Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bfe87b6a-6268-4844-b06c-6fd81096a44f.roa
File:                     bfe87b6a-6268-4844-b06c-6fd81096a44f.roa (raw, json)
Hash identifier:          SJwJMW1l4L/YOtUDzIt5kRnKXaDq9Oz7tA9Mw8GjYAg=
Subject key identifier:   0D:E9:29:D7:D3:7A:F1:0B:28:CE:5D:38:70:AB:83:ED:2F:43:6F:D2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0175A0C232C429EEA4667EF14656C252A9AE7F83
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bfe87b6a-6268-4844-b06c-6fd81096a44f.roa
Signing time:             Sat 21 Feb 2026 01:41:12 +0000
ROA not before:           Sat 21 Feb 2026 01:41:12 +0000
ROA not after:            Fri 22 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        71.152.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:75:a0:c2:32:c4:29:ee:a4:66:7e:f1:46:56:c2:52:a9:ae:7f:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 21 01:41:12 2026 GMT
            Not After : May 22 23:59:59 2026 GMT
        Subject: serialNumber=1629a6f36e90628d449313270183818b5446c3fd04f10c702df63cd53120a791, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:69:cd:34:38:88:37:db:6e:69:48:43:87:c2:
                    db:7f:3a:d7:01:90:24:b0:26:78:56:4c:92:9d:a9:
                    80:ed:95:00:6c:1f:55:d6:4f:3f:87:1c:e4:f5:f3:
                    eb:88:21:03:86:09:ec:16:ed:dc:df:a8:4e:04:28:
                    ab:a4:fe:04:75:bb:b2:5c:44:57:af:e1:c0:38:b7:
                    2f:47:6b:f8:2b:9e:bc:fb:42:17:9a:68:73:75:81:
                    41:0c:62:d6:66:45:5b:df:cf:48:3b:7f:af:21:91:
                    14:22:96:c0:9c:82:b1:d9:de:76:e2:19:43:bc:1f:
                    5c:09:5b:63:6a:87:4c:0a:a1:42:d9:2a:ed:f6:31:
                    a3:48:71:6f:6a:cc:c2:9e:c7:38:5b:c6:67:ae:34:
                    19:62:ec:c3:67:9c:f1:a2:fa:5a:a1:c4:70:4f:8e:
                    0d:fa:8b:dd:38:18:8f:5f:65:e3:7d:18:9c:7e:7e:
                    24:22:10:f8:90:c8:c6:d5:c9:b4:19:83:95:e2:b6:
                    a1:d8:e1:ac:03:4a:c0:f1:52:36:c1:cf:74:82:c5:
                    61:75:1e:df:bd:ab:72:aa:de:62:62:61:fd:77:c7:
                    9d:b9:1f:9d:b9:ab:b7:7f:db:bf:26:fb:2b:32:bb:
                    66:68:c0:ea:d8:1f:5e:e8:6c:57:91:a5:dc:f2:a0:
                    2b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:E9:29:D7:D3:7A:F1:0B:28:CE:5D:38:70:AB:83:ED:2F:43:6F:D2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bfe87b6a-6268-4844-b06c-6fd81096a44f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.152.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:17:e6:f2:71:44:b8:9c:ef:76:e2:f6:70:8a:6c:f1:5a:72:
         50:d1:01:d9:1e:4f:e7:9b:dc:a0:65:cc:e5:d8:d4:d1:04:f6:
         68:56:91:c2:ae:ef:7e:59:c7:ca:5a:c7:fc:74:08:2c:0f:fe:
         62:b1:cf:fc:3a:e5:3b:e2:d2:5e:65:ad:e6:af:06:3c:bb:ac:
         c3:c7:94:6e:72:72:92:bc:a8:9d:eb:f9:48:df:24:e7:fe:27:
         14:40:44:45:f4:25:69:19:c4:e4:40:c7:37:a1:0b:d0:95:2f:
         9e:21:22:76:5f:d5:bf:f5:0a:c1:e3:82:cd:15:58:20:8d:ba:
         6c:e4:ab:42:03:75:83:21:e3:e2:b3:98:4b:4e:6c:46:2b:79:
         2f:02:15:37:60:b7:65:ee:90:ea:f3:c8:d3:3f:07:fc:da:5e:
         b0:e7:8e:d4:3b:08:59:61:f6:cc:0a:95:10:48:45:6c:59:04:
         af:15:64:63:27:78:33:a3:61:34:44:2e:c4:49:bf:10:54:ed:
         3b:f5:4e:91:ad:97:cd:bc:bd:d5:23:92:9b:89:10:7c:10:df:
         c6:2a:d9:4e:e5:fd:2d:82:f0:8e:07:cf:76:24:57:5b:5b:8b:
         94:86:d7:65:b5:34:27:9c:68:f8:71:75:bf:11:8e:dc:28:22:
         ff:72:ec:8b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAXWgwjLEKe6kZn7xRlbCUqmuf4MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjIxMDE0MTEyWhcNMjYwNTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjI5YTZmMzZlOTA2MjhkNDQ5MzEzMjcwMTgzODE4YjU0
NDZjM2ZkMDRmMTBjNzAyZGY2M2NkNTMxMjBhNzkxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTac00OIg3225pSEOHwtt/OtcBkCSwJnhWTJKdqYDtlQBs
H1XWTz+HHOT18+uIIQOGCewW7dzfqE4EKKuk/gR1u7JcRFev4cA4ty9Ha/grnrz7
QheaaHN1gUEMYtZmRVvfz0g7f68hkRQilsCcgrHZ3nbiGUO8H1wJW2Nqh0wKoULZ
Ku32MaNIcW9qzMKexzhbxmeuNBli7MNnnPGi+lqhxHBPjg36i904GI9fZeN9GJx+
fiQiEPiQyMbVybQZg5XitqHY4awDSsDxUjbBz3SCxWF1Ht+9q3Kq3mJiYf13x525
H525q7d/278m+ysyu2ZowOrYH17obFeRpdzyoCs3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDekp19N68Qsozl04cKuD7S9Db9IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmZTg3YjZhLTYyNjgtNDg0NC1iMDZjLTZmZDgxMDk2YTQ0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABHmGUwDQYJKoZIhvcNAQELBQADggEBAEUX5vJxRLic73bi9nCKbPFaclDR
AdkeT+eb3KBlzOXY1NEE9mhWkcKu735Zx8pax/x0CCwP/mKxz/w65Tvi0l5lreav
Bjy7rMPHlG5ycpK8qJ3r+UjfJOf+JxRAREX0JWkZxORAxzehC9CVL54hInZf1b/1
CsHjgs0VWCCNumzkq0IDdYMh4+KzmEtObEYreS8CFTdgt2XukOrzyNM/B/zaXrDn
jtQ7CFlh9swKlRBIRWxZBK8VZGMneDOjYTRELsRJvxBU7Tv1TpGtl828vdUjkpuJ
EHwQ38Yq2U7l/S2C8I4Hz3YkV1tbi5SG12W1NCecaPhxdb8RjtwoIv9y7Is=
-----END CERTIFICATE-----