Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1267e82a-7f12-45b7-a2e5-131a59a06c58.roa
File:                     1267e82a-7f12-45b7-a2e5-131a59a06c58.roa (raw, json)
Hash identifier:          Po5klG+M43Vgae7+1YbE8KZA9T/CKcnlpo5zIW3HNpA=
Subject key identifier:   F0:F8:BD:26:1C:39:61:6F:7B:11:8E:07:D4:AA:EE:37:4C:98:86:88
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       169049803472661E5B78CFD900E72FD58AD484E3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1267e82a-7f12-45b7-a2e5-131a59a06c58.roa
Signing time:             Sat 28 Feb 2026 02:50:36 +0000
ROA not before:           Sat 28 Feb 2026 02:50:36 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:90:49:80:34:72:66:1e:5b:78:cf:d9:00:e7:2f:d5:8a:d4:84:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 02:50:36 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=6a82fa6184407c0c4dfcb99de07e4963f13ba978a9445e0926402b91f19ce2f9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:97:a5:5f:af:05:c5:d1:18:97:bd:59:4f:38:
                    71:49:60:18:3c:5c:6e:fe:45:11:5b:a4:76:0f:4f:
                    bb:06:b1:fe:bf:74:6a:3e:a0:2a:2c:40:4d:48:72:
                    b4:06:5e:65:13:7b:e5:ec:dd:99:65:e4:eb:a6:6b:
                    38:91:ff:80:24:ea:28:4b:5f:31:71:34:ec:bc:81:
                    55:67:09:eb:1e:82:60:c0:fb:27:b9:54:0a:46:fb:
                    41:48:fb:10:b7:f1:61:89:bf:c1:2c:ce:c8:df:9d:
                    df:c5:d6:9a:52:30:1f:be:21:46:00:24:37:ef:74:
                    b7:27:5d:e0:34:67:81:e8:ef:74:31:bd:15:72:30:
                    6b:f0:d5:05:2e:1a:31:84:cf:1e:db:a0:ac:d0:cc:
                    00:ad:94:a6:4f:a2:48:8b:47:f1:86:80:be:ad:50:
                    66:18:0c:07:d7:30:db:d6:b9:03:5e:73:c8:a1:ff:
                    6f:43:0c:f0:86:71:77:9b:62:18:f6:08:0d:6d:52:
                    77:78:ec:03:d5:e1:af:9f:83:92:33:3e:5a:b3:3f:
                    16:6f:a9:e2:89:92:95:d5:9c:4e:3e:4d:d8:08:a1:
                    5b:99:27:23:5b:b6:e9:75:d0:7a:ef:d5:b2:26:e4:
                    31:47:27:79:69:dd:3b:cc:f7:6d:c7:7d:fc:ab:1a:
                    c8:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:F8:BD:26:1C:39:61:6F:7B:11:8E:07:D4:AA:EE:37:4C:98:86:88
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1267e82a-7f12-45b7-a2e5-131a59a06c58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:68:8a:a6:bd:d2:50:76:ac:3b:e6:e4:eb:6e:8b:ff:b5:73:
         41:7e:14:f5:a0:a6:e6:0b:e8:de:c7:46:06:24:b8:ea:6d:d8:
         e1:e0:32:0a:8b:3f:4c:7c:47:6b:7f:2b:f0:c9:64:ec:c3:99:
         0c:d4:76:85:dc:37:2d:3d:c1:21:64:38:89:51:b9:19:66:94:
         98:6a:df:e7:a3:24:f5:58:9a:2a:24:ca:cf:8f:c6:82:5d:c2:
         55:7b:f2:85:ed:ae:99:c6:44:fb:7a:0a:78:e6:cc:b1:25:b4:
         99:80:4e:48:8c:05:67:15:34:b6:e2:9b:1f:89:1c:e9:80:36:
         1f:4a:d8:91:48:eb:aa:30:1e:65:f9:9c:ac:27:d5:5b:46:3f:
         52:32:eb:6e:f6:79:d0:fa:2b:2f:76:eb:65:c0:15:a2:c1:fd:
         2c:cc:86:74:8a:5b:36:97:a2:d2:21:7f:cf:3a:fa:ab:00:b2:
         4c:3b:00:15:6a:8a:5a:b5:77:07:5b:16:23:73:a4:81:d4:5d:
         5a:3f:5c:e9:5e:6c:bf:46:b4:06:cf:a4:1b:ee:8f:b2:e9:0b:
         58:76:b0:3b:2c:92:a0:a6:5f:3f:e9:d7:e2:51:2f:0e:8a:f0:
         26:ff:c7:63:83:bc:4d:96:b1:7e:08:b4:61:e9:f2:83:4d:7e:
         1b:a2:57:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFpBJgDRyZh5beM/ZAOcv1YrUhOMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDI1MDM2WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YTgyZmE2MTg0NDA3YzBjNGRmY2I5OWRlMDdlNDk2M2Yx
M2JhOTc4YTk0NDVlMDkyNjQwMmI5MWYxOWNlMmY5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTl6VfrwXF0RiXvVlPOHFJYBg8XG7+RRFbpHYPT7sGsf6/
dGo+oCosQE1IcrQGXmUTe+Xs3Zll5OumaziR/4Ak6ihLXzFxNOy8gVVnCesegmDA
+ye5VApG+0FI+xC38WGJv8Eszsjfnd/F1ppSMB++IUYAJDfvdLcnXeA0Z4Ho73Qx
vRVyMGvw1QUuGjGEzx7boKzQzACtlKZPokiLR/GGgL6tUGYYDAfXMNvWuQNec8ih
/29DDPCGcXebYhj2CA1tUnd47APV4a+fg5IzPlqzPxZvqeKJkpXVnE4+TdgIoVuZ
JyNbtul10Hrv1bIm5DFHJ3lp3TvM923HffyrGsgNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU8Pi9Jhw5YW97EY4H1KruN0yYhogwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzEyNjdlODJhLTdmMTItNDViNy1hMmU1LTEzMWE1OWEwNmM1OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XykwDQYJKoZIhvcNAQELBQADggEBALNoiqa90lB2rDvm5Otui/+1c0F+
FPWgpuYL6N7HRgYkuOpt2OHgMgqLP0x8R2t/K/DJZOzDmQzUdoXcNy09wSFkOIlR
uRlmlJhq3+ejJPVYmiokys+PxoJdwlV78oXtrpnGRPt6CnjmzLEltJmATkiMBWcV
NLbimx+JHOmANh9K2JFI66owHmX5nKwn1VtGP1Iy6272edD6Ky9262XAFaLB/SzM
hnSKWzaXotIhf886+qsAskw7ABVqilq1dwdbFiNzpIHUXVo/XOlebL9GtAbPpBvu
j7LpC1h2sDsskqCmXz/p1+JRLw6K8Cb/x2ODvE2WsX4ItGHp8oNNfhuiV48=
-----END CERTIFICATE-----