Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09f2a28b-bc83-44b1-b088-f2cab4682327.roa
File:                     09f2a28b-bc83-44b1-b088-f2cab4682327.roa (raw, json)
Hash identifier:          GyUpORi5enbZooaLJtnI9UXuwCqy2y8agNwsEO3edhA=
Subject key identifier:   99:0D:FE:78:94:E2:ED:DB:5D:3C:8F:95:D9:84:6B:08:F5:63:D1:F3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3ECBFF2F782E78C2DBC6E06F7E06EF7A99A5C63D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09f2a28b-bc83-44b1-b088-f2cab4682327.roa
Signing time:             Tue 17 Feb 2026 01:31:28 +0000
ROA not before:           Tue 17 Feb 2026 01:31:28 +0000
ROA not after:            Mon 18 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        3.131.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:cb:ff:2f:78:2e:78:c2:db:c6:e0:6f:7e:06:ef:7a:99:a5:c6:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 17 01:31:28 2026 GMT
            Not After : May 18 23:59:59 2026 GMT
        Subject: serialNumber=a5e839e2e65cbd1ca1f3698ca181abae40013ea134a8a7281244f08daadd24de, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:df:08:1e:de:db:a0:59:f4:a0:09:42:c7:2b:
                    ec:6e:cd:b1:c5:ec:c2:9d:03:2d:85:b8:8c:72:a7:
                    c7:29:25:de:27:4b:db:ee:dd:ad:87:db:40:e3:4d:
                    6c:c8:ad:88:8f:69:e6:dd:19:92:12:36:de:f6:ca:
                    01:47:46:79:89:39:76:dc:5c:9e:22:b9:c8:53:51:
                    23:7c:41:91:88:76:17:aa:fb:ef:6e:2b:70:ad:4f:
                    cb:0b:77:63:89:89:19:ad:76:51:e0:11:98:30:ef:
                    5e:77:ef:71:36:3f:35:bf:fc:1f:eb:33:56:5d:a7:
                    33:ba:74:84:cc:ad:ff:6f:5a:9d:a6:1f:0b:ca:e9:
                    e1:0d:d8:c0:9a:4b:8e:d9:fc:27:b7:34:db:e8:9e:
                    d3:2f:63:64:fa:78:45:1f:e8:3d:23:7b:ec:a5:70:
                    a7:5f:8d:36:2d:8a:a8:28:dd:d9:5e:5c:05:03:bb:
                    8c:b8:bd:5c:7f:cd:83:a2:d5:8a:70:94:76:92:75:
                    06:50:99:1d:fa:2e:55:a9:aa:52:60:81:de:80:2b:
                    03:15:ff:6b:64:d9:5f:e6:59:6e:b5:aa:b7:15:d3:
                    b8:41:a0:8a:6a:54:a9:be:d7:26:33:1a:23:61:4f:
                    0e:58:2b:a0:9b:02:8b:eb:48:26:aa:25:89:c7:b2:
                    17:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:0D:FE:78:94:E2:ED:DB:5D:3C:8F:95:D9:84:6B:08:F5:63:D1:F3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/09f2a28b-bc83-44b1-b088-f2cab4682327.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.131.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         22:1f:b8:bc:75:82:ae:56:a5:38:e3:49:23:fc:71:49:a4:cc:
         b6:08:3b:73:58:09:f2:4b:d8:08:5a:f4:8a:fa:a0:6b:f0:39:
         30:3b:37:d6:7d:a4:7b:0b:66:17:29:85:7a:2c:22:22:37:c7:
         7b:7c:a6:e9:88:13:7b:4b:78:7b:be:33:af:35:62:0a:1b:33:
         cc:e9:73:92:42:fd:f1:3e:d6:26:ab:08:9a:f8:b5:73:8f:f9:
         4c:10:66:83:32:91:09:7a:02:2c:60:7a:c5:b1:b4:e6:2e:df:
         6c:c0:7b:7b:92:5e:9e:4c:38:93:b0:f2:c5:69:54:69:fc:ab:
         65:b4:cd:f6:cb:3e:7b:e0:36:b6:3f:cb:49:ec:31:8e:b3:9a:
         b9:c7:af:88:70:17:1a:a8:6f:bb:a5:a8:8d:24:f1:be:8e:2b:
         4f:93:c5:b9:f6:14:5f:18:85:29:a9:e5:9a:8c:68:89:e8:70:
         c4:4f:9e:85:98:76:5c:dd:78:07:c0:a0:c9:e1:7c:91:76:48:
         22:c9:b5:9b:b7:a5:df:53:86:ef:5d:59:33:af:c5:62:17:c3:
         3e:78:94:c7:ae:4e:34:dd:86:a2:58:41:01:5a:bf:e7:ae:bb:
         fc:aa:8b:f9:66:f5:59:17:40:97:74:e7:e6:79:fe:ef:bd:53:
         b1:e5:db:a9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPsv/L3gueMLbxuBvfgbvepmlxj0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjE3MDEzMTI4WhcNMjYwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNWU4MzllMmU2NWNiZDFjYTFmMzY5OGNhMTgxYWJhZTQw
MDEzZWExMzRhOGE3MjgxMjQ0ZjA4ZGFhZGQyNGRlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz3wge3tugWfSgCULHK+xuzbHF7MKdAy2FuIxyp8cpJd4n
S9vu3a2H20DjTWzIrYiPaebdGZISNt72ygFHRnmJOXbcXJ4iuchTUSN8QZGIdheq
++9uK3CtT8sLd2OJiRmtdlHgEZgw715373E2PzW//B/rM1ZdpzO6dITMrf9vWp2m
HwvK6eEN2MCaS47Z/Ce3NNvontMvY2T6eEUf6D0je+ylcKdfjTYtiqgo3dleXAUD
u4y4vVx/zYOi1YpwlHaSdQZQmR36LlWpqlJggd6AKwMV/2tk2V/mWW61qrcV07hB
oIpqVKm+1yYzGiNhTw5YK6CbAovrSCaqJYnHshcnAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUmQ3+eJTi7dtdPI+V2YRrCPVj0fMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA5ZjJhMjhiLWJjODMtNDRiMS1iMDg4LWYyY2FiNDY4MjMyNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwADgzANBgkqhkiG9w0BAQsFAAOCAQEAIh+4vHWCrlalOONJI/xxSaTMtgg7
c1gJ8kvYCFr0ivqga/A5MDs31n2kewtmFymFeiwiIjfHe3ym6YgTe0t4e74zrzVi
ChszzOlzkkL98T7WJqsImvi1c4/5TBBmgzKRCXoCLGB6xbG05i7fbMB7e5Jenkw4
k7DyxWlUafyrZbTN9ss+e+A2tj/LSewxjrOauceviHAXGqhvu6WojSTxvo4rT5PF
ufYUXxiFKanlmoxoiehwxE+ehZh2XN14B8CgyeF8kXZIIsm1m7el31OG711ZM6/F
YhfDPniUx65ONN2GolhBAVq/5667/KqL+Wb1WRdAl3Tn5nn+771TseXbqQ==
-----END CERTIFICATE-----