Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/1307ad8e-df0e-4abe-8f37-494ddc3554ec.roa
File:                     1307ad8e-df0e-4abe-8f37-494ddc3554ec.roa (raw, json)
Hash identifier:          KxuouZW842kcR1+5kQz2W7/6lCp/OHP+A5lVfF7hNWg=
Subject key identifier:   2E:5D:AB:24:76:C0:E3:81:F2:7B:81:59:56:14:81:A8:15:76:1E:4A
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       28A61E57B9201D32B4CD87CE9489B30C2A5785E6
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/1307ad8e-df0e-4abe-8f37-494ddc3554ec.roa
Signing time:             Sun 15 Feb 2026 00:00:35 +0000
ROA not before:           Sun 15 Feb 2026 00:00:35 +0000
ROA not after:            Sat 16 May 2026 23:59:59 +0000
asID:                     8987
IP address blocks:        2620:108:d000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/77b56428-9b52-416f-b279-bbae14422de2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:a6:1e:57:b9:20:1d:32:b4:cd:87:ce:94:89:b3:0c:2a:57:85:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: Feb 15 00:00:35 2026 GMT
            Not After : May 16 23:59:59 2026 GMT
        Subject: serialNumber=4dd4c0175f1959b730a54774edfd51350417cfe2b4ee0e3818f89d17cb9766bd, CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:87:bf:03:73:c8:62:b8:29:d4:13:a4:d5:de:
                    45:83:51:e0:01:68:cc:e5:77:72:4f:26:b5:7d:cb:
                    42:a7:4a:b8:b6:df:70:2a:de:ef:95:fe:2c:79:2e:
                    d9:c9:fc:3a:98:26:64:68:21:8c:11:9a:2e:01:d7:
                    bf:51:31:16:d3:02:43:4f:a8:7e:68:82:58:e1:db:
                    25:30:26:31:4c:d0:df:70:68:d4:bb:5b:44:75:63:
                    9c:90:04:44:d1:75:43:a3:5c:68:25:7b:22:69:76:
                    d1:2e:e0:98:c2:7a:c7:10:5b:80:0b:50:2d:75:ba:
                    78:b7:ae:da:ad:fc:b8:ff:91:ed:4c:81:fc:4b:6c:
                    c7:64:9c:a8:58:8a:55:6b:54:52:73:99:a4:60:b0:
                    e4:f0:66:29:af:b9:bc:15:f2:e9:30:1b:ad:4c:d1:
                    a5:13:67:92:25:47:57:f0:24:a6:10:72:f9:ea:39:
                    ed:07:ab:c5:30:e3:65:ce:ce:fb:98:f3:f0:56:ff:
                    50:bf:82:a2:0f:64:70:c9:a5:5f:92:cd:74:2a:22:
                    66:75:c3:07:1e:9d:ea:0b:f9:02:cd:91:76:62:6f:
                    b9:38:d2:81:34:a6:53:d3:6b:e5:9d:13:08:89:5b:
                    51:53:41:ba:0c:a0:ad:74:73:df:8c:59:58:35:23:
                    4a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:5D:AB:24:76:C0:E3:81:F2:7B:81:59:56:14:81:A8:15:76:1E:4A
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/1307ad8e-df0e-4abe-8f37-494ddc3554ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2620:108:d000::/44

    Signature Algorithm: sha256WithRSAEncryption
         6f:75:79:66:7c:3e:1e:7c:56:cb:f5:57:6a:ed:02:f7:1e:e1:
         55:23:5d:d7:05:2c:6e:31:5c:46:40:a5:0c:90:c8:4a:9d:a1:
         f2:5b:10:51:a7:3b:70:66:3e:4a:ed:72:5b:7e:98:5e:a5:68:
         c8:27:96:5c:d0:be:59:b0:64:ec:8b:88:aa:07:b6:28:97:a5:
         b8:32:26:b8:3b:00:d3:45:ad:64:51:05:bd:a7:a0:82:97:e5:
         92:28:76:ad:03:6d:53:9d:05:eb:3c:50:14:c8:18:47:df:e3:
         37:8d:af:43:17:31:31:58:ee:22:b4:43:5c:d8:d8:ea:a3:50:
         22:93:39:26:86:00:df:ce:ad:53:61:7d:14:a3:33:15:d1:df:
         b2:67:85:60:8d:7e:2c:b7:c1:03:b0:e0:ec:b3:04:88:ff:cc:
         7c:9d:17:5b:21:62:40:97:ad:1a:3b:71:7d:35:2e:3e:f7:a6:
         2b:78:31:30:8b:9b:43:44:be:4c:3c:a4:37:b4:47:4b:30:14:
         63:4b:12:d1:08:56:97:7f:79:a0:75:65:40:c3:75:05:50:f2:
         54:e6:3e:6a:18:ae:5d:ec:88:b6:5a:01:35:b2:4b:a2:02:44:
         d6:6e:73:6d:68:22:56:2a:d7:6d:86:9d:8e:eb:74:c6:9f:9f:
         04:83:6a:2b
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKKYeV7kgHTK0zYfOlImzDCpXheYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjYwMjE1MDAwMDM1WhcNMjYwNTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZGQ0YzAxNzVmMTk1OWI3MzBhNTQ3NzRlZGZkNTEzNTA0
MTdjZmUyYjRlZTBlMzgxOGY4OWQxN2NiOTc2NmJkMS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxh78Dc8hiuCnUE6TV3kWDUeABaMzld3JPJrV9y0KnSri2
33Aq3u+V/ix5LtnJ/DqYJmRoIYwRmi4B179RMRbTAkNPqH5ogljh2yUwJjFM0N9w
aNS7W0R1Y5yQBETRdUOjXGgleyJpdtEu4JjCescQW4ALUC11uni3rtqt/Lj/ke1M
gfxLbMdknKhYilVrVFJzmaRgsOTwZimvubwV8ukwG61M0aUTZ5IlR1fwJKYQcvnq
Oe0Hq8Uw42XOzvuY8/BW/1C/gqIPZHDJpV+SzXQqImZ1wwceneoL+QLNkXZib7k4
0oE0plPTa+WdEwiJW1FTQboMoK10c9+MWVg1I0pnAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQULl2rJHbA44Hye4FZVhSBqBV2HkowHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1LzEzMDdhZDhlLWRmMGUtNGFiZS04ZjM3LTQ5NGRkYzM1NTRlYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwQmIAEI0AAwDQYJKoZIhvcNAQELBQADggEBAG91eWZ8Ph58Vsv1V2rtAvce
4VUjXdcFLG4xXEZApQyQyEqdofJbEFGnO3BmPkrtclt+mF6laMgnllzQvlmwZOyL
iKoHtiiXpbgyJrg7ANNFrWRRBb2noIKX5ZIodq0DbVOdBes8UBTIGEff4zeNr0MX
MTFY7iK0Q1zY2OqjUCKTOSaGAN/OrVNhfRSjMxXR37JnhWCNfiy3wQOw4OyzBIj/
zHydF1shYkCXrRo7cX01Lj73pit4MTCLm0NEvkw8pDe0R0swFGNLEtEIVpd/eaB1
ZUDDdQVQ8lTmPmoYrl3siLZaATWyS6ICRNZuc21oIlYq122GnY7rdMafnwSDais=
-----END CERTIFICATE-----