA3MGUyMTVjNGFhYTlhOGQxMTU4OGEzZTk5ZDg1
NTA5YzIwZTQ2ZDg3MWM0YjAwMzEyOTU0MzdkMjlhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDs2q7cZkwQ3ZvTvd4r3HwllJq2hygYI9lDAbNfvOrwVfk6
l8rQVdZVO4LYQ37qnEt226YTIPu2+85YNWT80Ac+lIMpj3O0/+1yy2YYX0uIaoUZ
vDYtMNCtfFdU+9V7GTvLnDloJ7vZw8nHtOKhsOl8WdmU84MIDAYgGasZ09VzWEYF
eYwQSJh8pmDLX4eGszTc+vwmfVqCFghnHNDCdKOSP2iNgh3lwKGNE73txkR8u4hB
9ou9TyKSu8SERz6JRLPlWkAkZb4HwOPQpDOL2l+ey4+K4CY7ZFbMB0zh/3WgVSoE
yHF8twm3QNM7rFFsw4N+jZ31EecCu21/YtCW0uhjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7h34gW7VgywiWTrIPfkdRBTrsHYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdlZjRlMTk2LTg2ZWItNDZkMS1hMjUxLTEzMTkxN2RkNjY3Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA49DANBgkqhkiG9w0BAQsFAAOCAQEAm8HDGsdDTBJ8b1jr4pCcv0uJ0fFS
V1MW9PVHuSEbF02OTGc/Sf63nQspKJOjcshharAHDoo86CccWtN0xzJkD+6zuisl
Ejn8gHtN9doOR6rbIE6Xz6OLg2bqY1UzeKxwWDt9RSAoIl/9kYNKDdzx8AGuILLn
UGFwtw+O6ZmKuv7HDDQLS2yYju3mJBwILRyPJRnFpi8wr4GG/dp/C3m4k+0+G5g8
7RkmbMgRo++sq8Xfjy7fGF3TrELvdN7OlpxKgtYOKpfeAVBZ92BS6R6smLxCtPB+
RbJQsR4XNgt/PIh9oyWRZZU2BHpLpZACu4GBXbM4LrLOpGb1NXlfnRKjFQ==
-----END CERTIFICATE-----