Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98b5bff1-41c4-4141-92fb-20e5d8600f7e.roa
File:                     98b5bff1-41c4-4141-92fb-20e5d8600f7e.roa (raw, json)
Hash identifier:          8cOLhh0yhf2nb8MrKNxGGc5Ov9OJCeLLdVUpSDIMU3s=
Subject key identifier:   31:CA:C4:06:F7:8D:34:3B:17:9E:2F:1A:41:0D:D2:73:EB:D6:14:F8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5B388B993F1BD5ACC6D6CF394556DFAAE526EDB0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98b5bff1-41c4-4141-92fb-20e5d8600f7e.roa
Signing time:             Wed 18 Feb 2026 00:20:38 +0000
ROA not before:           Wed 18 Feb 2026 00:20:38 +0000
ROA not after:            Tue 19 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        124.24.192.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:38:8b:99:3f:1b:d5:ac:c6:d6:cf:39:45:56:df:aa:e5:26:ed:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 18 00:20:38 2026 GMT
            Not After : May 19 23:59:59 2026 GMT
        Subject: serialNumber=bd3b02b2f26bc3c577f0d159bddd3e015ff25f27431d803fe2c44e41dd6dd752, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c0:18:1f:8b:c9:b8:36:1d:e0:a7:67:60:48:
                    2f:8b:f4:e3:3c:92:ae:9e:17:fa:b8:b0:14:ee:8b:
                    42:8a:51:13:81:57:16:0c:e9:d1:fc:91:59:1d:fe:
                    c0:e9:31:35:57:8b:89:93:f5:1e:c7:bb:a0:53:d0:
                    c3:90:0e:6e:e7:69:9d:de:26:1f:22:ed:e5:9d:aa:
                    75:55:2e:a0:7f:62:2c:bb:64:83:54:60:f6:fe:b9:
                    b3:43:83:1d:3f:8c:e8:7e:31:65:93:5d:93:bc:f1:
                    b5:87:7e:31:7e:12:89:d1:97:9b:8d:ce:d7:8d:43:
                    15:96:a8:03:fb:16:fd:02:cf:f7:c0:c0:98:9f:5b:
                    74:84:6b:7a:24:b7:88:60:f1:e2:41:9c:9c:ab:5b:
                    e6:93:ec:66:a3:0e:53:eb:0d:d3:af:0b:a7:a8:51:
                    9f:46:ff:4b:ec:1f:b6:07:99:b8:39:0a:d6:e0:ad:
                    c3:a8:b2:e4:b9:79:8f:96:67:2b:3a:d2:8a:99:8d:
                    42:04:75:7e:15:7c:82:1b:34:a2:84:a0:82:83:d4:
                    a3:bf:93:2c:cc:bd:7e:df:45:22:08:62:57:0b:b1:
                    d1:40:ec:b4:d1:55:86:d3:58:ed:f4:8b:8b:66:d7:
                    78:13:ac:cc:d2:ae:84:61:50:2e:47:56:27:02:9e:
                    f4:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:CA:C4:06:F7:8D:34:3B:17:9E:2F:1A:41:0D:D2:73:EB:D6:14:F8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98b5bff1-41c4-4141-92fb-20e5d8600f7e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.24.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d2:c6:5a:2e:4e:03:80:e5:25:62:bc:74:4b:c0:c9:2a:42:06:
         a6:3b:3f:93:78:3c:f1:a7:ac:34:5f:5e:17:7a:54:97:da:d7:
         5a:df:c4:5a:70:23:56:96:12:5b:46:ab:93:e6:28:d7:3f:44:
         3e:93:94:2d:dd:ee:30:f7:09:31:58:03:70:c6:7d:cf:7c:29:
         06:92:a0:d2:90:45:b2:cb:73:91:18:ae:64:fa:78:5f:5d:38:
         30:97:c0:23:1c:77:d8:75:20:fa:3f:59:11:69:d7:56:04:b3:
         ff:eb:fe:64:3a:71:c9:ad:ab:7b:27:f4:e7:fd:fa:32:33:19:
         b6:77:a4:c6:c7:5a:95:ba:86:df:0b:c3:e3:79:18:1e:af:1a:
         5f:8f:77:8b:5e:53:a5:60:08:b0:d7:1e:0d:29:fc:e4:a4:16:
         cd:93:5a:e5:9c:e0:9c:75:bb:c5:98:ed:79:96:3c:5a:d0:96:
         9a:d9:0e:60:a6:6f:53:a0:bc:71:d1:77:25:c5:a4:3d:78:9a:
         63:0d:67:c1:ae:85:de:27:1d:1d:8d:88:85:6e:a7:82:0e:a4:
         3b:23:69:3d:25:d4:a7:b3:01:cc:d3:c9:c0:c2:7a:80:c6:f7:
         e5:f9:95:f4:28:b5:0f:80:ad:55:fe:fe:4f:03:85:13:79:b0:
         48:9b:c4:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWziLmT8b1azG1s85RVbfquUm7bAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjE4MDAyMDM4WhcNMjYwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZDNiMDJiMmYyNmJjM2M1NzdmMGQxNTliZGRkM2UwMTVm
ZjI1ZjI3NDMxZDgwM2ZlMmM0NGU0MWRkNmRkNzUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3wBgfi8m4Nh3gp2dgSC+L9OM8kq6eF/q4sBTui0KKUROB
VxYM6dH8kVkd/sDpMTVXi4mT9R7Hu6BT0MOQDm7naZ3eJh8i7eWdqnVVLqB/Yiy7
ZINUYPb+ubNDgx0/jOh+MWWTXZO88bWHfjF+EonRl5uNzteNQxWWqAP7Fv0Cz/fA
wJifW3SEa3okt4hg8eJBnJyrW+aT7GajDlPrDdOvC6eoUZ9G/0vsH7YHmbg5Ctbg
rcOosuS5eY+WZys60oqZjUIEdX4VfIIbNKKEoIKD1KO/kyzMvX7fRSIIYlcLsdFA
7LTRVYbTWO30i4tm13gTrMzSroRhUC5HVicCnvRjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMcrEBveNNDsXni8aQQ3Sc+vWFPgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4YjViZmYxLTQxYzQtNDE0MS05MmZiLTIwZTVkODYwMGY3ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZ8GMAwDQYJKoZIhvcNAQELBQADggEBANLGWi5OA4DlJWK8dEvAySpCBqY7
P5N4PPGnrDRfXhd6VJfa11rfxFpwI1aWEltGq5PmKNc/RD6TlC3d7jD3CTFYA3DG
fc98KQaSoNKQRbLLc5EYrmT6eF9dODCXwCMcd9h1IPo/WRFp11YEs//r/mQ6ccmt
q3sn9Of9+jIzGbZ3pMbHWpW6ht8Lw+N5GB6vGl+Pd4teU6VgCLDXHg0p/OSkFs2T
WuWc4Jx1u8WY7XmWPFrQlprZDmCmb1OgvHHRdyXFpD14mmMNZ8Guhd4nHR2NiIVu
p4IOpDsjaT0l1KezAczTycDCeoDG9+X5lfQotQ+ArVX+/k8DhRN5sEibxPM=
-----END CERTIFICATE-----