Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/02a08a41-ef8e-46bd-b886-81016dc70aeb.roa
File:                     02a08a41-ef8e-46bd-b886-81016dc70aeb.roa (raw, json)
Hash identifier:          AKWpaHXGQC5UP+bkKqeDjp7xTfxVcu9jpec6MhNk1DQ=
Subject key identifier:   C9:1B:C6:EE:9F:3A:0A:45:89:A2:6D:FA:71:0D:84:18:AB:DF:9D:BE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       636B6ECBEC384B4545695C0C0A7BBE596C339092
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/02a08a41-ef8e-46bd-b886-81016dc70aeb.roa
Signing time:             Thu 26 Feb 2026 01:00:08 +0000
ROA not before:           Thu 26 Feb 2026 01:00:08 +0000
ROA not after:            Wed 27 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        18.247.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:6b:6e:cb:ec:38:4b:45:45:69:5c:0c:0a:7b:be:59:6c:33:90:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 26 01:00:08 2026 GMT
            Not After : May 27 23:59:59 2026 GMT
        Subject: serialNumber=49410b72687b04a3a25ff98ff13d5fbde14987a36ec1cf522e12ef9fb50ee1d8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8a:e3:11:91:a2:9b:ca:62:8f:a2:83:cd:5a:
                    d2:84:7b:ef:e7:d6:4d:a0:4d:32:65:36:bf:d2:74:
                    86:0c:a0:34:b1:98:bd:10:28:93:26:1d:61:ae:a7:
                    2d:ac:ff:b0:32:29:7e:f1:48:44:2f:e7:fd:7a:f8:
                    40:3a:a5:0a:d6:dd:71:0b:ae:68:d6:b1:22:c3:4b:
                    73:50:62:d7:b8:f4:6e:ee:f6:e1:45:3c:67:61:5e:
                    f0:a4:21:99:5a:b7:45:99:e6:c3:14:5d:67:69:8a:
                    5e:76:90:b0:96:41:ad:09:2c:86:e4:9a:37:58:05:
                    8f:2c:f3:81:78:8a:7d:b5:3b:52:30:16:29:f7:8e:
                    3e:c7:fb:b6:61:f1:dd:c1:0d:f8:19:2a:33:50:76:
                    94:a2:ec:89:4f:88:92:24:e8:01:35:a2:9d:29:af:
                    64:a5:a8:8a:5e:87:92:b8:50:3d:ee:7e:de:d4:77:
                    67:2c:a4:f5:9e:3f:fd:87:59:8a:71:1c:9a:42:f5:
                    f4:2f:0d:60:8e:74:36:f3:26:fe:36:78:35:3e:00:
                    d2:35:1d:b1:4f:25:56:f3:3e:de:c1:64:f3:05:47:
                    5e:38:62:b7:c1:f7:2e:b6:d4:8a:db:01:36:71:f7:
                    88:f5:77:32:45:fb:23:9d:15:24:17:07:e5:61:47:
                    57:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:1B:C6:EE:9F:3A:0A:45:89:A2:6D:FA:71:0D:84:18:AB:DF:9D:BE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/02a08a41-ef8e-46bd-b886-81016dc70aeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.247.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7d:57:1b:17:74:17:58:77:90:ec:d0:a4:1c:69:38:b3:0d:4c:
         7a:9a:d6:d5:f5:d2:d7:35:0f:64:96:5a:e2:fc:65:bd:15:01:
         82:38:5b:5e:d7:8a:b9:c1:b1:aa:65:06:3a:47:29:72:9f:f2:
         7d:b5:22:04:36:e7:fc:21:89:7f:ee:ed:81:e8:76:f7:0d:fc:
         0f:30:38:32:94:61:6c:54:a3:20:2e:d5:34:99:cb:bd:84:e1:
         de:a6:48:5b:18:eb:c2:e8:18:e7:2f:94:4c:89:41:f1:75:2c:
         42:bc:ed:44:ef:5b:17:3e:60:01:6b:ea:af:cb:46:bb:0b:be:
         35:a2:6b:77:0e:5b:f3:de:3d:44:63:74:91:4a:41:b0:a8:0d:
         ed:2b:d0:ad:e0:2f:4f:93:d5:5a:d4:c2:bf:e5:53:a5:99:95:
         c2:90:81:09:47:31:13:92:8f:58:92:97:5b:d2:40:d6:67:2b:
         4f:b4:0b:16:ea:9c:83:8d:82:95:09:6d:2f:c4:27:4c:4d:99:
         41:19:11:70:18:ae:d4:35:87:9e:74:fb:0c:c9:1a:9b:61:f5:
         00:ab:c4:79:15:08:1d:e4:9b:e7:c4:d0:e8:60:af:e5:b5:8d:
         fe:ea:c6:84:af:1c:1b:fc:88:95:cf:bd:bf:b1:eb:8f:fd:b5:
         78:25:87:c5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY2tuy+w4S0VFaVwMCnu+WWwzkJIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI2MDEwMDA4WhcNMjYwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OTQxMGI3MjY4N2IwNGEzYTI1ZmY5OGZmMTNkNWZiZGUx
NDk4N2EzNmVjMWNmNTIyZTEyZWY5ZmI1MGVlMWQ4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3iuMRkaKbymKPooPNWtKEe+/n1k2gTTJlNr/SdIYMoDSx
mL0QKJMmHWGupy2s/7AyKX7xSEQv5/16+EA6pQrW3XELrmjWsSLDS3NQYte49G7u
9uFFPGdhXvCkIZlat0WZ5sMUXWdpil52kLCWQa0JLIbkmjdYBY8s84F4in21O1Iw
Fin3jj7H+7Zh8d3BDfgZKjNQdpSi7IlPiJIk6AE1op0pr2SlqIpeh5K4UD3uft7U
d2cspPWeP/2HWYpxHJpC9fQvDWCOdDbzJv42eDU+ANI1HbFPJVbzPt7BZPMFR144
YrfB9y621IrbATZx94j1dzJF+yOdFSQXB+VhR1fXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUyRvG7p86CkWJom36cQ2EGKvfnb4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzAyYTA4YTQxLWVmOGUtNDZiZC1iODg2LTgxMDE2ZGM3MGFlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAS9zANBgkqhkiG9w0BAQsFAAOCAQEAfVcbF3QXWHeQ7NCkHGk4sw1MeprW
1fXS1zUPZJZa4vxlvRUBgjhbXteKucGxqmUGOkcpcp/yfbUiBDbn/CGJf+7tgeh2
9w38DzA4MpRhbFSjIC7VNJnLvYTh3qZIWxjrwugY5y+UTIlB8XUsQrztRO9bFz5g
AWvqr8tGuwu+NaJrdw5b8949RGN0kUpBsKgN7SvQreAvT5PVWtTCv+VTpZmVwpCB
CUcxE5KPWJKXW9JA1mcrT7QLFuqcg42ClQltL8QnTE2ZQRkRcBiu1DWHnnT7DMka
m2H1AKvEeRUIHeSb58TQ6GCv5bWN/urGhK8cG/yIlc+9v7Hrj/21eCWHxQ==
-----END CERTIFICATE-----