Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/163289b6-2323-49cb-af8d-5b5a9ee9f0fe.roa
File:                     163289b6-2323-49cb-af8d-5b5a9ee9f0fe.roa (raw, json)
Hash identifier:          i2q35JaMwK79IVc/t13nfXMTJDNL/RrngUbd37rPAj4=
Subject key identifier:   D2:A6:8F:1B:B9:1C:47:A2:D0:E2:95:32:10:46:B0:71:1C:1A:15:AB
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       20AE39FCA8965DB7A1A4539AF3267DD6430BABDE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/163289b6-2323-49cb-af8d-5b5a9ee9f0fe.roa
Signing time:             Sat 28 Feb 2026 04:21:11 +0000
ROA not before:           Sat 28 Feb 2026 04:21:11 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.80.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:ae:39:fc:a8:96:5d:b7:a1:a4:53:9a:f3:26:7d:d6:43:0b:ab:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 04:21:11 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=425b9dd0d648bdb548858d2058722a32ca3e9aeed647674ebf3611db7bc11e5c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:54:d6:b6:37:99:1d:55:ca:68:5e:a5:0a:bc:
                    42:02:b9:73:8b:01:22:c2:b8:e1:36:02:e5:42:e8:
                    4d:1e:d7:e7:0b:ed:37:7b:0a:ee:4d:39:e2:81:12:
                    ec:3b:e5:d9:d4:96:b2:7c:44:8d:b2:b1:70:d3:89:
                    0c:40:0d:1a:ac:95:d4:2b:a3:86:b1:80:e9:e0:df:
                    0e:39:a2:5d:f2:bb:c3:84:7b:8e:36:35:a6:af:03:
                    71:3b:77:89:91:cc:6f:bb:fc:83:12:e3:ab:f3:fb:
                    3a:b3:a0:a5:6d:fd:e6:42:03:63:75:77:8c:b1:76:
                    ee:88:57:89:cb:a6:2f:0c:41:d2:50:c9:6c:cf:ea:
                    d4:b9:3e:59:b5:82:36:84:06:c1:5f:67:7b:13:fc:
                    80:15:d6:59:39:70:e8:76:05:9d:66:41:b6:66:45:
                    00:c1:92:eb:34:dd:61:93:56:e1:97:b0:0d:07:9e:
                    93:e5:41:38:65:67:c3:c9:d3:74:f0:98:07:90:b6:
                    02:69:59:b7:11:7b:d7:4d:c7:1a:af:53:4c:3b:0d:
                    13:10:96:a3:00:38:18:ef:44:2f:67:78:2d:de:17:
                    a4:67:7d:d1:73:c2:73:6b:3f:9c:76:f2:b0:25:3d:
                    6f:bb:38:71:12:b9:d2:ea:7e:00:98:a3:cd:d5:b5:
                    89:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:A6:8F:1B:B9:1C:47:A2:D0:E2:95:32:10:46:B0:71:1C:1A:15:AB
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/163289b6-2323-49cb-af8d-5b5a9ee9f0fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         48:98:d9:67:59:92:70:7b:2b:8e:2c:0b:bd:7b:e4:fb:a6:01:
         80:cd:dc:9c:18:78:44:45:80:0c:15:49:5a:9e:8e:da:56:9b:
         33:f2:00:e7:4e:31:5e:d7:48:0b:ea:cf:54:a6:5a:d9:90:c4:
         03:91:e2:cc:a8:06:4a:45:2d:ae:c1:88:54:30:6d:6b:7b:dd:
         0d:87:6c:41:53:73:1f:ca:fc:20:0f:24:73:d7:7e:f5:83:7d:
         33:c0:09:57:a9:e3:cf:f7:6b:f2:24:b1:57:54:c0:19:1b:3f:
         2a:ce:0f:a0:03:9a:45:fc:1d:f1:63:e3:6d:fe:32:4d:84:d5:
         e4:47:42:69:ca:8b:83:b9:55:3f:9c:fd:7d:01:24:2f:33:d3:
         19:7b:2a:d4:84:47:80:47:7c:c2:e5:26:4d:89:24:36:be:f9:
         3e:5e:24:13:f2:44:e1:8b:14:83:db:86:9d:e4:19:7e:ae:28:
         38:37:ce:0b:a2:52:31:2b:c5:53:2e:5e:82:f3:40:c2:66:e8:
         bd:4e:14:2c:63:b0:bc:cf:c4:73:c8:8e:37:c0:2d:b8:e3:4e:
         b6:dd:f2:8a:13:3b:34:66:e7:5b:6a:40:ab:92:be:1a:01:09:
         77:b2:6a:9b:ef:4b:a5:18:a9:c2:00:9b:66:c8:f4:92:6f:b2:
         e3:c7:86:6d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIK45/KiWXbehpFOa8yZ91kMLq94wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDQyMTExWhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MjViOWRkMGQ2NDhiZGI1NDg4NThkMjA1ODcyMmEzMmNh
M2U5YWVlZDY0NzY3NGViZjM2MTFkYjdiYzExZTVjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsVNa2N5kdVcpoXqUKvEICuXOLASLCuOE2AuVC6E0e1+cL
7Td7Cu5NOeKBEuw75dnUlrJ8RI2ysXDTiQxADRqsldQro4axgOng3w45ol3yu8OE
e442NaavA3E7d4mRzG+7/IMS46vz+zqzoKVt/eZCA2N1d4yxdu6IV4nLpi8MQdJQ
yWzP6tS5Plm1gjaEBsFfZ3sT/IAV1lk5cOh2BZ1mQbZmRQDBkus03WGTVuGXsA0H
npPlQThlZ8PJ03TwmAeQtgJpWbcRe9dNxxqvU0w7DRMQlqMAOBjvRC9neC3eF6Rn
fdFzwnNrP5x28rAlPW+7OHESudLqfgCYo83VtYn/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0qaPG7kcR6LQ4pUyEEawcRwaFaswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzE2MzI4OWI2LTIzMjMtNDljYi1hZjhkLTViNWE5ZWU5ZjBmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ0X1AwDQYJKoZIhvcNAQELBQADggEBAEiY2WdZknB7K44sC7175PumAYDN
3JwYeERFgAwVSVqejtpWmzPyAOdOMV7XSAvqz1SmWtmQxAOR4syoBkpFLa7BiFQw
bWt73Q2HbEFTcx/K/CAPJHPXfvWDfTPACVep48/3a/IksVdUwBkbPyrOD6ADmkX8
HfFj423+Mk2E1eRHQmnKi4O5VT+c/X0BJC8z0xl7KtSER4BHfMLlJk2JJDa++T5e
JBPyROGLFIPbhp3kGX6uKDg3zguiUjErxVMuXoLzQMJm6L1OFCxjsLzPxHPIjjfA
LbjjTrbd8ooTOzRm51tqQKuSvhoBCXeyapvvS6UYqcIAm2bI9JJvsuPHhm0=
-----END CERTIFICATE-----