Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/925842c8-ade6-4164-87f2-fd556fb6f950.roa
File:                     925842c8-ade6-4164-87f2-fd556fb6f950.roa (raw, json)
Hash identifier:          H6tXgvVsTHTpe3+txUIuoPTKImR+dW3Nb3KAFV4qCB8=
Subject key identifier:   9F:37:3C:A8:0C:B6:B8:F4:3B:A2:DD:8C:55:1C:5E:CF:4C:3D:FF:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       76498D018EE785E7B98077BDA474EFDF9747BA95
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/925842c8-ade6-4164-87f2-fd556fb6f950.roa
Signing time:             Tue 24 Feb 2026 02:01:22 +0000
ROA not before:           Tue 24 Feb 2026 02:01:22 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        110.238.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:49:8d:01:8e:e7:85:e7:b9:80:77:bd:a4:74:ef:df:97:47:ba:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 24 02:01:22 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=3bc00f9ccc916c08d4829007baea1c55518ed3bb5126336264c045d09d56a001, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:90:5f:eb:2b:27:50:c1:e9:71:1b:b7:f0:a0:
                    47:4b:bb:aa:ca:d4:b4:58:88:a1:80:ed:0d:eb:12:
                    1f:be:c8:51:e1:1a:b8:1f:20:3a:52:58:6d:7d:a7:
                    f4:8f:a9:f6:4b:ad:58:c6:48:0a:98:57:7a:7d:18:
                    de:d0:28:e4:64:c1:48:85:0a:c0:65:86:b9:ad:65:
                    fb:9c:44:a2:fb:7e:fc:27:b9:d5:df:15:e6:ee:e4:
                    67:8b:0a:a6:46:c1:77:17:c5:65:77:f6:17:37:be:
                    38:4f:ff:38:bb:56:6a:f2:79:99:86:f1:a6:1f:9f:
                    71:77:da:a8:98:e6:43:19:cd:01:e5:70:03:c7:a2:
                    63:68:43:b7:b4:dc:4a:87:f5:1c:e0:b2:2c:db:ab:
                    f7:73:ee:7c:41:ea:93:1c:71:63:fa:6e:94:6f:b1:
                    ec:2a:39:63:71:05:27:a2:c0:72:b8:47:8c:b3:fe:
                    a0:f0:9a:fb:d2:a1:9a:f4:e7:60:3a:1c:8c:95:36:
                    94:e0:89:a5:08:cf:e9:6f:3d:9e:62:64:be:7b:c6:
                    4b:53:c5:e4:df:57:3f:4e:67:4e:86:89:b1:93:8a:
                    a7:78:7c:40:10:2e:c3:61:47:bc:8b:ee:25:aa:ae:
                    e1:29:d9:f8:72:11:64:ea:29:49:7e:0f:1c:f3:5a:
                    c0:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:37:3C:A8:0C:B6:B8:F4:3B:A2:DD:8C:55:1C:5E:CF:4C:3D:FF:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/925842c8-ade6-4164-87f2-fd556fb6f950.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.238.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:cb:cd:b2:90:51:df:ba:35:2b:97:ec:9f:2d:07:c0:4e:c8:
         2a:e4:80:9e:3d:b4:60:15:89:db:65:68:73:2b:3e:51:00:91:
         55:e6:3e:10:f2:b9:3e:e3:61:ea:46:ef:84:ae:50:12:1a:89:
         46:80:78:47:64:a5:79:c1:32:09:e8:3e:df:da:4a:bc:6a:f3:
         46:9f:57:01:fb:c0:96:b2:41:75:fd:c7:b7:59:52:fb:86:a2:
         af:5c:b0:9b:3c:01:09:9f:1d:04:86:a8:bf:c2:69:ab:73:7d:
         6e:bc:e3:05:fc:6f:f1:a8:96:3c:4a:31:14:0d:10:6a:25:24:
         e1:ed:a1:9a:b0:ad:9d:d1:50:ed:86:21:1e:97:1b:f7:92:4b:
         8b:a3:a3:8f:9c:88:06:bd:6a:56:ad:b6:2b:07:5f:a5:58:54:
         91:f6:e0:3c:11:d2:8e:76:cb:ad:3f:02:f7:ef:d5:d2:a1:50:
         85:88:17:9e:c2:0e:eb:f8:a3:76:20:72:78:ad:74:91:9c:ad:
         12:45:81:3c:b2:ed:99:a4:31:19:8d:b9:31:1d:2a:cc:84:0f:
         c2:34:99:7c:9e:d9:53:84:c4:a2:40:55:1f:81:0b:d0:db:cf:
         b8:c3:3e:fa:52:22:61:7b:35:eb:de:d5:3e:fd:3a:3b:1c:fe:
         db:60:97:f5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdkmNAY7nhee5gHe9pHTv35dHupUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI0MDIwMTIyWhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmMwMGY5Y2NjOTE2YzA4ZDQ4MjkwMDdiYWVhMWM1NTUx
OGVkM2JiNTEyNjMzNjI2NGMwNDVkMDlkNTZhMDAxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWkF/rKydQwelxG7fwoEdLu6rK1LRYiKGA7Q3rEh++yFHh
GrgfIDpSWG19p/SPqfZLrVjGSAqYV3p9GN7QKORkwUiFCsBlhrmtZfucRKL7fvwn
udXfFebu5GeLCqZGwXcXxWV39hc3vjhP/zi7VmryeZmG8aYfn3F32qiY5kMZzQHl
cAPHomNoQ7e03EqH9Rzgsizbq/dz7nxB6pMccWP6bpRvsewqOWNxBSeiwHK4R4yz
/qDwmvvSoZr052A6HIyVNpTgiaUIz+lvPZ5iZL57xktTxeTfVz9OZ06GibGTiqd4
fEAQLsNhR7yL7iWqruEp2fhyEWTqKUl+DxzzWsAvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnzc8qAy2uPQ7ot2MVRxez0w9/28wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkyNTg0MmM4LWFkZTYtNDE2NC04N2YyLWZkNTU2ZmI2Zjk1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJu7vQwDQYJKoZIhvcNAQELBQADggEBADzLzbKQUd+6NSuX7J8tB8BOyCrk
gJ49tGAVidtlaHMrPlEAkVXmPhDyuT7jYepG74SuUBIaiUaAeEdkpXnBMgnoPt/a
Srxq80afVwH7wJayQXX9x7dZUvuGoq9csJs8AQmfHQSGqL/CaatzfW684wX8b/Go
ljxKMRQNEGolJOHtoZqwrZ3RUO2GIR6XG/eSS4ujo4+ciAa9alattisHX6VYVJH2
4DwR0o52y60/Avfv1dKhUIWIF57CDuv4o3YgcnitdJGcrRJFgTyy7ZmkMRmNuTEd
KsyED8I0mXye2VOExKJAVR+BC9Dbz7jDPvpSImF7Neve1T79Ojsc/ttgl/U=
-----END CERTIFICATE-----