Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4130699-dfb5-4db7-81a6-b209888061e9.roa
File:                     a4130699-dfb5-4db7-81a6-b209888061e9.roa (raw, json)
Hash identifier:          m6QsT+3wkVAPry7hr5tAd96RWTNf7RYyX+Uqv4bBNNU=
Subject key identifier:   9F:D4:97:5C:DD:8D:72:7A:4D:40:90:32:1F:2C:5E:A4:03:5E:7B:88
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       336884E0C6B9A0C8AB37DA761C946AEF25A2E8E2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4130699-dfb5-4db7-81a6-b209888061e9.roa
Signing time:             Sat 14 Feb 2026 00:51:50 +0000
ROA not before:           Sat 14 Feb 2026 00:51:50 +0000
ROA not after:            Fri 15 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fb9:2000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:68:84:e0:c6:b9:a0:c8:ab:37:da:76:1c:94:6a:ef:25:a2:e8:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 14 00:51:50 2026 GMT
            Not After : May 15 23:59:59 2026 GMT
        Subject: serialNumber=0a3b2ce31a20a4c60ddd87e31cbb1aa18c8505208fceea02664bf6f5d44b5551, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:62:ef:53:cc:61:a2:99:d4:e5:a3:21:78:db:
                    26:a7:3d:70:73:19:59:dc:ae:03:a5:8b:bd:30:76:
                    5d:56:2b:70:78:0e:90:13:ed:3c:d3:ed:13:80:fa:
                    d6:cd:9b:09:32:7d:24:ab:4b:9c:87:2d:d0:c2:24:
                    a1:e4:18:5f:31:2b:1b:87:8d:95:40:79:91:60:01:
                    06:f8:40:78:6c:7d:80:ee:4d:67:9c:27:6a:23:3c:
                    6f:61:42:e0:82:45:70:6f:80:a2:ae:04:dd:a1:9a:
                    c8:c9:78:b9:29:1a:fc:05:0a:b3:b1:b7:00:97:18:
                    24:ee:36:88:35:e1:77:40:b8:65:92:f4:8e:07:12:
                    95:07:f8:3f:a4:43:5e:a6:7d:ab:f8:a7:98:19:b7:
                    91:eb:b5:22:d6:1d:24:87:13:b4:66:82:9e:1f:21:
                    c8:b1:e8:cd:7a:80:6d:8a:de:04:43:21:0c:16:5c:
                    d2:9d:5e:12:97:95:f8:f1:23:a7:17:f4:a0:f1:27:
                    35:02:44:f8:03:9d:e7:10:83:0c:01:89:38:62:95:
                    4b:ce:ae:df:fd:fe:79:36:86:b9:c4:e0:de:cb:f2:
                    ea:ae:b8:fc:f7:ce:5e:34:6a:2e:ce:9b:2f:f4:76:
                    a2:15:75:a7:65:38:87:b1:0e:bd:c1:55:ea:6b:0e:
                    60:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:D4:97:5C:DD:8D:72:7A:4D:40:90:32:1F:2C:5E:A4:03:5E:7B:88
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4130699-dfb5-4db7-81a6-b209888061e9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fb9:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7b:ad:03:c1:65:6b:a9:23:6e:37:2e:a3:c8:31:e2:a1:34:6c:
         36:97:f3:42:07:5f:64:45:13:b8:d9:22:da:ff:50:f0:e9:0e:
         af:3f:52:06:c2:aa:3d:f0:66:03:9a:80:4e:f1:46:ba:4e:8c:
         03:80:2d:11:2a:78:c7:96:11:cb:b7:84:08:83:d7:bf:3e:33:
         50:13:f9:43:42:98:fd:5a:6e:d8:33:40:63:d2:a4:5c:66:ac:
         b1:6c:39:ff:cc:39:5a:1e:1f:78:15:9e:bb:74:96:54:c1:33:
         a8:1c:cf:b8:16:7c:c9:cd:de:33:2e:b7:64:3a:35:ed:cf:82:
         16:d9:61:74:98:93:60:75:ce:58:13:67:8a:52:23:57:1f:81:
         62:21:a6:a0:07:32:0f:03:c5:fd:aa:3c:b7:87:16:c0:14:8c:
         2d:72:97:66:2a:7d:34:dd:ee:0f:f7:35:53:7b:d2:40:76:af:
         0f:95:fa:fe:b4:9e:9c:bf:a3:f3:9e:4a:e7:15:b7:6d:42:67:
         46:f5:ea:6a:b8:1e:a3:df:f9:b2:49:7e:3b:56:13:8b:53:b0:
         a1:a9:a0:3c:9a:44:41:1e:a6:4d:44:21:43:78:5a:9a:c6:1f:
         be:2f:6e:7c:63:b6:32:43:f5:92:f8:b1:9f:93:a2:e8:9b:19:
         b3:8b:1b:be
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUM2iE4Ma5oMirN9p2HJRq7yWi6OIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjE0MDA1MTUwWhcNMjYwNTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYTNiMmNlMzFhMjBhNGM2MGRkZDg3ZTMxY2JiMWFhMThj
ODUwNTIwOGZjZWVhMDI2NjRiZjZmNWQ0NGI1NTUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFYu9TzGGimdTloyF42yanPXBzGVncrgOli70wdl1WK3B4
DpAT7TzT7ROA+tbNmwkyfSSrS5yHLdDCJKHkGF8xKxuHjZVAeZFgAQb4QHhsfYDu
TWecJ2ojPG9hQuCCRXBvgKKuBN2hmsjJeLkpGvwFCrOxtwCXGCTuNog14XdAuGWS
9I4HEpUH+D+kQ16mfav4p5gZt5HrtSLWHSSHE7Rmgp4fIcix6M16gG2K3gRDIQwW
XNKdXhKXlfjxI6cX9KDxJzUCRPgDnecQgwwBiThilUvOrt/9/nk2hrnE4N7L8uqu
uPz3zl40ai7Omy/0dqIVdadlOIexDr3BVeprDmDRAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUn9SXXN2NcnpNQJAyHyxepANee4gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E0MTMwNjk5LWRmYjUtNGRiNy04MWE2LWIyMDk4ODgwNjFlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB+5IDANBgkqhkiG9w0BAQsFAAOCAQEAe60DwWVrqSNuNy6jyDHioTRs
NpfzQgdfZEUTuNki2v9Q8OkOrz9SBsKqPfBmA5qATvFGuk6MA4AtESp4x5YRy7eE
CIPXvz4zUBP5Q0KY/Vpu2DNAY9KkXGassWw5/8w5Wh4feBWeu3SWVMEzqBzPuBZ8
yc3eMy63ZDo17c+CFtlhdJiTYHXOWBNnilIjVx+BYiGmoAcyDwPF/ao8t4cWwBSM
LXKXZip9NN3uD/c1U3vSQHavD5X6/rSenL+j855K5xW3bUJnRvXqargeo9/5skl+
O1YTi1OwoamgPJpEQR6mTUQhQ3hamsYfvi9ufGO2MkP1kvixn5Oi6JsZs4sbvg==
-----END CERTIFICATE-----