Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0a5def47-5f65-4acd-8637-b56197048231.roa
File:                     0a5def47-5f65-4acd-8637-b56197048231.roa (raw, json)
Hash identifier:          YC/d62893Lh1RMGgLAmDEywbPRZvMEM+3cu6J9+SM4c=
Subject key identifier:   E1:88:79:33:D0:E5:D9:9D:24:D0:2C:44:FC:C3:EC:06:62:60:90:DB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1AD8A3C0DF7920A7E97908309A1BD3CE3F8C9DAF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0a5def47-5f65-4acd-8637-b56197048231.roa
Signing time:             Thu 26 Feb 2026 01:21:29 +0000
ROA not before:           Thu 26 Feb 2026 01:21:29 +0000
ROA not after:            Wed 27 May 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        54.239.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:d8:a3:c0:df:79:20:a7:e9:79:08:30:9a:1b:d3:ce:3f:8c:9d:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 26 01:21:29 2026 GMT
            Not After : May 27 23:59:59 2026 GMT
        Subject: serialNumber=90cb3377126c6a53c21679ada6cdc2f3f76b725a644ac4174b74c89bc6300a12, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5e:cf:49:16:9b:ba:fb:76:4f:6e:8d:5b:b9:
                    f5:3f:8a:da:8b:18:9e:fe:0b:f5:76:32:01:02:79:
                    0b:c5:a7:f8:d7:15:fe:22:49:84:16:e8:27:53:67:
                    7b:db:1a:cc:be:86:18:17:8f:19:13:8f:dc:87:5d:
                    ce:f1:02:59:0d:61:9b:e8:28:cc:b8:7d:70:5d:44:
                    4d:ee:eb:25:cb:af:78:60:7e:59:7a:f5:65:15:fb:
                    ff:d0:ad:35:59:32:e5:0c:ca:ff:f6:1b:8e:f9:65:
                    ba:87:f7:1c:48:ee:44:a6:64:9b:d0:89:3e:0b:0a:
                    3e:f6:87:a0:e9:d6:c4:c6:8a:ba:97:a5:86:9e:b2:
                    39:3c:d4:29:8c:eb:85:8a:8f:85:b3:6a:c4:37:65:
                    2d:5b:06:a4:85:68:a8:a7:50:2d:43:27:aa:c1:ea:
                    83:52:20:5e:51:91:d6:90:cf:0e:e3:db:44:9d:b6:
                    5d:bc:fc:42:15:72:74:1b:03:00:27:cc:7b:d1:e0:
                    ad:da:32:d1:b8:06:2c:8b:80:29:4e:fd:11:bf:2c:
                    fd:33:15:2e:74:1b:36:21:b8:82:0d:11:6e:7a:18:
                    5d:b0:20:25:f0:c8:f6:4d:63:11:f0:59:71:3a:9c:
                    ac:46:27:af:ea:39:a6:30:8d:ab:30:0f:ed:08:0e:
                    c4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:88:79:33:D0:E5:D9:9D:24:D0:2C:44:FC:C3:EC:06:62:60:90:DB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0a5def47-5f65-4acd-8637-b56197048231.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.239.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a2:78:3e:ca:9e:0c:b9:e9:65:13:a7:18:db:ae:48:11:f1:d2:
         e5:03:60:89:eb:5c:53:80:11:14:72:4f:3c:2a:29:43:9e:f2:
         64:32:32:2a:f3:f0:ec:bf:4b:34:b2:aa:85:e0:5d:ec:5f:0b:
         78:8e:cb:bf:95:d5:3e:81:75:2a:d6:51:48:ed:40:a4:91:0f:
         4f:bf:b4:bc:35:db:a6:3d:1e:b3:74:43:d4:a0:00:f1:73:c3:
         90:12:2d:cf:ed:69:02:ee:a1:dc:b6:17:d9:b4:63:ef:60:0d:
         1c:ae:d7:09:1c:e4:7d:e4:be:39:f3:bb:fe:77:19:01:05:27:
         85:8f:53:fd:7a:a4:cf:aa:f0:a1:64:1a:ed:18:6f:df:50:e8:
         df:e6:17:d6:78:4e:fb:92:8d:2c:bb:da:e9:e9:29:81:67:49:
         1d:14:f4:c1:37:d0:46:94:92:93:4a:6a:d8:45:00:5c:51:c6:
         00:74:82:d1:17:a4:3f:aa:77:1b:e4:40:02:10:48:6e:dc:1c:
         77:17:65:cf:c8:cb:56:70:68:f9:9b:9a:cd:f1:6c:c1:28:89:
         21:8e:41:27:c5:b6:4c:c8:26:d5:6f:0f:7e:d8:72:38:fd:5d:
         77:43:9e:f3:1a:63:58:a9:99:e4:a7:7f:79:d8:39:c8:a8:2b:
         61:48:f2:a0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGtijwN95IKfpeQgwmhvTzj+Mna8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI2MDEyMTI5WhcNMjYwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MGNiMzM3NzEyNmM2YTUzYzIxNjc5YWRhNmNkYzJmM2Y3
NmI3MjVhNjQ0YWM0MTc0Yjc0Yzg5YmM2MzAwYTEyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMXs9JFpu6+3ZPbo1bufU/itqLGJ7+C/V2MgECeQvFp/jX
Ff4iSYQW6CdTZ3vbGsy+hhgXjxkTj9yHXc7xAlkNYZvoKMy4fXBdRE3u6yXLr3hg
fll69WUV+//QrTVZMuUMyv/2G475ZbqH9xxI7kSmZJvQiT4LCj72h6Dp1sTGirqX
pYaesjk81CmM64WKj4WzasQ3ZS1bBqSFaKinUC1DJ6rB6oNSIF5RkdaQzw7j20Sd
tl28/EIVcnQbAwAnzHvR4K3aMtG4BiyLgClO/RG/LP0zFS50GzYhuIINEW56GF2w
ICXwyPZNYxHwWXE6nKxGJ6/qOaYwjaswD+0IDsRpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4Yh5M9Dl2Z0k0CxE/MPsBmJgkNswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBhNWRlZjQ3LTVmNjUtNGFjZC04NjM3LWI1NjE5NzA0ODIzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM27wgwDQYJKoZIhvcNAQELBQADggEBAKJ4PsqeDLnpZROnGNuuSBHx0uUD
YInrXFOAERRyTzwqKUOe8mQyMirz8Oy/SzSyqoXgXexfC3iOy7+V1T6BdSrWUUjt
QKSRD0+/tLw126Y9HrN0Q9SgAPFzw5ASLc/taQLuody2F9m0Y+9gDRyu1wkc5H3k
vjnzu/53GQEFJ4WPU/16pM+q8KFkGu0Yb99Q6N/mF9Z4TvuSjSy72unpKYFnSR0U
9ME30EaUkpNKathFAFxRxgB0gtEXpD+qdxvkQAIQSG7cHHcXZc/Iy1ZwaPmbms3x
bMEoiSGOQSfFtkzIJtVvD37Ycjj9XXdDnvMaY1ipmeSnf3nYOcioK2FI8qA=
-----END CERTIFICATE-----