Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af71deda-bc43-4d3b-ac30-314953a27a4b.roa
File:                     af71deda-bc43-4d3b-ac30-314953a27a4b.roa (raw, json)
Hash identifier:          nzHoIrsD8vbOFGEypEwLZNtqF0d0Cl/dy//lmOI9w+E=
Subject key identifier:   3F:40:70:28:F4:32:BC:A6:81:6D:30:79:AE:40:2D:F0:81:AF:40:47
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       50EC442262FFE85F5E5B0141EF4831F14483DA46
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af71deda-bc43-4d3b-ac30-314953a27a4b.roa
Signing time:             Sun 15 Feb 2026 00:21:42 +0000
ROA not before:           Sun 15 Feb 2026 00:21:42 +0000
ROA not after:            Sat 16 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.104.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:ec:44:22:62:ff:e8:5f:5e:5b:01:41:ef:48:31:f1:44:83:da:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 15 00:21:42 2026 GMT
            Not After : May 16 23:59:59 2026 GMT
        Subject: serialNumber=cf8fde7e3fdc860cbf55624dbe6db045764c235c2f92358041addff65b5d5bad, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:06:56:65:fc:cf:15:ac:1c:75:12:e4:15:b9:
                    8b:12:53:20:95:1f:76:4d:16:e2:09:69:63:0a:af:
                    8b:d5:1e:63:a6:b9:bd:25:d3:1b:b2:ba:1b:17:9c:
                    b7:51:45:84:08:73:c1:64:99:cb:67:98:2c:0a:9d:
                    b6:53:3d:38:aa:fe:3d:f2:76:7b:3b:ee:50:88:b6:
                    f3:05:d9:a5:5b:da:55:39:2c:85:c1:0d:76:03:01:
                    ec:ec:dc:d0:fc:cb:90:e1:3f:41:de:4c:a9:c2:17:
                    57:11:e3:6f:fb:8c:5a:bc:28:4a:a8:27:1e:19:68:
                    b3:63:5e:ad:24:6f:ad:8c:51:01:1b:30:fe:51:e8:
                    60:89:01:4d:d7:db:14:7c:df:a7:fb:53:81:f5:0b:
                    36:22:64:c6:36:94:b5:e5:e6:71:23:ea:21:f3:b2:
                    3b:0f:58:39:bc:f2:47:25:7c:31:01:20:74:13:0c:
                    b6:d7:20:75:82:1e:41:79:d4:ba:e5:83:57:cd:a6:
                    00:d8:32:b0:75:73:bd:7c:2c:df:b0:09:2c:71:ed:
                    20:7f:08:25:ca:9c:7d:3c:fc:a6:cd:8c:91:cb:14:
                    cc:19:60:74:ed:79:ce:c3:94:b1:c0:cb:aa:fc:f4:
                    65:4d:b2:b1:c7:b1:cf:9f:78:0c:69:2b:cc:37:3e:
                    53:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:40:70:28:F4:32:BC:A6:81:6D:30:79:AE:40:2D:F0:81:AF:40:47
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af71deda-bc43-4d3b-ac30-314953a27a4b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:2d:0e:70:4d:6f:38:0a:ce:56:fd:cc:e1:67:a2:fc:ad:1a:
         70:6b:8e:f0:c4:b8:b5:49:c0:fd:25:48:ac:ae:b9:f2:10:9d:
         dd:bc:99:91:77:fc:8a:6f:e1:9c:6f:b8:b9:35:f9:3f:1f:06:
         81:7d:41:f5:1a:94:a2:0e:38:72:35:08:28:66:fe:8f:3c:13:
         38:c2:e0:09:11:fc:18:01:5a:d0:6e:37:49:c5:de:93:7e:ff:
         9d:4c:f0:e4:a8:93:5c:c1:1e:65:b8:c7:63:c5:67:12:25:94:
         2b:42:b3:3a:9c:23:13:a9:58:e5:cc:04:db:61:54:e3:8b:08:
         97:0c:9e:e8:dc:d2:c6:71:9a:1d:5c:6d:93:79:17:66:7a:e7:
         aa:3c:fe:0c:a8:9c:60:60:32:62:2f:23:47:86:cf:e7:12:c1:
         b8:02:13:3b:12:5a:d0:c7:5b:55:11:1d:2a:f0:a9:fe:e6:0f:
         8a:a4:c5:e7:89:c0:87:2b:fd:93:a8:1e:98:73:91:ef:9e:98:
         29:8d:d2:d6:cb:c6:ae:9e:ed:87:42:9a:53:26:5b:3a:ce:6c:
         ab:0f:fc:bd:26:d0:7d:20:db:b3:e1:bc:2b:b9:a4:31:d7:57:
         61:94:97:fa:2b:8a:64:3b:a4:d9:e7:ab:4c:76:3c:b7:80:f8:
         56:30:f8:18
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUOxEImL/6F9eWwFB70gx8USD2kYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjE1MDAyMTQyWhcNMjYwNTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZjhmZGU3ZTNmZGM4NjBjYmY1NTYyNGRiZTZkYjA0NTc2
NGMyMzVjMmY5MjM1ODA0MWFkZGZmNjViNWQ1YmFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSBlZl/M8VrBx1EuQVuYsSUyCVH3ZNFuIJaWMKr4vVHmOm
ub0l0xuyuhsXnLdRRYQIc8FkmctnmCwKnbZTPTiq/j3ydns77lCItvMF2aVb2lU5
LIXBDXYDAezs3ND8y5DhP0HeTKnCF1cR42/7jFq8KEqoJx4ZaLNjXq0kb62MUQEb
MP5R6GCJAU3X2xR836f7U4H1CzYiZMY2lLXl5nEj6iHzsjsPWDm88kclfDEBIHQT
DLbXIHWCHkF51Lrlg1fNpgDYMrB1c718LN+wCSxx7SB/CCXKnH08/KbNjJHLFMwZ
YHTtec7DlLHAy6r89GVNsrHHsc+feAxpK8w3PlO9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUP0BwKPQyvKaBbTB5rkAt8IGvQEcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmNzFkZWRhLWJjNDMtNGQzYi1hYzMwLTMxNDk1M2EyN2E0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjlmgwDQYJKoZIhvcNAQELBQADggEBACktDnBNbzgKzlb9zOFnovytGnBr
jvDEuLVJwP0lSKyuufIQnd28mZF3/Ipv4ZxvuLk1+T8fBoF9QfUalKIOOHI1CChm
/o88EzjC4AkR/BgBWtBuN0nF3pN+/51M8OSok1zBHmW4x2PFZxIllCtCszqcIxOp
WOXMBNthVOOLCJcMnujc0sZxmh1cbZN5F2Z656o8/gyonGBgMmIvI0eGz+cSwbgC
EzsSWtDHW1URHSrwqf7mD4qkxeeJwIcr/ZOoHphzke+emCmN0tbLxq6e7YdCmlMm
WzrObKsP/L0m0H0g27PhvCu5pDHXV2GUl/orimQ7pNnnq0x2PLeA+FYw+Bg=
-----END CERTIFICATE-----