Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef8efc10-0ade-4a78-a29d-d3809dd2cadf.roa
File:                     ef8efc10-0ade-4a78-a29d-d3809dd2cadf.roa (raw, json)
Hash identifier:          7RvpIjDiJJa1vt5c0YeREZNOIuXScWVrSt2AjhAKgNk=
Subject key identifier:   60:2A:45:91:FA:18:2F:6D:98:A8:AF:0D:9A:A4:68:B6:73:CD:9D:7A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3F4EB33F7348C7A6EE5AC262F7C45344BAAE5651
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef8efc10-0ade-4a78-a29d-d3809dd2cadf.roa
Signing time:             Tue 24 Feb 2026 01:50:08 +0000
ROA not before:           Tue 24 Feb 2026 01:50:08 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        174.129.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:4e:b3:3f:73:48:c7:a6:ee:5a:c2:62:f7:c4:53:44:ba:ae:56:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 24 01:50:08 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=0cd80521ac11a7e178881372047213a6dad38a2551048a812b37f6dcbcb1022b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:54:07:6a:4a:47:68:95:b3:b5:2b:02:b0:51:
                    11:d4:14:11:6e:cf:3d:a6:52:92:ca:d1:3b:c5:e2:
                    f5:d5:67:cc:fb:b0:6b:c8:8d:53:c9:32:79:41:7c:
                    ca:9b:c1:ba:30:bc:8b:c4:56:0c:1a:43:1d:66:86:
                    9f:5f:da:6c:a0:22:8e:4c:ac:e7:9b:17:43:a7:7d:
                    d0:c6:4b:83:e9:ba:9f:12:f5:a1:45:6f:8e:61:92:
                    3c:eb:fb:59:d0:f5:80:66:4e:75:d1:56:81:f8:d7:
                    d3:11:55:7f:c4:ff:cc:64:b0:7e:f0:ed:af:09:98:
                    be:62:2c:ea:db:fc:62:f0:ec:62:6f:43:95:85:7c:
                    b9:87:7d:32:a0:f3:15:77:fb:bb:67:0b:05:9d:ed:
                    29:32:0b:66:42:8f:d9:f2:5b:6f:f8:56:42:04:fe:
                    87:ab:8a:6b:54:2d:e5:ae:a9:e9:18:37:2a:c0:17:
                    bc:1b:0d:d2:cf:2d:36:86:98:cb:13:7f:f4:eb:db:
                    88:11:51:f3:5e:c7:f2:4b:4d:04:3b:9e:c2:81:cf:
                    32:df:b3:23:a9:91:57:ec:9e:94:3c:1c:e5:1a:64:
                    2d:24:70:88:2a:93:61:e6:08:89:a8:b1:15:86:39:
                    69:97:dc:ed:74:8f:69:b0:3b:cc:b5:23:1e:ec:24:
                    80:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:2A:45:91:FA:18:2F:6D:98:A8:AF:0D:9A:A4:68:B6:73:CD:9D:7A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef8efc10-0ade-4a78-a29d-d3809dd2cadf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  174.129.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         89:a2:a4:f4:ae:47:0f:aa:f8:dd:2e:38:92:8d:7b:a7:6b:ba:
         99:6d:20:c3:09:c4:0f:ae:4c:a8:82:ee:4d:94:46:60:33:b7:
         4f:ed:0c:2e:2f:7d:b7:de:0a:61:a8:d6:59:8f:4e:72:a5:9c:
         3a:28:87:5b:fe:b7:30:9b:a6:bd:d3:ce:1d:28:ac:36:5b:67:
         93:f5:e2:87:87:8c:f1:37:d0:8b:f8:b2:dc:c8:a2:69:ac:01:
         8c:d4:17:c1:6c:cd:4a:9d:0a:fe:91:c8:b4:23:62:7c:d8:0e:
         d5:8d:e1:52:6e:d4:1f:05:66:f7:04:73:5b:b8:80:09:c1:18:
         2b:fc:3f:1f:7c:cd:6b:43:c3:18:4c:1d:7d:52:f0:4f:cc:d3:
         09:bc:8d:e0:8c:a5:6c:5f:d4:bc:4a:9e:b7:2a:1b:23:dd:0f:
         a8:2e:5e:af:0e:cd:d0:71:9d:eb:cb:bd:61:31:98:18:74:3a:
         4c:d1:69:fd:13:48:06:c7:21:58:2c:97:ab:d5:2a:2e:e1:45:
         9e:6a:03:91:5e:9d:b0:02:d1:21:c8:ec:96:1b:99:77:18:4d:
         47:ea:38:32:f4:90:34:61:ef:a0:df:31:c3:52:bb:90:68:47:
         39:7d:62:2c:ac:c6:67:45:d5:aa:d0:5f:69:e1:67:b8:d0:d1:
         d3:9f:fa:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP06zP3NIx6buWsJi98RTRLquVlEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjI0MDE1MDA4WhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwY2Q4MDUyMWFjMTFhN2UxNzg4ODEzNzIwNDcyMTNhNmRh
ZDM4YTI1NTEwNDhhODEyYjM3ZjZkY2JjYjEwMjJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuVAdqSkdolbO1KwKwURHUFBFuzz2mUpLK0TvF4vXVZ8z7
sGvIjVPJMnlBfMqbwbowvIvEVgwaQx1mhp9f2mygIo5MrOebF0OnfdDGS4Ppup8S
9aFFb45hkjzr+1nQ9YBmTnXRVoH419MRVX/E/8xksH7w7a8JmL5iLOrb/GLw7GJv
Q5WFfLmHfTKg8xV3+7tnCwWd7SkyC2ZCj9nyW2/4VkIE/oerimtULeWuqekYNyrA
F7wbDdLPLTaGmMsTf/Tr24gRUfNex/JLTQQ7nsKBzzLfsyOpkVfsnpQ8HOUaZC0k
cIgqk2HmCImosRWGOWmX3O10j2mwO8y1Ix7sJIDfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYCpFkfoYL22YqK8NmqRotnPNnXowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmOGVmYzEwLTBhZGUtNGE3OC1hMjlkLWQzODA5ZGQyY2FkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASugTAwDQYJKoZIhvcNAQELBQADggEBAImipPSuRw+q+N0uOJKNe6druplt
IMMJxA+uTKiC7k2URmAzt0/tDC4vfbfeCmGo1lmPTnKlnDooh1v+tzCbpr3Tzh0o
rDZbZ5P14oeHjPE30Iv4stzIommsAYzUF8FszUqdCv6RyLQjYnzYDtWN4VJu1B8F
ZvcEc1u4gAnBGCv8Px98zWtDwxhMHX1S8E/M0wm8jeCMpWxf1LxKnrcqGyPdD6gu
Xq8OzdBxnevLvWExmBh0OkzRaf0TSAbHIVgsl6vVKi7hRZ5qA5FenbAC0SHI7JYb
mXcYTUfqODL0kDRh76DfMcNSu5BoRzl9YiysxmdF1arQX2nhZ7jQ0dOf+t8=
-----END CERTIFICATE-----