Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c977eb9d-099b-4d38-9530-e53860d229d8.roa
File:                     c977eb9d-099b-4d38-9530-e53860d229d8.roa (raw, json)
Hash identifier:          DAvg21LzwjBb8TDdGguMmA79DYNBXEl37FK6qKWND1g=
Subject key identifier:   B4:58:C9:65:23:76:AB:03:B6:93:FE:81:D5:69:E3:61:92:38:73:E9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4BCFFA5EC67452863315641FFCABE07A32E601A3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c977eb9d-099b-4d38-9530-e53860d229d8.roa
Signing time:             Wed 25 Feb 2026 02:21:18 +0000
ROA not before:           Wed 25 Feb 2026 02:21:18 +0000
ROA not after:            Tue 26 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f00:3440::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:cf:fa:5e:c6:74:52:86:33:15:64:1f:fc:ab:e0:7a:32:e6:01:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 25 02:21:18 2026 GMT
            Not After : May 26 23:59:59 2026 GMT
        Subject: serialNumber=4499ba44546e76fb57cbb3669929d6cbc03ecf4b37f30c08a6914c91b6ff17b9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4c:d9:ba:cb:f0:b0:a6:8d:ac:2b:33:20:e1:
                    00:20:c9:e9:de:cc:d8:34:e6:6c:dc:e6:0b:ef:31:
                    8c:8d:30:e5:7e:af:89:6b:81:e0:b2:a3:10:11:97:
                    c3:16:b0:3e:07:48:1f:4c:71:39:6c:96:55:1f:01:
                    d9:28:b5:95:55:58:16:c9:b1:a7:49:47:83:82:e4:
                    0d:54:06:8b:81:e7:b4:6e:ee:b9:b9:6b:14:1e:6f:
                    20:72:2c:8c:6b:89:9f:dc:e5:d4:a6:c7:15:f8:02:
                    ee:80:d3:ec:20:cc:c1:ee:bd:1e:f8:52:e1:21:76:
                    3b:54:60:69:4d:4a:a1:e0:a5:83:f1:93:c8:36:a3:
                    85:3e:fc:32:69:e4:5e:16:82:12:7f:77:47:c3:4b:
                    c5:d6:cc:c1:c4:f6:69:05:87:91:d3:ed:ed:88:c6:
                    6c:46:e6:0e:93:88:a5:54:6b:05:c3:ce:05:a1:da:
                    87:94:5d:e0:87:42:19:53:82:e8:de:4b:d1:78:ed:
                    89:46:0e:d6:20:4d:d6:03:6e:4a:d6:76:5e:ab:8f:
                    a9:7b:aa:1d:87:09:ea:af:7a:a9:d5:45:5c:04:a8:
                    56:ad:ed:78:27:65:8a:d6:07:0b:28:a3:2a:02:6a:
                    b9:b0:b5:60:e6:fc:0e:f2:03:bb:14:1f:4f:c5:df:
                    53:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:58:C9:65:23:76:AB:03:B6:93:FE:81:D5:69:E3:61:92:38:73:E9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c977eb9d-099b-4d38-9530-e53860d229d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f00:3440::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:8f:76:f0:b9:72:2e:98:c6:d5:e0:db:ac:90:3a:bb:86:dc:
         03:8e:b0:83:44:72:7f:bb:56:6e:9b:05:5a:3c:61:e3:8d:c0:
         ef:80:90:69:79:fb:71:84:5a:c4:fe:f9:f4:af:01:e2:f7:00:
         8c:81:7f:3c:4e:fa:b1:d5:48:db:40:7a:66:06:1b:ad:3d:0b:
         b9:f8:ae:db:f6:88:f2:3e:e4:c6:01:42:10:d9:87:86:85:62:
         8b:9a:71:2a:a6:73:1a:26:c7:7e:b5:eb:e2:97:c8:45:5b:63:
         02:8f:d4:88:7d:4f:ec:dd:53:67:99:97:b6:40:5d:9c:4c:9c:
         12:7c:51:47:09:14:af:2f:f5:e8:51:4e:1c:99:d7:c1:81:57:
         5c:fa:3b:7c:b5:2f:4e:92:21:d7:56:90:7d:b9:20:91:a8:74:
         5d:1b:01:52:d6:1a:e5:cb:b7:c3:bb:2f:b0:b3:19:f9:80:11:
         34:5b:6f:0d:ad:e9:07:4a:a9:99:de:7b:65:79:ab:a8:19:cb:
         b8:6d:6b:78:58:51:ac:95:d1:f4:5f:3a:15:ad:bf:39:21:ab:
         d5:9d:fd:fe:37:17:d9:da:40:78:52:a4:ee:90:05:75:f5:dc:
         13:1a:78:53:09:a0:1c:86:90:71:b3:95:30:47:ae:e3:f7:92:
         22:6a:62:a1
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUS8/6XsZ0UoYzFWQf/KvgejLmAaMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI1MDIyMTE4WhcNMjYwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NDk5YmE0NDU0NmU3NmZiNTdjYmIzNjY5OTI5ZDZjYmMw
M2VjZjRiMzdmMzBjMDhhNjkxNGM5MWI2ZmYxN2I5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHTNm6y/Cwpo2sKzMg4QAgyenezNg05mzc5gvvMYyNMOV+
r4lrgeCyoxARl8MWsD4HSB9McTlsllUfAdkotZVVWBbJsadJR4OC5A1UBouB57Ru
7rm5axQebyByLIxriZ/c5dSmxxX4Au6A0+wgzMHuvR74UuEhdjtUYGlNSqHgpYPx
k8g2o4U+/DJp5F4WghJ/d0fDS8XWzMHE9mkFh5HT7e2IxmxG5g6TiKVUawXDzgWh
2oeUXeCHQhlTgujeS9F47YlGDtYgTdYDbkrWdl6rj6l7qh2HCeqveqnVRVwEqFat
7XgnZYrWBwsooyoCarmwtWDm/A7yA7sUH0/F31MtAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUtFjJZSN2qwO2k/6B1WnjYZI4c+kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M5NzdlYjlkLTA5OWItNGQzOC05NTMwLWU1Mzg2MGQyMjlkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8ANEAwDQYJKoZIhvcNAQELBQADggEBAEuPdvC5ci6YxtXg26yQOruG
3AOOsINEcn+7Vm6bBVo8YeONwO+AkGl5+3GEWsT++fSvAeL3AIyBfzxO+rHVSNtA
emYGG609C7n4rtv2iPI+5MYBQhDZh4aFYouacSqmcxomx3616+KXyEVbYwKP1Ih9
T+zdU2eZl7ZAXZxMnBJ8UUcJFK8v9ehRThyZ18GBV1z6O3y1L06SIddWkH25IJGo
dF0bAVLWGuXLt8O7L7CzGfmAETRbbw2t6QdKqZnee2V5q6gZy7hta3hYUayV0fRf
OhWtvzkhq9Wd/f43F9naQHhSpO6QBXX13BMaeFMJoByGkHGzlTBHruP3kiJqYqE=
-----END CERTIFICATE-----