Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ac285f19-324f-4769-988a-0b6c67139e64.roa
File:                     ac285f19-324f-4769-988a-0b6c67139e64.roa (raw, json)
Hash identifier:          X66hC2Kp+lS4+PZgJBZ09hVNRGRbvkdSCoj3KSzXA3k=
Subject key identifier:   83:05:C0:8E:71:B8:4E:0D:F5:FC:84:86:54:A1:D7:43:9A:B8:E7:1A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       30C1D8D86BAE7538212E7205A711B372FF2D92A9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ac285f19-324f-4769-988a-0b6c67139e64.roa
Signing time:             Wed 25 Feb 2026 00:51:19 +0000
ROA not before:           Wed 25 Feb 2026 00:51:19 +0000
ROA not after:            Tue 26 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.116.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:c1:d8:d8:6b:ae:75:38:21:2e:72:05:a7:11:b3:72:ff:2d:92:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 25 00:51:19 2026 GMT
            Not After : May 26 23:59:59 2026 GMT
        Subject: serialNumber=2ce0cf1760c098edae7dfed9b5a9ebf921027acf5396ac1cf887a02f8ef5d1c3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:06:60:7b:ed:e9:82:c5:46:a0:2e:81:f3:fd:
                    37:85:45:d0:fc:72:81:0d:10:4b:81:22:0a:ac:ff:
                    0c:c6:21:83:cd:1d:60:e7:c5:1f:bc:c2:47:75:fc:
                    2c:e3:00:58:a1:3c:db:24:a9:33:74:05:a7:28:5b:
                    c7:ee:69:18:c6:8d:7c:11:a4:e0:a3:a3:45:54:d4:
                    da:ec:b1:bf:4e:6e:60:26:ff:71:c3:e3:b4:85:df:
                    f3:53:38:b7:8f:58:df:93:0e:cb:bc:5e:19:ef:28:
                    10:4f:07:f6:f8:57:69:b9:ad:eb:cd:7e:51:85:29:
                    dd:6c:4d:5e:a6:f2:45:ea:5c:42:4e:7c:5f:0a:c8:
                    94:d3:34:bf:4a:1d:06:f0:25:53:bb:48:f4:f4:0e:
                    2c:16:5e:b8:53:f2:fc:6e:36:79:27:4e:39:b5:7f:
                    4b:85:e8:fa:f9:c6:e6:69:53:33:be:18:00:58:ee:
                    90:98:ff:cd:95:22:97:08:dd:b6:db:e5:83:1c:ba:
                    4e:7c:17:e7:41:c2:a8:92:45:a9:c9:b5:70:69:b2:
                    8a:a3:ea:c5:f5:b9:28:16:8b:f6:2a:a2:52:80:68:
                    72:da:03:ee:f0:43:55:5d:f9:7f:ce:bf:dc:76:a6:
                    bd:b3:6d:0f:98:30:69:fd:a0:7b:e0:a1:0a:31:23:
                    c7:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:05:C0:8E:71:B8:4E:0D:F5:FC:84:86:54:A1:D7:43:9A:B8:E7:1A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ac285f19-324f-4769-988a-0b6c67139e64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.116.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         41:8a:d2:08:43:a3:db:c3:1d:0d:29:64:c4:70:31:2c:d3:18:
         2c:75:2c:c8:65:cc:73:0e:96:7d:7d:28:bb:c7:6e:16:a2:1d:
         27:29:04:b2:b3:3d:55:ec:b4:50:5d:b4:98:3f:99:cd:bb:6e:
         db:6d:54:0a:f1:05:36:c3:57:70:a6:e1:62:47:af:64:31:42:
         91:7c:67:67:3d:0a:44:a3:16:6c:3f:16:45:52:93:bf:1e:e8:
         f8:d3:50:36:ae:6b:fb:93:a9:d5:25:66:76:e3:d7:ed:e0:69:
         db:85:89:c9:cf:04:33:da:75:d3:c2:2f:cc:e0:52:c8:34:4c:
         07:e7:2a:c0:cb:6b:45:13:3f:f4:4c:a6:60:c2:c6:98:44:31:
         87:a9:ae:50:3f:9f:21:f7:09:02:06:d4:94:33:38:da:6e:df:
         4b:88:59:0e:60:5d:63:4f:c1:d5:a8:89:5e:23:9b:0f:ae:4d:
         7f:f8:f7:c4:a5:49:99:20:de:cf:a3:65:77:a2:66:25:1b:35:
         eb:35:92:3d:5f:3d:6f:af:01:24:d9:7e:86:06:77:58:5d:99:
         a6:85:bc:21:04:41:13:10:7d:d5:01:12:18:45:df:dc:a8:3a:
         42:7e:91:b0:c0:b2:54:66:c7:9f:6e:83:eb:6e:86:ff:53:16:
         01:fb:6b:e2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMMHY2GuudTghLnIFpxGzcv8tkqkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI1MDA1MTE5WhcNMjYwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyY2UwY2YxNzYwYzA5OGVkYWU3ZGZlZDliNWE5ZWJmOTIx
MDI3YWNmNTM5NmFjMWNmODg3YTAyZjhlZjVkMWMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD4BmB77emCxUagLoHz/TeFRdD8coENEEuBIgqs/wzGIYPN
HWDnxR+8wkd1/CzjAFihPNskqTN0BacoW8fuaRjGjXwRpOCjo0VU1Nrssb9ObmAm
/3HD47SF3/NTOLePWN+TDsu8XhnvKBBPB/b4V2m5revNflGFKd1sTV6m8kXqXEJO
fF8KyJTTNL9KHQbwJVO7SPT0DiwWXrhT8vxuNnknTjm1f0uF6Pr5xuZpUzO+GABY
7pCY/82VIpcI3bbb5YMcuk58F+dBwqiSRanJtXBpsoqj6sX1uSgWi/YqolKAaHLa
A+7wQ1Vd+X/Ov9x2pr2zbQ+YMGn9oHvgoQoxI8c7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUgwXAjnG4Tg31/ISGVKHXQ5q45xowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FjMjg1ZjE5LTMyNGYtNDc2OS05ODhhLTBiNmM2NzEzOWU2NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE2dDANBgkqhkiG9w0BAQsFAAOCAQEAQYrSCEOj28MdDSlkxHAxLNMYLHUs
yGXMcw6WfX0ou8duFqIdJykEsrM9Vey0UF20mD+Zzbtu221UCvEFNsNXcKbhYkev
ZDFCkXxnZz0KRKMWbD8WRVKTvx7o+NNQNq5r+5Op1SVmduPX7eBp24WJyc8EM9p1
08IvzOBSyDRMB+cqwMtrRRM/9EymYMLGmEQxh6muUD+fIfcJAgbUlDM42m7fS4hZ
DmBdY0/B1aiJXiObD65Nf/j3xKVJmSDez6Nld6JmJRs16zWSPV89b68BJNl+hgZ3
WF2ZpoW8IQRBExB91QESGEXf3Kg6Qn6RsMCyVGbHn26D626G/1MWAftr4g==
-----END CERTIFICATE-----