Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a9946c4c-e399-41df-9a79-a969df79e7c4.roa
File:                     a9946c4c-e399-41df-9a79-a969df79e7c4.roa (raw, json)
Hash identifier:          HtrfV48LL0+5pdxPxaeQ1AhJ8AndqJjuySWOIjQbaYU=
Subject key identifier:   EF:A8:87:1D:28:2C:A3:08:65:DD:E0:85:2F:5F:7A:1F:FD:27:CE:70
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       41C16274265DCCF0B5EDC7CDD43ED03923FB894D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a9946c4c-e399-41df-9a79-a969df79e7c4.roa
Signing time:             Tue 24 Feb 2026 01:00:47 +0000
ROA not before:           Tue 24 Feb 2026 01:00:47 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:20c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:c1:62:74:26:5d:cc:f0:b5:ed:c7:cd:d4:3e:d0:39:23:fb:89:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 24 01:00:47 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=d16f5198f88ecbe27c98612d943bd394cfb0ced631c7b94b4a029a56bc364b24, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6d:46:b6:ad:59:83:40:5b:f6:29:a0:58:2c:
                    c9:5e:13:5b:72:fa:f5:58:24:c9:06:3d:36:3e:80:
                    2c:5c:50:ce:30:54:d9:32:cd:95:58:33:80:8a:c1:
                    85:45:36:e7:de:ed:54:f8:80:69:0d:41:8e:f4:8a:
                    b9:c5:85:b2:9c:11:1f:93:4c:77:4e:d6:fd:0e:15:
                    7d:62:7e:7e:e6:56:a5:b8:dc:b7:05:09:73:5c:12:
                    2d:ae:71:80:35:f2:fc:e1:ca:40:44:76:c2:d4:76:
                    2d:ce:b2:30:2b:b5:4d:12:59:4f:59:8c:80:e0:14:
                    52:0f:07:4e:a2:c0:80:cf:26:28:5e:6d:51:80:13:
                    cf:36:bd:d9:d3:5d:f1:22:cc:dd:cb:0f:59:14:ac:
                    43:d2:e0:82:84:b3:7a:13:93:7d:14:63:70:e1:95:
                    d2:89:34:ea:e4:a6:b0:b0:e8:e3:ac:03:97:33:64:
                    71:ad:9a:4f:a2:fb:94:15:74:b4:ba:cf:86:a2:ec:
                    84:b7:df:c6:7f:5e:65:f5:ef:95:d9:4a:ef:35:b5:
                    39:55:a9:c7:04:3a:4e:d3:5a:b5:77:98:91:ff:f4:
                    fd:30:4e:ad:ac:c6:4e:b7:22:24:cc:35:80:6c:17:
                    bf:52:9a:ee:be:40:21:93:5a:c8:da:28:8d:bf:ca:
                    be:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:A8:87:1D:28:2C:A3:08:65:DD:E0:85:2F:5F:7A:1F:FD:27:CE:70
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a9946c4c-e399-41df-9a79-a969df79e7c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:20c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         ce:71:69:f3:dc:64:52:e6:2d:64:cd:24:dd:72:ba:09:08:40:
         23:53:bb:c2:a3:45:93:ab:0d:3b:7f:4b:00:35:b9:ec:d1:b7:
         c8:0f:51:7b:58:61:af:48:5f:79:41:28:ff:1b:7f:1f:e5:15:
         6d:a4:b3:ce:fb:ae:eb:6c:da:71:8c:e9:04:d1:76:ae:72:d1:
         bc:ac:84:ea:6f:5a:7a:2f:2a:a7:32:79:94:44:02:51:9a:a9:
         c8:d3:b5:20:f3:2c:49:79:7b:e7:0f:13:0a:59:7d:fc:79:5a:
         7d:4d:79:de:78:dd:cf:c9:a3:38:73:46:41:8c:79:28:cb:aa:
         9c:22:56:61:14:cf:93:53:55:7e:2e:44:d1:70:32:c4:89:9d:
         e0:25:19:0d:4b:1c:06:00:18:6c:78:61:42:95:7b:14:e3:b9:
         fb:3b:1b:a0:9b:e2:46:9b:5f:c5:62:81:1d:9c:5e:7e:22:8c:
         66:2e:7d:67:ef:7c:7f:7d:00:f1:d4:6a:0f:53:43:de:9f:d9:
         ee:7c:fc:e1:9a:4c:38:7a:e7:dd:4f:89:fb:97:27:bc:bc:91:
         22:16:d7:dc:0a:45:a3:c9:df:8b:01:06:e2:f6:ad:d7:b0:9e:
         99:28:a9:84:48:b3:94:4a:d1:26:08:0e:98:39:3f:68:0b:2f:
         49:e0:ec:a4
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUQcFidCZdzPC17cfN1D7QOSP7iU0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI0MDEwMDQ3WhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTZmNTE5OGY4OGVjYmUyN2M5ODYxMmQ5NDNiZDM5NGNm
YjBjZWQ2MzFjN2I5NGI0YTAyOWE1NmJjMzY0YjI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9bUa2rVmDQFv2KaBYLMleE1ty+vVYJMkGPTY+gCxcUM4w
VNkyzZVYM4CKwYVFNufe7VT4gGkNQY70irnFhbKcER+TTHdO1v0OFX1ifn7mVqW4
3LcFCXNcEi2ucYA18vzhykBEdsLUdi3OsjArtU0SWU9ZjIDgFFIPB06iwIDPJihe
bVGAE882vdnTXfEizN3LD1kUrEPS4IKEs3oTk30UY3DhldKJNOrkprCw6OOsA5cz
ZHGtmk+i+5QVdLS6z4ai7IS338Z/XmX175XZSu81tTlVqccEOk7TWrV3mJH/9P0w
Tq2sxk63IiTMNYBsF79Smu6+QCGTWsjaKI2/yr5nAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU76iHHSgsowhl3eCFL196H/0nznAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E5OTQ2YzRjLWUzOTktNDFkZi05YTc5LWE5NjlkZjc5ZTdjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8AIMAwDQYJKoZIhvcNAQELBQADggEBAM5xafPcZFLmLWTNJN1yugkI
QCNTu8KjRZOrDTt/SwA1uezRt8gPUXtYYa9IX3lBKP8bfx/lFW2ks877ruts2nGM
6QTRdq5y0byshOpvWnovKqcyeZREAlGaqcjTtSDzLEl5e+cPEwpZffx5Wn1Ned54
3c/JozhzRkGMeSjLqpwiVmEUz5NTVX4uRNFwMsSJneAlGQ1LHAYAGGx4YUKVexTj
ufs7G6Cb4kabX8VigR2cXn4ijGYufWfvfH99APHUag9TQ96f2e58/OGaTDh6591P
ifuXJ7y8kSIW19wKRaPJ34sBBuL2rdewnpkoqYRIs5RK0SYIDpg5P2gLL0ng7KQ=
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:12:09 2026 by rpki-client