Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1ed3049b-0aca-42c5-9280-e97f17995e91.roa
File:                     1ed3049b-0aca-42c5-9280-e97f17995e91.roa (raw, json)
Hash identifier:          NZQnMFF7e+KOtNwYseoGCmtJrN/qKFpKiPmHcB2BHMM=
Subject key identifier:   5D:39:09:CE:C5:12:AA:2E:B2:A4:B5:E9:25:FD:E2:77:CE:D5:58:D1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7DF90026F98C4D819CD94A1D1043D14C6E5E19BB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1ed3049b-0aca-42c5-9280-e97f17995e91.roa
Signing time:             Sat 14 Feb 2026 01:00:09 +0000
ROA not before:           Sat 14 Feb 2026 01:00:09 +0000
ROA not after:            Fri 15 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        13.200.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:f9:00:26:f9:8c:4d:81:9c:d9:4a:1d:10:43:d1:4c:6e:5e:19:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 14 01:00:09 2026 GMT
            Not After : May 15 23:59:59 2026 GMT
        Subject: serialNumber=84231cc4917db0e91cdb8d1a7e8615697cdea22c4a637cde7619ca9438577f11, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c6:af:f6:86:9a:07:ef:bc:84:e8:43:69:71:
                    ec:fe:26:1f:9d:5c:45:0b:4b:cc:08:35:99:fd:12:
                    c4:be:ef:10:9a:1f:26:6c:b8:db:d8:2a:4f:36:6f:
                    71:a3:25:7f:cc:bc:19:5c:4e:f5:a4:c2:74:70:af:
                    5c:57:28:c8:80:5f:d4:ca:9c:91:42:56:54:55:50:
                    d7:f6:bb:30:53:15:f5:3e:dd:c3:c6:73:81:6d:86:
                    8b:74:26:98:d6:cf:55:f1:79:8e:77:a3:0c:51:7d:
                    74:04:93:22:56:a0:10:8e:d9:31:ae:6f:80:96:49:
                    1f:b4:5c:cf:a2:c7:89:a6:fb:ab:5c:ee:b6:2a:54:
                    45:77:c5:a7:9b:54:7f:bf:58:2b:86:49:07:5c:41:
                    96:8a:4e:bd:4b:f0:75:f8:30:2e:f8:d4:bd:84:4d:
                    38:29:0b:a4:1b:0d:3d:f4:bf:04:84:7b:9f:5e:09:
                    0b:5f:1a:07:c5:8e:68:c4:59:77:1e:0a:1b:fd:55:
                    3c:2d:39:44:08:fe:33:34:2d:e5:2f:66:8b:d6:7a:
                    92:a8:c6:73:31:61:98:7d:85:af:bd:5c:54:88:0b:
                    12:f0:6b:77:ec:7d:0d:b5:c8:77:02:31:01:7a:61:
                    c6:31:fb:c4:13:d2:55:2a:75:70:93:e2:f2:d5:bf:
                    8c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:39:09:CE:C5:12:AA:2E:B2:A4:B5:E9:25:FD:E2:77:CE:D5:58:D1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/1ed3049b-0aca-42c5-9280-e97f17995e91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.200.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:3e:57:a0:b5:02:36:0a:ed:db:5c:0d:9a:d6:70:a2:6b:57:
         17:b5:7e:e0:7f:68:9c:91:cf:03:9e:c8:74:2f:27:c6:56:64:
         95:7b:e9:9e:43:7c:ee:f5:9d:64:df:75:94:ca:40:e4:3e:af:
         ae:21:8c:87:76:b3:19:8f:61:42:39:e5:e6:00:67:65:86:93:
         01:11:7d:51:cb:f9:8f:35:e3:7a:20:b0:0a:71:54:67:c0:41:
         34:61:87:0f:15:e5:ad:bf:b6:84:57:46:32:ca:20:83:72:41:
         30:21:b2:62:0d:47:0e:2c:e1:51:e1:1c:95:dc:a9:5e:cb:32:
         33:07:47:00:30:76:0a:dc:65:bf:ea:f6:98:7c:ee:92:f5:62:
         06:16:d4:f9:dd:d1:86:29:e3:06:77:ee:34:1b:9b:8d:9a:91:
         5c:e1:ce:33:21:81:dd:cb:21:6b:9f:f6:98:8f:7a:44:41:cb:
         a0:0b:87:5f:f7:07:76:db:43:47:68:a3:d7:c1:1b:9f:a1:e5:
         3d:ea:44:76:31:47:d2:1c:75:79:bc:94:f5:7b:89:2f:5d:06:
         d8:c6:da:e4:e0:ab:e7:a9:42:64:c3:a2:f0:0d:db:ef:26:2c:
         0b:e3:6c:7d:b1:c2:cc:47:41:2e:3d:9e:0f:45:61:a9:f7:88:
         5e:c4:a1:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUffkAJvmMTYGc2UodEEPRTG5eGbswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjE0MDEwMDA5WhcNMjYwNTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NDIzMWNjNDkxN2RiMGU5MWNkYjhkMWE3ZTg2MTU2OTdj
ZGVhMjJjNGE2MzdjZGU3NjE5Y2E5NDM4NTc3ZjExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8xq/2hpoH77yE6ENpcez+Jh+dXEULS8wINZn9EsS+7xCa
HyZsuNvYKk82b3GjJX/MvBlcTvWkwnRwr1xXKMiAX9TKnJFCVlRVUNf2uzBTFfU+
3cPGc4Fthot0JpjWz1XxeY53owxRfXQEkyJWoBCO2TGub4CWSR+0XM+ix4mm+6tc
7rYqVEV3xaebVH+/WCuGSQdcQZaKTr1L8HX4MC741L2ETTgpC6QbDT30vwSEe59e
CQtfGgfFjmjEWXceChv9VTwtOUQI/jM0LeUvZovWepKoxnMxYZh9ha+9XFSICxLw
a3fsfQ21yHcCMQF6YcYx+8QT0lUqdXCT4vLVv4xRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXTkJzsUSqi6ypLXpJf3id87VWNEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzFlZDMwNDliLTBhY2EtNDJjNS05MjgwLWU5N2YxNzk5NWU5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAINyFwwDQYJKoZIhvcNAQELBQADggEBAGE+V6C1AjYK7dtcDZrWcKJrVxe1
fuB/aJyRzwOeyHQvJ8ZWZJV76Z5DfO71nWTfdZTKQOQ+r64hjId2sxmPYUI55eYA
Z2WGkwERfVHL+Y8143ogsApxVGfAQTRhhw8V5a2/toRXRjLKIINyQTAhsmINRw4s
4VHhHJXcqV7LMjMHRwAwdgrcZb/q9ph87pL1YgYW1Pnd0YYp4wZ37jQbm42akVzh
zjMhgd3LIWuf9piPekRBy6ALh1/3B3bbQ0doo9fBG5+h5T3qRHYxR9IcdXm8lPV7
iS9dBtjG2uTgq+epQmTDovAN2+8mLAvjbH2xwsxHQS49ng9FYan3iF7EoSY=
-----END CERTIFICATE-----