Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6185de8-a4ea-4ece-82e3-974af53b3f82.roa
File:                     d6185de8-a4ea-4ece-82e3-974af53b3f82.roa (raw, json)
Hash identifier:          nWgf0ou2lIvnNVBn+zBn0FWNaWffFPwAHBTTkswFn9w=
Subject key identifier:   36:95:FC:99:06:3C:E0:00:C4:5A:53:3F:5E:20:D2:A8:82:CC:57:45
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       792944D3476E5A2318995E523987886E323B237C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6185de8-a4ea-4ece-82e3-974af53b3f82.roa
Signing time:             Tue 19 May 2026 00:30:53 +0000
ROA not before:           Tue 19 May 2026 00:30:53 +0000
ROA not after:            Mon 17 Aug 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1fef:e000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 14 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:29:44:d3:47:6e:5a:23:18:99:5e:52:39:87:88:6e:32:3b:23:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 19 00:30:53 2026 GMT
            Not After : Aug 17 23:59:59 2026 GMT
        Subject: serialNumber=245cb2cb8a1add2fab13d86944957914468723a984e496fbff713f5cb3a23c0a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a5:9a:96:a0:df:da:50:c8:f4:60:bb:82:3e:
                    9d:ca:a1:f0:33:e2:79:c0:d3:79:9d:c7:80:d3:49:
                    a5:54:e9:ed:2e:92:d1:33:a7:b3:b8:a6:f8:55:4d:
                    af:b3:98:71:ec:74:e2:56:b4:84:87:56:52:40:ce:
                    30:00:60:50:7b:0e:e7:11:35:80:a9:d8:c2:df:cf:
                    a0:e7:5f:0c:83:2c:ed:bc:0c:09:62:b5:da:ca:bd:
                    27:b8:83:9c:81:0b:f5:9c:ac:e3:bf:84:5b:84:c2:
                    d6:a3:b7:0f:5d:08:64:05:5f:0d:ef:98:45:e0:6d:
                    7c:85:21:d8:1a:4c:6a:ad:7d:c3:08:3e:4f:72:88:
                    7a:60:69:38:46:58:68:65:df:68:c7:22:e1:aa:8e:
                    1b:f2:b4:64:a2:b6:d3:2e:3d:53:89:84:b8:60:b4:
                    7b:ec:e2:ec:d3:80:00:1c:82:22:ae:6b:70:37:c5:
                    71:d7:b4:31:c8:ed:22:43:08:46:1b:d6:ed:98:3c:
                    c5:28:a8:97:7d:de:90:9f:80:82:66:38:c5:d2:47:
                    48:6d:f0:1e:67:b6:ac:61:77:d8:27:31:ed:eb:a4:
                    b1:ce:e0:b0:a7:aa:2f:6c:eb:bb:7c:6c:94:91:5b:
                    38:cd:be:c5:d8:95:53:c4:be:5a:ce:ba:5a:f3:ad:
                    f4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:95:FC:99:06:3C:E0:00:C4:5A:53:3F:5E:20:D2:A8:82:CC:57:45
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6185de8-a4ea-4ece-82e3-974af53b3f82.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fef:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         11:1a:47:cd:8a:a5:60:2a:21:a8:97:43:c3:aa:1b:f3:d1:20:
         ab:17:cb:c8:e7:f5:01:47:4a:ae:44:ff:8d:ab:0e:c6:21:c4:
         2b:82:f2:48:f4:b1:7f:96:bd:f1:76:00:d5:14:28:bf:8b:6c:
         f0:94:ed:cb:bc:19:a1:91:bc:56:33:0d:03:cb:dd:63:1b:2b:
         e9:d7:c7:04:2d:ef:e4:40:1f:86:09:42:84:08:db:bc:2c:6a:
         7c:df:e6:ee:e7:7f:51:7e:ca:93:d7:ed:99:cb:61:ae:9e:54:
         1d:f8:3b:38:1d:3a:8f:37:24:d3:ea:73:cd:0d:8c:72:ba:ea:
         6a:7e:87:79:80:10:7d:05:5c:3d:22:9d:f3:a6:3d:32:d1:cf:
         25:4d:8a:c1:ad:0d:17:7c:bf:29:36:b1:79:67:1a:c4:39:b5:
         dc:0d:35:fa:0c:81:3e:59:75:02:25:29:a3:49:11:7d:b4:58:
         b0:45:46:db:93:a5:cd:0d:c0:73:a2:0e:45:ea:fd:8b:96:b6:
         33:79:62:90:11:98:fb:23:9f:4c:04:2a:b8:b7:0e:20:88:ee:
         8d:e3:7c:a9:a6:de:fb:08:87:68:65:c6:0e:c2:37:99:72:28:
         69:c7:db:b9:56:15:3d:a8:67:e0:7e:1e:11:0f:49:5c:67:8b:
         c4:b0:7a:b2
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUeSlE00duWiMYmV5SOYeIbjI7I3wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwNTE5MDAzMDUzWhcNMjYwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDVjYjJjYjhhMWFkZDJmYWIxM2Q4Njk0NDk1NzkxNDQ2
ODcyM2E5ODRlNDk2ZmJmZjcxM2Y1Y2IzYTIzYzBhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxpZqWoN/aUMj0YLuCPp3KofAz4nnA03mdx4DTSaVU6e0u
ktEzp7O4pvhVTa+zmHHsdOJWtISHVlJAzjAAYFB7DucRNYCp2MLfz6DnXwyDLO28
DAlitdrKvSe4g5yBC/WcrOO/hFuEwtajtw9dCGQFXw3vmEXgbXyFIdgaTGqtfcMI
Pk9yiHpgaThGWGhl32jHIuGqjhvytGSittMuPVOJhLhgtHvs4uzTgAAcgiKua3A3
xXHXtDHI7SJDCEYb1u2YPMUoqJd93pCfgIJmOMXSR0ht8B5ntqxhd9gnMe3rpLHO
4LCnqi9s67t8bJSRWzjNvsXYlVPEvlrOulrzrfQNAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUNpX8mQY84ADEWlM/XiDSqILMV0UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2MTg1ZGU4LWE0ZWEtNGVjZS04MmUzLTk3NGFmNTNiM2Y4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/v4DANBgkqhkiG9w0BAQsFAAOCAQEAERpHzYqlYCohqJdDw6ob89Eg
qxfLyOf1AUdKrkT/jasOxiHEK4LySPSxf5a98XYA1RQov4ts8JTty7wZoZG8VjMN
A8vdYxsr6dfHBC3v5EAfhglChAjbvCxqfN/m7ud/UX7Kk9ftmcthrp5UHfg7OB06
jzck0+pzzQ2Mcrrqan6HeYAQfQVcPSKd86Y9MtHPJU2Kwa0NF3y/KTaxeWcaxDm1
3A01+gyBPll1AiUpo0kRfbRYsEVG25OlzQ3Ac6IORer9i5a2M3likBGY+yOfTAQq
uLcOIIjujeN8qabe+wiHaGXGDsI3mXIoacfbuVYVPahn4H4eEQ9JXGeLxLB6sg==
-----END CERTIFICATE-----