Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c3b37376-bf16-4f7e-b9b5-c70c5f517ac5.roa
File:                     c3b37376-bf16-4f7e-b9b5-c70c5f517ac5.roa (raw, json)
Hash identifier:          +oiG+HCOFhAQAsV8bOnPqofBmPCWq0SI9/1DDC5QqoM=
Subject key identifier:   85:C7:B5:5C:D1:11:E5:56:2A:BE:E3:E5:82:AE:13:C1:1B:E3:06:DB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6FE707CF5195D3F3F541D7F898527E62E18DDE0C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c3b37376-bf16-4f7e-b9b5-c70c5f517ac5.roa
Signing time:             Tue 24 Feb 2026 01:51:47 +0000
ROA not before:           Tue 24 Feb 2026 01:51:47 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        149.128.64.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:e7:07:cf:51:95:d3:f3:f5:41:d7:f8:98:52:7e:62:e1:8d:de:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 24 01:51:47 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=ff948423708d1cbf05717deb79e1ad7730ac6d5e23369d03bf1ac672e0a3dc3d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:7e:fb:00:32:43:8b:c6:fe:29:25:e0:c7:cd:
                    24:cd:e9:46:83:be:8e:f0:0d:37:9d:63:a5:ea:b5:
                    bc:e7:8a:46:81:ed:ae:b3:72:40:bd:a8:69:04:36:
                    89:a9:14:9f:f5:1b:40:ea:ca:60:ed:fc:ed:ab:7b:
                    77:b4:d3:52:2a:ef:fd:f1:f1:b9:cb:eb:68:32:5d:
                    41:ea:98:f7:2f:af:8a:fb:a7:d1:44:40:ba:e2:f3:
                    05:f9:1a:b1:cf:3a:04:85:dd:f4:59:f2:9d:4d:d8:
                    34:ec:96:40:d2:5d:00:4a:af:ab:fc:4b:f0:b7:0b:
                    58:0e:bf:75:9b:d3:8e:58:15:4b:aa:53:7c:5b:2a:
                    f0:0f:1d:c4:53:56:55:38:b9:6a:a1:ef:34:ca:a9:
                    b6:29:57:1e:fe:81:4c:9b:cb:73:32:b8:05:b6:2c:
                    d1:80:4b:ad:6a:eb:b9:bb:5d:e9:e2:30:4c:c0:83:
                    00:d7:96:07:dc:5b:72:63:df:db:f6:c4:77:0f:50:
                    4a:85:f2:f9:04:3c:c0:c4:fb:bd:4b:48:0e:2a:aa:
                    40:e3:d0:ba:5d:c6:7f:da:5a:6c:0c:c3:f1:f5:ee:
                    63:6b:bf:72:49:c8:80:21:39:6f:ad:4f:50:91:67:
                    61:e6:d3:6a:92:06:bb:d2:53:c8:ae:2d:aa:6e:3d:
                    4f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:C7:B5:5C:D1:11:E5:56:2A:BE:E3:E5:82:AE:13:C1:1B:E3:06:DB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c3b37376-bf16-4f7e-b9b5-c70c5f517ac5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.128.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         24:d5:6a:69:84:0a:93:9a:a6:08:23:e4:80:51:bb:1e:26:89:
         0a:8c:d8:01:92:d7:2a:3e:fa:16:b0:e9:b0:f4:d7:1e:73:b4:
         e8:b3:7b:a3:a9:7d:2b:a9:a9:94:70:24:7c:c0:cf:83:5e:d7:
         3e:ee:93:4b:53:fc:85:a7:c8:c9:d4:9e:de:49:62:09:15:5c:
         9d:5a:ae:44:a4:11:56:70:a3:7b:3b:66:ec:7f:4e:6f:36:4e:
         9d:8e:77:96:8e:98:47:13:06:cb:6f:45:f7:47:80:c2:04:3b:
         2e:62:f9:4d:9e:5d:62:2b:89:30:15:d8:5e:16:39:03:4f:73:
         37:97:68:03:db:14:ff:54:9e:a4:7c:9e:e5:ee:1a:25:ee:59:
         1c:51:63:1b:86:b9:b5:6f:a5:83:e8:8e:49:4b:36:51:25:3d:
         23:58:03:f4:1c:92:3c:73:5a:ef:78:32:a7:ad:df:c2:c0:0e:
         b3:62:a4:a2:13:9d:ec:da:17:3d:e4:df:00:9d:d9:b1:30:6e:
         97:e4:9b:00:3f:79:1b:80:93:de:d4:24:0e:92:8b:1a:24:b9:
         29:65:09:a9:09:2a:ee:06:9f:6f:3a:8e:68:22:40:b3:ac:c5:
         d5:06:8e:38:2e:81:83:fe:e6:49:86:59:a5:23:e9:ad:46:03:
         cb:ff:da:34
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb+cHz1GV0/P1Qdf4mFJ+YuGN3gwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI0MDE1MTQ3WhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjk0ODQyMzcwOGQxY2JmMDU3MTdkZWI3OWUxYWQ3NzMw
YWM2ZDVlMjMzNjlkMDNiZjFhYzY3MmUwYTNkYzNkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgfvsAMkOLxv4pJeDHzSTN6UaDvo7wDTedY6XqtbznikaB
7a6zckC9qGkENompFJ/1G0DqymDt/O2re3e001Iq7/3x8bnL62gyXUHqmPcvr4r7
p9FEQLri8wX5GrHPOgSF3fRZ8p1N2DTslkDSXQBKr6v8S/C3C1gOv3Wb045YFUuq
U3xbKvAPHcRTVlU4uWqh7zTKqbYpVx7+gUyby3MyuAW2LNGAS61q67m7XeniMEzA
gwDXlgfcW3Jj39v2xHcPUEqF8vkEPMDE+71LSA4qqkDj0Lpdxn/aWmwMw/H17mNr
v3JJyIAhOW+tT1CRZ2Hm02qSBrvSU8iuLapuPU8NAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhce1XNER5VYqvuPlgq4TwRvjBtswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MzYjM3Mzc2LWJmMTYtNGY3ZS1iOWI1LWM3MGM1ZjUxN2FjNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWVgEAwDQYJKoZIhvcNAQELBQADggEBACTVammECpOapggj5IBRux4miQqM
2AGS1yo++haw6bD01x5ztOize6OpfSupqZRwJHzAz4Ne1z7uk0tT/IWnyMnUnt5J
YgkVXJ1arkSkEVZwo3s7Zux/Tm82Tp2Od5aOmEcTBstvRfdHgMIEOy5i+U2eXWIr
iTAV2F4WOQNPczeXaAPbFP9UnqR8nuXuGiXuWRxRYxuGubVvpYPojklLNlElPSNY
A/QckjxzWu94Mqet38LADrNipKITnezaFz3k3wCd2bEwbpfkmwA/eRuAk97UJA6S
ixokuSllCakJKu4Gn286jmgiQLOsxdUGjjgugYP+5kmGWaUj6a1GA8v/2jQ=
-----END CERTIFICATE-----