Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da94c098-b098-48ba-b22f-f15736f15d14.roa
File:                     da94c098-b098-48ba-b22f-f15736f15d14.roa (raw, json)
Hash identifier:          D9AW4HYns2K6Hca9lb+nvUrRzLo9TE/cVsaQQUsizck=
Subject key identifier:   28:4F:A7:C4:42:08:54:0F:E1:9B:B4:3D:09:0A:18:11:3B:90:F4:78
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3CF810A0ABE60166D5C9F368D99072C448AF44A3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da94c098-b098-48ba-b22f-f15736f15d14.roa
Signing time:             Tue 24 Feb 2026 02:00:59 +0000
ROA not before:           Tue 24 Feb 2026 02:00:59 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        1.178.100.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:f8:10:a0:ab:e6:01:66:d5:c9:f3:68:d9:90:72:c4:48:af:44:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 24 02:00:59 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=495fc77842ff4e10677ad150ecf56b1e193109154ae8caad812e681516cc68f6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:37:e7:f7:79:91:0f:21:7f:c2:00:d9:b0:d9:
                    90:f4:b3:04:23:13:78:ba:1a:8d:40:62:34:59:4c:
                    d2:59:0c:04:dc:c1:88:07:43:78:f0:4c:59:02:be:
                    07:e1:a6:53:81:52:6b:a8:2c:62:d3:0c:92:08:f4:
                    05:e8:48:97:d2:31:72:c8:ca:18:5a:71:ff:8a:31:
                    b4:27:04:55:60:ae:92:b6:85:d1:2a:a0:38:89:cb:
                    d2:de:91:16:1a:52:33:18:b8:50:56:a2:48:1f:60:
                    d8:57:62:a8:cc:02:2c:97:7c:7f:ec:7f:fc:a5:e9:
                    65:3c:c8:14:a9:54:3c:2d:ec:32:44:86:db:5a:d6:
                    c4:e0:6b:83:51:93:37:30:49:7e:f0:b2:0d:06:53:
                    1f:21:b7:91:e3:2b:f1:46:75:e9:84:72:6e:be:6b:
                    ee:d8:c2:74:0b:75:ed:c4:52:00:2c:79:22:94:57:
                    a1:59:24:78:a2:55:7b:11:41:cf:b1:6c:32:db:6a:
                    66:4d:c2:3a:54:d9:ee:7f:30:86:e1:4f:96:2e:0e:
                    d5:61:0e:a4:87:a9:72:4c:92:7a:9f:d4:ea:f9:af:
                    67:73:12:04:67:bd:47:c2:54:2b:8a:3f:7c:81:d7:
                    8d:29:e5:ad:39:c5:28:a0:a4:f4:65:ae:f3:5f:05:
                    d5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:4F:A7:C4:42:08:54:0F:E1:9B:B4:3D:09:0A:18:11:3B:90:F4:78
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da94c098-b098-48ba-b22f-f15736f15d14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  1.178.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:bb:bb:e6:b2:7f:f1:e6:35:61:59:d5:d8:19:31:46:80:c7:
         71:94:03:63:75:8e:50:62:f2:76:35:1d:62:2b:85:44:64:e3:
         9b:15:6f:8d:4c:63:e5:6b:01:93:67:47:c6:1f:5e:52:2e:27:
         7e:ed:8d:14:5e:1f:0b:fc:ce:d5:63:c8:64:fa:b0:73:35:0f:
         ef:2e:d5:ee:8f:06:0a:a0:09:fe:02:08:27:19:64:fc:31:a0:
         95:05:20:7c:34:73:16:e8:91:81:da:0d:14:bd:c4:d6:b4:3b:
         c6:48:8a:00:0f:8f:ac:6d:9b:b3:2e:96:68:1c:44:bd:e8:a2:
         e0:ab:6b:bd:da:b6:4c:96:b2:e4:f4:96:de:3f:a1:b3:2a:03:
         ca:3c:12:b1:89:eb:71:ce:f2:d6:92:f8:3c:ea:07:69:72:bf:
         92:63:f2:c4:be:dc:4d:8b:cf:db:64:60:60:85:d0:22:f8:20:
         0e:a7:58:56:d6:d2:57:6f:36:b2:8c:17:95:52:94:db:69:71:
         53:e4:69:47:9b:9d:03:60:1b:f8:51:61:e2:10:7a:a0:b7:63:
         f3:aa:a3:21:33:e5:b4:da:e9:5e:89:8e:5d:47:c4:93:d8:6c:
         17:07:f2:9a:97:f1:ef:ca:53:e0:b9:7a:39:7a:8a:7e:16:c0:
         46:4d:a8:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPPgQoKvmAWbVyfNo2ZByxEivRKMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI0MDIwMDU5WhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OTVmYzc3ODQyZmY0ZTEwNjc3YWQxNTBlY2Y1NmIxZTE5
MzEwOTE1NGFlOGNhYWQ4MTJlNjgxNTE2Y2M2OGY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAN+f3eZEPIX/CANmw2ZD0swQjE3i6Go1AYjRZTNJZDATc
wYgHQ3jwTFkCvgfhplOBUmuoLGLTDJII9AXoSJfSMXLIyhhacf+KMbQnBFVgrpK2
hdEqoDiJy9LekRYaUjMYuFBWokgfYNhXYqjMAiyXfH/sf/yl6WU8yBSpVDwt7DJE
htta1sTga4NRkzcwSX7wsg0GUx8ht5HjK/FGdemEcm6+a+7YwnQLde3EUgAseSKU
V6FZJHiiVXsRQc+xbDLbamZNwjpU2e5/MIbhT5YuDtVhDqSHqXJMknqf1Or5r2dz
EgRnvUfCVCuKP3yB140p5a05xSigpPRlrvNfBdX9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKE+nxEIIVA/hm7Q9CQoYETuQ9HgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhOTRjMDk4LWIwOTgtNDhiYS1iMjJmLWYxNTczNmYxNWQxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIBsmQwDQYJKoZIhvcNAQELBQADggEBAEe7u+ayf/HmNWFZ1dgZMUaAx3GU
A2N1jlBi8nY1HWIrhURk45sVb41MY+VrAZNnR8YfXlIuJ37tjRReHwv8ztVjyGT6
sHM1D+8u1e6PBgqgCf4CCCcZZPwxoJUFIHw0cxbokYHaDRS9xNa0O8ZIigAPj6xt
m7MulmgcRL3oouCra73atkyWsuT0lt4/obMqA8o8ErGJ63HO8taS+DzqB2lyv5Jj
8sS+3E2Lz9tkYGCF0CL4IA6nWFbW0ldvNrKMF5VSlNtpcVPkaUebnQNgG/hRYeIQ
eqC3Y/OqoyEz5bTa6V6Jjl1HxJPYbBcH8pqX8e/KU+C5ejl6in4WwEZNqN8=
-----END CERTIFICATE-----