Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd2952bd-ccae-41d1-a73e-254ac17830cd.roa
File:                     bd2952bd-ccae-41d1-a73e-254ac17830cd.roa (raw, json)
Hash identifier:          xapKbXEoKr4hnFRDjIc0gb7E5UpGMybUNbpMzD4S23Q=
Subject key identifier:   69:F8:31:95:A1:E6:9D:FD:B7:03:D2:9D:72:FD:03:F3:74:63:1F:37
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3926601A78DA589E869E0FE51D7D6311AD98DD0C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd2952bd-ccae-41d1-a73e-254ac17830cd.roa
Signing time:             Sat 16 May 2026 00:20:10 +0000
ROA not before:           Sat 16 May 2026 00:20:10 +0000
ROA not after:            Fri 14 Aug 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f1f:4000::/37 maxlen: 37
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 14 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:26:60:1a:78:da:58:9e:86:9e:0f:e5:1d:7d:63:11:ad:98:dd:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 16 00:20:10 2026 GMT
            Not After : Aug 14 23:59:59 2026 GMT
        Subject: serialNumber=2899bb6982f4e2f0fc42cc19e9308fc29ef0489a3d294c6e7ae6aa273214f6f1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:15:72:b1:6c:6d:3f:15:76:4f:d5:71:a9:95:
                    80:30:39:7d:c8:ff:48:be:cd:35:1a:fc:31:4e:5c:
                    09:e4:97:e8:f3:a1:ca:38:e1:a0:f2:fa:bc:37:d7:
                    ae:76:a3:6f:15:6c:81:98:5a:64:13:80:62:57:9f:
                    cf:64:83:60:f0:9f:e1:95:04:3b:bb:a8:73:a9:50:
                    ea:43:ce:b5:13:3b:97:0a:21:54:5a:1d:ed:43:a8:
                    e8:db:d8:5d:78:11:f6:4a:4c:4f:e8:0a:d5:82:4b:
                    83:79:8d:5e:28:38:28:31:d8:ca:fe:ce:cf:af:50:
                    63:41:88:ec:84:71:23:53:50:a1:33:ef:c2:9c:7d:
                    16:cb:36:b8:5e:a3:15:f4:93:81:7b:f9:a7:d0:bd:
                    2a:c5:b6:70:03:5f:33:3b:15:32:ce:8c:5c:10:f8:
                    ca:21:e6:9c:97:89:99:8d:09:51:8f:2b:da:ad:1f:
                    a3:f5:05:f4:d5:96:c9:4d:a5:c7:d8:83:93:1a:f5:
                    96:a6:0e:d2:85:a9:b3:10:f6:d2:25:f4:01:01:2d:
                    8f:da:89:bc:5f:97:0f:b5:4b:8d:64:40:ba:98:22:
                    59:22:48:de:74:ee:04:32:76:62:9e:f3:25:c4:9e:
                    78:cc:f2:ba:6e:19:e0:53:89:f0:f0:b2:12:bd:e9:
                    26:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:F8:31:95:A1:E6:9D:FD:B7:03:D2:9D:72:FD:03:F3:74:63:1F:37
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd2952bd-ccae-41d1-a73e-254ac17830cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1f:4000::/37

    Signature Algorithm: sha256WithRSAEncryption
         3e:9f:0d:21:62:59:e5:b6:dd:e7:a1:1e:af:f4:7d:98:f5:54:
         c0:f6:f9:5b:aa:15:75:74:3f:12:fa:32:72:39:d1:7d:96:ec:
         48:c8:41:f0:e2:76:1a:24:92:45:31:7a:ea:7c:97:56:9a:8f:
         d6:ee:36:79:3c:53:42:13:85:c3:c0:ae:8a:42:ba:e0:e8:66:
         bd:7f:bf:53:e5:79:eb:32:c7:25:4c:42:71:fa:ba:a2:e2:af:
         20:b0:3e:f2:c2:3c:af:b9:15:17:6d:1b:35:47:d3:db:3c:d2:
         aa:09:d5:98:32:18:9a:8d:5e:09:3c:9b:61:7b:ac:f2:fe:dc:
         94:e4:a9:e6:38:f1:5a:c1:ac:02:5b:8e:b3:f9:f4:46:ab:63:
         27:78:66:99:37:74:49:30:64:65:fe:4c:53:8a:45:29:24:5d:
         12:46:e8:1d:91:da:45:6d:35:b0:2c:39:de:dc:4a:61:dd:13:
         33:f8:b4:f3:c9:77:dd:60:ed:dd:66:54:f3:46:24:20:d6:1d:
         5d:4a:fd:73:2f:96:03:ae:38:49:ff:88:1f:4f:5b:ab:e3:d2:
         a8:f5:ab:f0:f9:66:6c:a9:00:5b:36:5d:7d:56:7e:a5:7c:1a:
         b3:b7:bb:ca:83:26:aa:c3:10:96:39:03:31:30:34:e1:61:30:
         60:7a:42:f8
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUOSZgGnjaWJ6Gng/lHX1jEa2Y3QwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwNTE2MDAyMDEwWhcNMjYwODE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyODk5YmI2OTgyZjRlMmYwZmM0MmNjMTllOTMwOGZjMjll
ZjA0ODlhM2QyOTRjNmU3YWU2YWEyNzMyMTRmNmYxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZFXKxbG0/FXZP1XGplYAwOX3I/0i+zTUa/DFOXAnkl+jz
oco44aDy+rw31652o28VbIGYWmQTgGJXn89kg2Dwn+GVBDu7qHOpUOpDzrUTO5cK
IVRaHe1DqOjb2F14EfZKTE/oCtWCS4N5jV4oOCgx2Mr+zs+vUGNBiOyEcSNTUKEz
78KcfRbLNrheoxX0k4F7+afQvSrFtnADXzM7FTLOjFwQ+Moh5pyXiZmNCVGPK9qt
H6P1BfTVlslNpcfYg5Ma9ZamDtKFqbMQ9tIl9AEBLY/aibxflw+1S41kQLqYIlki
SN507gQydmKe8yXEnnjM8rpuGeBTifDwshK96Sa3AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUafgxlaHmnf23A9Kdcv0D83RjHzcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JkMjk1MmJkLWNjYWUtNDFkMS1hNzNlLTI1NGFjMTc4MzBjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgMmAB8fQDANBgkqhkiG9w0BAQsFAAOCAQEAPp8NIWJZ5bbd56Eer/R9mPVU
wPb5W6oVdXQ/EvoycjnRfZbsSMhB8OJ2GiSSRTF66nyXVpqP1u42eTxTQhOFw8Cu
ikK64OhmvX+/U+V56zLHJUxCcfq6ouKvILA+8sI8r7kVF20bNUfT2zzSqgnVmDIY
mo1eCTybYXus8v7clOSp5jjxWsGsAluOs/n0RqtjJ3hmmTd0STBkZf5MU4pFKSRd
EkboHZHaRW01sCw53txKYd0TM/i088l33WDt3WZU80YkINYdXUr9cy+WA644Sf+I
H09bq+PSqPWr8PlmbKkAWzZdfVZ+pXwas7e7yoMmqsMQljkDMTA04WEwYHpC+A==
-----END CERTIFICATE-----