Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce9cbac2-4749-4385-b952-5b4d9b9484d0.roa
File:                     ce9cbac2-4749-4385-b952-5b4d9b9484d0.roa (raw, json)
Hash identifier:          tPIEWjxvAuNT+he1S8jaXc3BMmzJ4dtWFmq1Bzkf2wQ=
Subject key identifier:   5A:DE:E4:45:DC:AE:8E:A6:D8:A0:EF:9E:D9:19:0D:05:6B:A6:FD:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       116C9A150355AF42AB5F4887B6468ED86CA5B208
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce9cbac2-4749-4385-b952-5b4d9b9484d0.roa
Signing time:             Tue 10 Feb 2026 00:20:51 +0000
ROA not before:           Tue 10 Feb 2026 00:20:51 +0000
ROA not after:            Mon 11 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffa:4000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:6c:9a:15:03:55:af:42:ab:5f:48:87:b6:46:8e:d8:6c:a5:b2:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 10 00:20:51 2026 GMT
            Not After : May 11 23:59:59 2026 GMT
        Subject: serialNumber=4b062dea490718e0e85d233406248b93ae88f9a7309706baaf8391827aa85ade, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:a6:ec:1c:98:98:dd:ca:44:f4:36:e9:77:54:
                    96:9a:55:28:91:62:ef:21:64:cb:3a:2c:b0:58:c1:
                    86:38:70:ac:81:ef:47:aa:46:c4:9e:fd:04:ab:bd:
                    47:d3:4f:96:37:ef:8f:ea:9d:11:3c:dc:d5:eb:69:
                    56:ad:da:40:18:c5:6a:bc:47:2d:5f:c7:20:5c:a5:
                    67:57:32:9b:d5:92:69:04:03:b1:51:64:eb:d4:3a:
                    c3:ee:fe:42:34:dd:d8:38:28:27:0e:7f:cd:99:19:
                    d7:a0:8d:ac:77:03:a0:13:91:a0:d7:5d:55:e8:1b:
                    a6:5c:ad:8c:3b:a1:67:b5:ad:c3:d5:f2:65:31:4a:
                    95:26:ac:11:e4:b8:a5:09:25:f1:bc:a9:eb:b6:e2:
                    b0:5c:d6:3f:89:c2:c9:a4:d0:1e:cd:6a:09:62:f6:
                    31:c1:20:87:37:8e:27:2b:23:c4:60:0d:9e:04:c8:
                    62:07:21:ac:fe:22:37:07:77:fe:4f:f9:cd:22:da:
                    5c:34:ff:98:29:f0:71:90:c6:a1:2e:da:b1:4d:1d:
                    ae:7a:f5:4a:0b:14:d7:a2:a1:ff:c5:83:24:e2:24:
                    2d:52:7c:dc:10:6c:ae:b5:96:c0:50:8b:e5:71:f0:
                    76:7f:6c:b3:d3:e0:76:6e:19:01:25:78:79:bf:d9:
                    43:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:DE:E4:45:DC:AE:8E:A6:D8:A0:EF:9E:D9:19:0D:05:6B:A6:FD:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce9cbac2-4749-4385-b952-5b4d9b9484d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffa:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7d:05:d3:20:17:ed:bf:97:44:d7:e9:27:ae:55:f3:a5:6a:db:
         22:39:b4:20:23:52:41:e2:ec:f6:45:20:8f:c7:e4:df:9d:f1:
         a8:07:75:16:d2:9e:e4:47:73:78:02:7c:a5:3c:dd:28:07:f6:
         26:b6:31:44:26:83:89:e3:c4:7a:dd:16:14:24:61:93:e7:39:
         6f:8c:80:c4:be:18:a9:bf:de:cc:8f:ef:59:dd:40:80:f3:c4:
         d0:a7:96:3d:74:ed:b7:1b:93:0a:64:85:75:cb:4a:22:46:45:
         14:23:b3:80:37:f2:48:cc:84:c1:9a:2c:3b:ed:b8:cf:9b:77:
         c3:1e:95:8f:99:1b:f4:a5:ec:75:b8:54:ad:65:34:85:64:d3:
         cc:46:70:75:6d:bf:a1:26:5d:0b:0e:ea:f4:76:bf:e2:1f:a1:
         1b:a2:3d:20:16:3a:68:5a:29:e5:7a:42:b4:5c:d4:8b:e1:0d:
         72:44:1f:6b:62:3c:34:ce:23:0b:5f:4b:82:92:9f:22:4f:f6:
         13:c6:bf:eb:46:85:f1:e0:bc:f2:bd:14:44:40:2a:f1:7a:b3:
         59:fa:da:a4:e4:7c:33:8f:27:b8:f7:46:ee:73:68:3d:b7:ec:
         a8:21:cc:5d:c1:76:a2:d8:aa:75:05:c5:da:17:9e:57:b4:57:
         af:ef:0a:7c
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUEWyaFQNVr0KrX0iHtkaO2GylsggwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjEwMDAyMDUxWhcNMjYwNTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YjA2MmRlYTQ5MDcxOGUwZTg1ZDIzMzQwNjI0OGI5M2Fl
ODhmOWE3MzA5NzA2YmFhZjgzOTE4MjdhYTg1YWRlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLpuwcmJjdykT0Nul3VJaaVSiRYu8hZMs6LLBYwYY4cKyB
70eqRsSe/QSrvUfTT5Y374/qnRE83NXraVat2kAYxWq8Ry1fxyBcpWdXMpvVkmkE
A7FRZOvUOsPu/kI03dg4KCcOf82ZGdegjax3A6ATkaDXXVXoG6ZcrYw7oWe1rcPV
8mUxSpUmrBHkuKUJJfG8qeu24rBc1j+Jwsmk0B7Nagli9jHBIIc3jicrI8RgDZ4E
yGIHIaz+IjcHd/5P+c0i2lw0/5gp8HGQxqEu2rFNHa569UoLFNeiof/FgyTiJC1S
fNwQbK61lsBQi+Vx8HZ/bLPT4HZuGQEleHm/2UMJAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUWt7kRdyujqbYoO+e2RkNBWum/cwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NlOWNiYWMyLTQ3NDktNDM4NS1iOTUyLTViNGQ5Yjk0ODRkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/6QDANBgkqhkiG9w0BAQsFAAOCAQEAfQXTIBftv5dE1+knrlXzpWrb
Ijm0ICNSQeLs9kUgj8fk353xqAd1FtKe5EdzeAJ8pTzdKAf2JrYxRCaDiePEet0W
FCRhk+c5b4yAxL4Yqb/ezI/vWd1AgPPE0KeWPXTttxuTCmSFdctKIkZFFCOzgDfy
SMyEwZosO+24z5t3wx6Vj5kb9KXsdbhUrWU0hWTTzEZwdW2/oSZdCw7q9Ha/4h+h
G6I9IBY6aFop5XpCtFzUi+ENckQfa2I8NM4jC19LgpKfIk/2E8a/60aF8eC88r0U
REAq8XqzWfrapOR8M48nuPdG7nNoPbfsqCHMXcF2otiqdQXF2heeV7RXr+8KfA==
-----END CERTIFICATE-----