Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1df7952b-8ba0-46e5-8c8f-e50a5adef275.roa
File:                     1df7952b-8ba0-46e5-8c8f-e50a5adef275.roa (raw, json)
Hash identifier:          t2543tOtcQgpLhTjc4+1XGw4hZghtJyPNx6NGQsTUbk=
Subject key identifier:   8D:F6:90:43:30:26:BB:F0:1C:11:1D:FF:1F:F0:F0:06:F8:64:66:6E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       304532421F015F79715E483729CC46A88701F2B5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1df7952b-8ba0-46e5-8c8f-e50a5adef275.roa
Signing time:             Wed 25 Feb 2026 02:51:19 +0000
ROA not before:           Wed 25 Feb 2026 02:51:19 +0000
ROA not after:            Tue 26 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.193.240.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:45:32:42:1f:01:5f:79:71:5e:48:37:29:cc:46:a8:87:01:f2:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 25 02:51:19 2026 GMT
            Not After : May 26 23:59:59 2026 GMT
        Subject: serialNumber=d3e6e292aaea2e9872c3d1885e8a73040934b3462a2711f20e7bcdf2927bd1af, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:19:2c:92:e3:40:d3:c6:7f:49:a4:91:7a:f7:
                    51:a4:d4:98:87:d6:61:7b:d2:49:d6:7b:44:39:94:
                    91:24:f5:17:40:cc:6c:6b:1f:16:5e:76:28:d8:bf:
                    28:68:35:4b:be:be:85:36:98:79:0c:14:07:74:51:
                    09:2b:19:af:85:d8:7c:99:b0:f8:4b:b4:93:9d:57:
                    09:5a:62:b1:4b:ff:66:93:43:33:d6:dc:f3:3d:a2:
                    08:03:5f:b1:83:6d:b7:81:c6:ac:29:6d:de:33:d3:
                    76:81:02:d2:74:aa:cb:4d:57:e6:2e:b9:1e:ee:f8:
                    59:92:d5:6b:3a:ff:32:0a:73:c3:da:58:7a:18:f2:
                    6b:49:a4:5b:d3:16:0a:e8:9f:9c:c4:4d:ba:8c:5b:
                    7d:a4:59:98:6f:2a:b2:24:14:a2:d3:a0:7c:b4:96:
                    c1:57:26:93:36:6d:3e:a5:92:c6:6c:fa:1b:c4:b7:
                    70:cf:e2:2f:ee:86:6e:94:86:7e:f3:d1:46:91:65:
                    40:ac:76:16:5c:38:2a:77:90:1a:5e:c2:87:b0:a0:
                    e2:b8:cc:6b:ce:ce:7d:f8:63:c6:c7:e9:de:11:31:
                    1a:71:05:4b:b7:32:73:41:05:b9:75:2f:24:6b:96:
                    6e:e7:a4:e3:cc:b9:af:b8:f1:eb:3e:df:f4:b7:cb:
                    8d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:F6:90:43:30:26:BB:F0:1C:11:1D:FF:1F:F0:F0:06:F8:64:66:6E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1df7952b-8ba0-46e5-8c8f-e50a5adef275.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.193.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         28:99:87:81:3f:48:22:a1:d4:d1:64:b7:7e:4f:ea:4b:f0:d5:
         cc:e2:0d:e3:0b:76:4b:38:98:ea:22:f1:df:26:30:cd:76:c3:
         70:13:d3:f1:dc:c8:1d:13:d9:59:93:ab:cd:0d:e8:2f:1b:94:
         a3:ac:1f:47:d5:d1:57:8c:17:d9:47:a8:20:e0:f6:2d:bc:e0:
         b6:b1:ab:79:8f:9e:35:72:6b:48:2f:7d:0e:a7:86:ed:20:3a:
         8e:e8:73:1e:90:f4:6f:b6:31:52:ad:59:c7:70:32:b4:65:6a:
         1b:e3:6b:89:7e:9b:02:1b:aa:70:e3:53:9c:76:ac:9c:36:06:
         86:da:75:7d:f3:cb:a8:76:8f:89:57:02:3c:61:23:41:9d:4f:
         5b:e5:7b:25:e1:ec:14:20:63:98:8c:03:1a:91:41:ef:72:db:
         2b:59:88:27:66:ff:05:a7:19:95:38:e9:fa:38:d3:c6:32:1e:
         c3:93:6a:26:44:da:0b:65:0e:19:bf:d3:3d:13:5f:ce:fa:cc:
         f1:c0:cb:47:11:89:da:02:4e:cd:cd:f7:26:9c:01:15:d6:8b:
         09:33:67:e7:9b:79:09:d4:be:35:31:77:e8:d4:b8:eb:fd:da:
         93:ea:1f:2d:5f:f1:b7:15:c4:d6:1c:14:0a:88:e4:c9:fc:5c:
         ee:63:98:a3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMEUyQh8BX3lxXkg3KcxGqIcB8rUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI1MDI1MTE5WhcNMjYwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkM2U2ZTI5MmFhZWEyZTk4NzJjM2QxODg1ZThhNzMwNDA5
MzRiMzQ2MmEyNzExZjIwZTdiY2RmMjkyN2JkMWFmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRGSyS40DTxn9JpJF691Gk1JiH1mF70knWe0Q5lJEk9RdA
zGxrHxZedijYvyhoNUu+voU2mHkMFAd0UQkrGa+F2HyZsPhLtJOdVwlaYrFL/2aT
QzPW3PM9oggDX7GDbbeBxqwpbd4z03aBAtJ0qstNV+YuuR7u+FmS1Ws6/zIKc8Pa
WHoY8mtJpFvTFgron5zETbqMW32kWZhvKrIkFKLToHy0lsFXJpM2bT6lksZs+hvE
t3DP4i/uhm6Uhn7z0UaRZUCsdhZcOCp3kBpewoewoOK4zGvOzn34Y8bH6d4RMRpx
BUu3MnNBBbl1LyRrlm7npOPMua+48es+3/S3y40bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjfaQQzAmu/AcER3/H/DwBvhkZm4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFkZjc5NTJiLThiYTAtNDZlNS04YzhmLWU1MGE1YWRlZjI3NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM2wfAwDQYJKoZIhvcNAQELBQADggEBACiZh4E/SCKh1NFkt35P6kvw1czi
DeMLdks4mOoi8d8mMM12w3AT0/HcyB0T2VmTq80N6C8blKOsH0fV0VeMF9lHqCDg
9i284Laxq3mPnjVya0gvfQ6nhu0gOo7ocx6Q9G+2MVKtWcdwMrRlahvja4l+mwIb
qnDjU5x2rJw2BobadX3zy6h2j4lXAjxhI0GdT1vleyXh7BQgY5iMAxqRQe9y2ytZ
iCdm/wWnGZU46fo408YyHsOTaiZE2gtlDhm/0z0TX876zPHAy0cRidoCTs3N9yac
ARXWiwkzZ+ebeQnUvjUxd+jUuOv92pPqHy1f8bcVxNYcFAqI5Mn8XO5jmKM=
-----END CERTIFICATE-----