Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9efa147a-8234-4801-a8dd-96fc19dc752f.roa
File:                     9efa147a-8234-4801-a8dd-96fc19dc752f.roa (raw, json)
Hash identifier:          CboTK2e+jNARwaSFaOrfEke1OIhZIrQ1YF8SURer4A8=
Subject key identifier:   DD:CB:33:83:58:35:85:E7:79:4A:84:35:3D:EE:B9:C5:09:AF:45:FE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5653840A803FE39453BA183F95A1C31AC3344EF9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9efa147a-8234-4801-a8dd-96fc19dc752f.roa
Signing time:             Wed 25 Feb 2026 02:40:47 +0000
ROA not before:           Wed 25 Feb 2026 02:40:47 +0000
ROA not after:            Tue 26 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        119.13.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:53:84:0a:80:3f:e3:94:53:ba:18:3f:95:a1:c3:1a:c3:34:4e:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 25 02:40:47 2026 GMT
            Not After : May 26 23:59:59 2026 GMT
        Subject: serialNumber=8364851c0ddceea9772792a534d22c3c65d8847e8c8339bf35797df983ff1b27, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:67:b2:eb:07:b1:46:1b:68:7b:18:7c:a8:7a:
                    64:6c:10:18:a9:e2:ce:60:a8:bf:9e:43:28:23:5b:
                    f4:5e:a4:ea:14:84:87:a9:40:a5:26:9a:36:43:16:
                    ec:c9:02:08:df:1b:49:b6:31:40:39:4e:fc:c0:d8:
                    74:f5:02:e7:03:42:b5:eb:9b:d5:f7:e9:99:fa:c8:
                    92:00:42:f9:95:d3:62:b1:c6:52:ab:74:01:f2:a7:
                    b3:93:14:86:78:71:1e:2c:78:e5:29:82:8f:a6:ef:
                    90:6f:44:f6:31:0d:0d:8b:9a:c8:a3:fa:b9:00:bd:
                    64:45:6f:ce:7f:78:d2:81:7f:b2:18:eb:c8:91:ed:
                    4f:15:51:05:de:77:1a:22:9d:7e:8e:3c:9c:20:c4:
                    31:2c:02:5e:25:d6:4e:f2:76:85:db:a0:3a:3f:a3:
                    cf:2f:05:30:2d:04:8e:75:ff:c0:52:5d:be:c2:24:
                    b2:4a:76:e8:85:61:48:55:26:4c:9b:68:af:07:f6:
                    a5:38:d3:66:a6:ff:47:c3:63:b1:55:c3:3d:35:2a:
                    0b:da:56:88:c4:67:56:1f:af:dd:85:0b:6c:93:2b:
                    00:88:ba:d1:c8:6c:15:a3:37:51:e5:50:8b:62:3d:
                    05:fd:1a:3c:5f:e2:15:b8:55:a9:b5:92:64:a9:7f:
                    85:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:CB:33:83:58:35:85:E7:79:4A:84:35:3D:EE:B9:C5:09:AF:45:FE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9efa147a-8234-4801-a8dd-96fc19dc752f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.13.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:db:5e:ad:6b:e8:f3:2f:12:80:b5:04:a5:b1:72:0e:79:a1:
         94:60:26:4b:5b:93:1f:3a:2e:8e:a5:65:83:b1:dc:f8:f8:55:
         20:4b:df:0b:00:d8:8b:e9:19:20:b1:5a:dd:b9:7b:90:e2:95:
         f4:78:6c:f8:2b:cb:b3:4b:a9:4c:ff:9f:c9:10:6b:f4:39:6d:
         c5:68:b9:35:a4:67:1f:c6:de:46:23:5f:98:23:bc:c0:b1:53:
         b8:62:1a:52:8a:79:e7:23:ba:b8:c9:f4:15:e8:20:e5:66:c1:
         0c:aa:ea:68:c7:d1:c0:49:53:b1:83:3e:49:44:cd:4f:14:1b:
         e7:dc:5f:b7:ef:da:a1:90:62:a6:3b:97:a1:7c:a6:43:ad:5f:
         53:71:7e:dc:f0:5b:bd:91:ce:6d:8c:89:ec:25:98:9e:8f:67:
         39:f1:ef:5f:3b:2c:07:e7:eb:e8:b6:fa:f5:6a:22:4d:ce:6d:
         a5:12:ac:46:ee:aa:e0:91:bb:92:b4:fc:5e:ac:0d:72:ce:dc:
         18:a5:15:f8:f5:a7:4b:7f:23:c0:3e:16:55:a2:d5:3c:34:a9:
         7a:32:3d:c2:59:b0:73:3b:0a:37:5c:f8:05:30:71:ac:20:5b:
         b8:3d:59:a1:70:0b:21:28:32:44:46:37:16:07:0d:f6:3c:eb:
         85:6e:a1:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVlOECoA/45RTuhg/laHDGsM0TvkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI1MDI0MDQ3WhcNMjYwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MzY0ODUxYzBkZGNlZWE5NzcyNzkyYTUzNGQyMmMzYzY1
ZDg4NDdlOGM4MzM5YmYzNTc5N2RmOTgzZmYxYjI3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCGZ7LrB7FGG2h7GHyoemRsEBip4s5gqL+eQygjW/RepOoU
hIepQKUmmjZDFuzJAgjfG0m2MUA5TvzA2HT1AucDQrXrm9X36Zn6yJIAQvmV02Kx
xlKrdAHyp7OTFIZ4cR4seOUpgo+m75BvRPYxDQ2Lmsij+rkAvWRFb85/eNKBf7IY
68iR7U8VUQXedxoinX6OPJwgxDEsAl4l1k7ydoXboDo/o88vBTAtBI51/8BSXb7C
JLJKduiFYUhVJkybaK8H9qU402am/0fDY7FVwz01KgvaVojEZ1Yfr92FC2yTKwCI
utHIbBWjN1HlUItiPQX9Gjxf4hW4Vam1kmSpf4XDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3cszg1g1hed5SoQ1Pe65xQmvRf4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzllZmExNDdhLTgyMzQtNDgwMS1hOGRkLTk2ZmMxOWRjNzUyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAB3DQswDQYJKoZIhvcNAQELBQADggEBAHzbXq1r6PMvEoC1BKWxcg55oZRg
Jktbkx86Lo6lZYOx3Pj4VSBL3wsA2IvpGSCxWt25e5DilfR4bPgry7NLqUz/n8kQ
a/Q5bcVouTWkZx/G3kYjX5gjvMCxU7hiGlKKeecjurjJ9BXoIOVmwQyq6mjH0cBJ
U7GDPklEzU8UG+fcX7fv2qGQYqY7l6F8pkOtX1NxftzwW72Rzm2MiewlmJ6PZznx
7187LAfn6+i2+vVqIk3ObaUSrEbuquCRu5K0/F6sDXLO3BilFfj1p0t/I8A+FlWi
1Tw0qXoyPcJZsHM7Cjdc+AUwcawgW7g9WaFwCyEoMkRGNxYHDfY864VuoSI=
-----END CERTIFICATE-----