Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/6386e242-8015-42a5-a7b5-65e2daa4449f.roa
File:                     6386e242-8015-42a5-a7b5-65e2daa4449f.roa (raw, json)
Hash identifier:          ykY7Mnx6Az5q0G4gnoehja1oY3AVAveQWBW80cVEjes=
Subject key identifier:   20:8C:99:DF:6E:05:E0:1B:1B:16:70:BA:08:1B:AD:7C:60:1E:34:98
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       63946EEA83B2EBAA2B9D767A47A8E534ADEEA6F1
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/6386e242-8015-42a5-a7b5-65e2daa4449f.roa
Signing time:             Fri 13 Feb 2026 06:30:50 +0000
ROA not before:           Fri 13 Feb 2026 06:30:50 +0000
ROA not after:            Thu 14 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:9000:386c::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/99f8fed2-292b-4722-b928-fee7bf0a5910.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/f60c9f32-a87c-4339-a2f3-6299a3b02e29.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:94:6e:ea:83:b2:eb:aa:2b:9d:76:7a:47:a8:e5:34:ad:ee:a6:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Feb 13 06:30:50 2026 GMT
            Not After : May 14 23:59:59 2026 GMT
        Subject: serialNumber=2dde58668d878be661605391df525925b8c8a4bb41229ea3716280e8aa928df4, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:e6:12:53:66:0d:4a:46:68:03:43:1b:71:14:
                    5f:93:9f:52:f2:8b:7d:53:1c:3a:57:b1:72:12:64:
                    ba:ce:b0:bc:ae:de:50:d8:02:44:57:b8:8b:25:f6:
                    e9:31:55:32:a1:6f:21:f4:ff:e2:be:9a:cb:c4:03:
                    36:bb:71:fe:ef:68:5f:b9:6a:fa:51:15:20:72:15:
                    1d:f6:99:42:37:7d:9b:9c:a1:7c:1d:73:a6:f0:cf:
                    ce:8b:ae:f6:1b:ec:a0:9e:23:61:80:08:23:80:88:
                    b6:67:08:2b:7f:74:9b:a2:70:0a:40:90:5e:c6:ba:
                    80:ed:b3:e9:3e:95:91:d7:6a:24:fc:d5:5a:bb:b1:
                    99:0d:14:f4:f9:75:c1:ce:56:f4:89:1e:39:a4:4d:
                    b7:4c:e5:f4:8c:4d:db:11:09:59:c6:28:82:5a:48:
                    bd:25:2f:7c:21:a7:ae:fd:52:3c:65:2b:03:e1:c5:
                    a4:d4:6a:0e:08:33:bc:82:cc:31:7a:d9:5a:bc:f5:
                    98:a1:34:8d:31:9d:35:64:b3:ac:bc:9d:6e:11:44:
                    c2:70:4e:e2:db:42:62:d8:c3:0f:d9:fd:a8:b7:f5:
                    ec:cb:51:4f:5f:07:c6:47:85:28:11:8c:3f:dc:c0:
                    27:87:12:98:ab:be:17:cb:ba:f4:2e:5b:c2:1e:5d:
                    34:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:8C:99:DF:6E:05:E0:1B:1B:16:70:BA:08:1B:AD:7C:60:1E:34:98
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/6386e242-8015-42a5-a7b5-65e2daa4449f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:9000:386c::/47

    Signature Algorithm: sha256WithRSAEncryption
         a4:80:af:af:a2:81:bd:8f:f6:00:a6:20:c1:29:88:8b:53:7d:
         f1:f5:cb:f7:87:34:de:58:25:2e:a1:a2:21:c5:49:5b:71:ae:
         c8:f5:f8:d4:1a:1f:3e:cb:90:7d:63:d1:d8:ef:48:43:21:b3:
         01:6e:b9:38:be:df:12:83:22:50:d8:99:09:a9:f0:15:c4:ae:
         69:76:ce:6f:25:d3:33:f2:66:ae:f2:ae:80:93:62:06:37:02:
         aa:5b:0c:95:70:a8:6a:05:6f:f0:a9:e7:f5:08:03:c5:9f:18:
         6a:61:3d:90:da:e2:20:d6:85:e6:dc:b4:21:04:a2:7c:f3:a1:
         50:a0:75:22:1c:eb:92:dc:d6:af:5b:e1:1c:11:ef:df:1e:0e:
         f3:bc:e9:e8:07:ce:c1:e7:cd:d5:76:54:0a:67:6f:73:7a:b4:
         b3:1e:0f:0b:25:3b:8f:fc:b6:b8:83:a0:23:63:6b:8d:06:83:
         08:a1:1a:01:a0:db:47:d5:29:3f:06:12:99:16:a4:f5:18:e5:
         64:eb:bd:20:f8:93:45:f7:44:f7:d8:95:b6:99:99:0f:22:01:
         78:b0:61:9a:bd:7a:e8:62:8c:21:62:ef:a4:d1:8e:b7:0a:60:
         2d:7e:65:54:57:ef:ba:e3:40:33:c7:03:80:5c:69:59:40:bd:
         64:45:ed:4c
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUY5Ru6oOy66ornXZ6R6jlNK3upvEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjYwMjEzMDYzMDUwWhcNMjYwNTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZGRlNTg2NjhkODc4YmU2NjE2MDUzOTFkZjUyNTkyNWI4
YzhhNGJiNDEyMjllYTM3MTYyODBlOGFhOTI4ZGY0MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDv5hJTZg1KRmgDQxtxFF+Tn1Lyi31THDpXsXISZLrOsLyu
3lDYAkRXuIsl9ukxVTKhbyH0/+K+msvEAza7cf7vaF+5avpRFSByFR32mUI3fZuc
oXwdc6bwz86LrvYb7KCeI2GACCOAiLZnCCt/dJuicApAkF7GuoDts+k+lZHXaiT8
1Vq7sZkNFPT5dcHOVvSJHjmkTbdM5fSMTdsRCVnGKIJaSL0lL3whp679UjxlKwPh
xaTUag4IM7yCzDF62Vq89ZihNI0xnTVks6y8nW4RRMJwTuLbQmLYww/Z/ai39ezL
UU9fB8ZHhSgRjD/cwCeHEpirvhfLuvQuW8IeXTTDAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUIIyZ324F4BsbFnC6CButfGAeNJgwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzYzODZlMjQyLTgwMTUtNDJhNS1hN2I1LTY1ZTJkYWE0NDQ5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAJAAOGwwDQYJKoZIhvcNAQELBQADggEBAKSAr6+igb2P9gCmIMEpiItT
ffH1y/eHNN5YJS6hoiHFSVtxrsj1+NQaHz7LkH1j0djvSEMhswFuuTi+3xKDIlDY
mQmp8BXErml2zm8l0zPyZq7yroCTYgY3AqpbDJVwqGoFb/Cp5/UIA8WfGGphPZDa
4iDWhebctCEEonzzoVCgdSIc65Lc1q9b4RwR798eDvO86egHzsHnzdV2VApnb3N6
tLMeDwslO4/8triDoCNja40GgwihGgGg20fVKT8GEpkWpPUY5WTrvSD4k0X3RPfY
lbaZmQ8iAXiwYZq9euhijCFi76TRjrcKYC1+ZVRX77rjQDPHA4BcaVlAvWRF7Uw=
-----END CERTIFICATE-----