Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a97fd684-0832-49ce-ad32-e5222a2a4cc7.roa
File:                     a97fd684-0832-49ce-ad32-e5222a2a4cc7.roa (raw, json)
Hash identifier:          OZAwtHlp58+BheMgOhBILbydS95owuv3eU8mHiHhx4U=
Subject key identifier:   E1:40:C1:C5:0C:05:25:47:E9:06:4B:7F:86:D5:18:E7:91:4B:78:4A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       503D8F651E4F2D34B239CA71E4EB44C26F10E19C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a97fd684-0832-49ce-ad32-e5222a2a4cc7.roa
Signing time:             Fri 15 May 2026 00:40:43 +0000
ROA not before:           Fri 15 May 2026 00:40:43 +0000
ROA not after:            Thu 13 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f38:50c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 14 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:3d:8f:65:1e:4f:2d:34:b2:39:ca:71:e4:eb:44:c2:6f:10:e1:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 15 00:40:43 2026 GMT
            Not After : Aug 13 23:59:59 2026 GMT
        Subject: serialNumber=785337adee1bf478eca60ab9f6121a29d214fa627650be10e12019fab9cd230a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:10:91:df:1b:cb:b0:be:37:6f:ca:95:44:d4:
                    01:2f:c1:cc:8e:9d:ed:9d:84:46:f3:d6:dc:ab:c6:
                    bd:bc:c4:86:56:f6:7b:fa:96:a9:de:3b:6f:13:56:
                    e3:0a:e7:24:33:0a:a8:37:1b:dd:b7:08:a7:e7:d8:
                    bb:39:db:ea:7b:69:3f:05:ad:ec:54:f5:ac:52:e9:
                    31:8c:e0:e8:7f:c2:02:72:84:a9:ab:96:b6:25:a3:
                    24:03:ba:b5:ab:62:90:b2:b0:fa:36:c5:b6:91:ae:
                    68:93:4b:06:e0:4d:20:d9:71:1c:5e:47:59:1c:98:
                    45:7c:2e:ec:f0:f2:b9:a8:e3:be:d2:b1:73:12:9b:
                    0e:46:fb:bf:53:e9:82:93:22:51:3a:a0:79:43:7f:
                    07:8f:8a:8e:e0:3d:f9:6e:44:e3:77:47:c4:6e:b2:
                    fe:91:ef:42:26:a5:5b:cc:b4:51:73:c7:4a:1c:8f:
                    a0:bf:4b:50:11:bc:ce:02:e1:e6:19:18:ed:9c:e4:
                    eb:66:e1:03:9e:fb:6c:fd:97:e0:e4:79:67:48:19:
                    c9:fa:34:0b:98:ec:1c:35:c5:8c:74:56:b2:d3:f4:
                    af:8e:f5:77:79:7c:0c:b8:41:90:5b:91:8a:ab:0f:
                    a8:85:d2:a8:b4:ac:c6:d7:a3:1c:cf:85:de:3a:9b:
                    c9:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:40:C1:C5:0C:05:25:47:E9:06:4B:7F:86:D5:18:E7:91:4B:78:4A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a97fd684-0832-49ce-ad32-e5222a2a4cc7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:50c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:d7:17:ec:3a:43:d9:b1:49:e8:7f:3f:87:a1:0c:1b:dc:24:
         10:d8:d3:5c:90:ff:82:d2:9f:ca:cc:c2:b6:eb:6e:c0:45:85:
         69:52:2a:6f:fc:64:74:3b:16:bb:bd:e9:7a:88:50:49:a8:b9:
         f0:ce:67:e4:9f:c3:87:5b:3f:c6:fa:d7:dd:4d:fb:80:14:05:
         a5:b9:28:99:ef:fb:c7:e0:1c:58:52:e5:77:ed:b6:93:68:d2:
         08:b8:6b:b0:ab:c4:0d:b8:1d:1b:97:36:f2:56:6b:ad:95:58:
         e6:95:28:c1:32:ac:59:ab:0a:30:ea:62:46:5e:7f:31:6b:68:
         db:31:94:a1:38:0b:a1:62:03:97:1c:28:c9:96:51:b2:5c:10:
         05:d8:4a:fb:50:ec:49:06:52:24:1b:31:d7:47:22:bf:de:ca:
         1c:15:b2:c8:41:38:31:78:87:ca:ca:e7:b8:ed:f1:1c:9d:f6:
         67:3c:16:10:82:5c:43:d3:f1:92:5a:3d:60:e0:32:dc:8f:51:
         4c:04:af:36:c7:00:94:ad:41:9a:b4:b2:d0:80:89:a7:92:f4:
         bb:0e:78:76:ef:9b:bf:b3:7d:36:df:c9:7c:4b:8f:71:2a:67:
         96:6b:7d:a7:07:c0:53:d9:58:35:de:28:5d:d0:38:4d:1b:ed:
         56:67:54:60
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUUD2PZR5PLTSyOcpx5OtEwm8Q4ZwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwNTE1MDA0MDQzWhcNMjYwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODUzMzdhZGVlMWJmNDc4ZWNhNjBhYjlmNjEyMWEyOWQy
MTRmYTYyNzY1MGJlMTBlMTIwMTlmYWI5Y2QyMzBhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkEJHfG8uwvjdvypVE1AEvwcyOne2dhEbz1tyrxr28xIZW
9nv6lqneO28TVuMK5yQzCqg3G923CKfn2Ls52+p7aT8FrexU9axS6TGM4Oh/wgJy
hKmrlrYloyQDurWrYpCysPo2xbaRrmiTSwbgTSDZcRxeR1kcmEV8Luzw8rmo477S
sXMSmw5G+79T6YKTIlE6oHlDfwePio7gPfluRON3R8Rusv6R70ImpVvMtFFzx0oc
j6C/S1ARvM4C4eYZGO2c5Otm4QOe+2z9l+DkeWdIGcn6NAuY7Bw1xYx0VrLT9K+O
9Xd5fAy4QZBbkYqrD6iF0qi0rMbXoxzPhd46m8lPAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU4UDBxQwFJUfpBkt/htUY55FLeEowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E5N2ZkNjg0LTA4MzItNDljZS1hZDMyLWU1MjIyYTJhNGNjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB84UMAwDQYJKoZIhvcNAQELBQADggEBAEjXF+w6Q9mxSeh/P4ehDBvc
JBDY01yQ/4LSn8rMwrbrbsBFhWlSKm/8ZHQ7Fru96XqIUEmoufDOZ+Sfw4dbP8b6
191N+4AUBaW5KJnv+8fgHFhS5XfttpNo0gi4a7CrxA24HRuXNvJWa62VWOaVKMEy
rFmrCjDqYkZefzFraNsxlKE4C6FiA5ccKMmWUbJcEAXYSvtQ7EkGUiQbMddHIr/e
yhwVsshBODF4h8rK57jt8Ryd9mc8FhCCXEPT8ZJaPWDgMtyPUUwErzbHAJStQZq0
stCAiaeS9LsOeHbvm7+zfTbfyXxLj3EqZ5ZrfacHwFPZWDXeKF3QOE0b7VZnVGA=
-----END CERTIFICATE-----