Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/22b078b7-c123-4298-8bd4-6cdabd20c90d.roa
File:                     22b078b7-c123-4298-8bd4-6cdabd20c90d.roa (raw, json)
Hash identifier:          8WFIxe3GSBLm2s5E8xa+8lsrJytJa/HMcJLu3/FnAg4=
Subject key identifier:   C5:BF:A4:59:C8:A6:37:CE:48:57:D9:AF:E3:A1:2D:2E:CA:9B:A3:1E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       63383624D5E1AA7FDB4092AEE179D67AF6EA0213
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/22b078b7-c123-4298-8bd4-6cdabd20c90d.roa
Signing time:             Tue 24 Feb 2026 03:50:44 +0000
ROA not before:           Tue 24 Feb 2026 03:50:44 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.251.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:38:36:24:d5:e1:aa:7f:db:40:92:ae:e1:79:d6:7a:f6:ea:02:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 24 03:50:44 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=0fc4b931f4928203f54ec1056492b89a5bb85e7b95a9e93a197f96504e14e663, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:66:42:8d:6e:56:bf:7f:0a:05:8d:92:69:87:
                    31:ad:16:38:5c:7c:d5:07:12:a5:4c:48:75:19:b8:
                    2f:54:f3:d7:cb:ad:13:72:83:73:cd:06:71:c9:46:
                    ae:3a:09:f4:ef:ec:78:c9:08:8b:54:ff:5f:4e:6d:
                    0b:d1:6d:5a:63:24:4a:17:c4:01:6f:ce:5f:a0:e9:
                    c4:66:74:91:b4:64:3c:79:33:c7:d0:3b:80:9e:ff:
                    db:0e:b5:c8:de:9f:21:ce:df:41:6d:f8:64:4c:c5:
                    97:5f:bf:fa:59:bd:15:44:89:69:a2:d9:07:cf:81:
                    0c:16:e3:65:3c:70:d9:22:4b:04:f4:70:42:3e:e9:
                    70:33:73:e0:c4:8f:dc:43:7e:56:51:84:dc:18:a0:
                    7a:a7:46:c5:40:18:9e:66:e0:d6:9d:5b:1c:1d:87:
                    93:fb:85:5f:b1:d8:ae:4e:69:f2:4b:be:88:b0:c0:
                    29:e2:a9:2c:0c:c5:9e:ed:fa:09:f0:ab:61:43:ed:
                    2b:e5:e6:32:f2:7d:ba:e8:17:c9:ac:82:b0:1a:c9:
                    91:35:c2:7e:96:5c:88:c4:f7:a6:2f:be:e2:16:f8:
                    e2:b1:78:64:78:9b:dd:42:46:13:f1:c7:39:88:e4:
                    14:eb:1a:9d:a5:f4:2c:6a:78:6a:f3:5a:bd:af:75:
                    b9:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:BF:A4:59:C8:A6:37:CE:48:57:D9:AF:E3:A1:2D:2E:CA:9B:A3:1E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/22b078b7-c123-4298-8bd4-6cdabd20c90d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.251.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:e3:de:55:27:7a:64:0d:dc:39:cf:d0:0e:57:1b:5b:d1:0e:
         21:d2:84:b9:a1:ee:95:3d:e9:00:a8:0b:8c:75:22:a0:ca:06:
         b0:9c:c9:11:05:c8:e3:8b:24:4b:2f:d4:f1:90:64:1c:e8:dd:
         76:d1:4c:a4:9c:94:e1:08:8f:c0:d2:ea:3f:31:cd:0a:fe:33:
         11:9c:9f:93:38:b6:fd:c4:5e:39:dc:e1:5a:22:41:78:62:21:
         f6:bd:8b:20:b5:1c:c0:1f:16:65:a7:d7:a0:45:53:96:87:7d:
         24:24:44:96:62:1d:c2:37:4e:13:48:e0:97:ae:25:9b:53:3d:
         e7:0b:2e:89:e5:1d:a5:9c:c4:0b:c1:cc:b4:3e:ec:ec:40:53:
         5c:c7:bb:a6:86:f7:2d:9f:25:ea:29:66:00:dc:8d:a5:a0:71:
         e2:9a:7a:f1:f4:e3:56:8b:54:99:44:b2:4f:c1:85:6c:67:33:
         0f:25:12:22:51:6a:c1:82:89:e0:60:81:e1:2c:a5:b2:7b:c3:
         12:51:27:f2:a7:4f:2f:08:9e:14:22:b4:bb:13:27:a4:cc:34:
         e4:66:3f:2a:cd:8d:fd:11:56:b5:37:b6:09:06:5a:5a:27:3d:
         07:69:45:7b:2b:de:a6:71:d0:0b:b2:ff:20:3d:9d:52:2b:92:
         3b:49:fe:0c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYzg2JNXhqn/bQJKu4XnWevbqAhMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI0MDM1MDQ0WhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZmM0YjkzMWY0OTI4MjAzZjU0ZWMxMDU2NDkyYjg5YTVi
Yjg1ZTdiOTVhOWU5M2ExOTdmOTY1MDRlMTRlNjYzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLZkKNbla/fwoFjZJphzGtFjhcfNUHEqVMSHUZuC9U89fL
rRNyg3PNBnHJRq46CfTv7HjJCItU/19ObQvRbVpjJEoXxAFvzl+g6cRmdJG0ZDx5
M8fQO4Ce/9sOtcjenyHO30Ft+GRMxZdfv/pZvRVEiWmi2QfPgQwW42U8cNkiSwT0
cEI+6XAzc+DEj9xDflZRhNwYoHqnRsVAGJ5m4NadWxwdh5P7hV+x2K5OafJLvoiw
wCniqSwMxZ7t+gnwq2FD7Svl5jLyfbroF8msgrAayZE1wn6WXIjE96YvvuIW+OKx
eGR4m91CRhPxxzmI5BTrGp2l9CxqeGrzWr2vdbldAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxb+kWcimN85IV9mv46EtLsqbox4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzIyYjA3OGI3LWMxMjMtNDI5OC04YmQ0LTZjZGFiZDIwYzkwZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2+/4wDQYJKoZIhvcNAQELBQADggEBADzj3lUnemQN3DnP0A5XG1vRDiHS
hLmh7pU96QCoC4x1IqDKBrCcyREFyOOLJEsv1PGQZBzo3XbRTKSclOEIj8DS6j8x
zQr+MxGcn5M4tv3EXjnc4VoiQXhiIfa9iyC1HMAfFmWn16BFU5aHfSQkRJZiHcI3
ThNI4JeuJZtTPecLLonlHaWcxAvBzLQ+7OxAU1zHu6aG9y2fJeopZgDcjaWgceKa
evH041aLVJlEsk/BhWxnMw8lEiJRasGCieBggeEspbJ7wxJRJ/KnTy8InhQitLsT
J6TMNORmPyrNjf0RVrU3tgkGWlonPQdpRXsr3qZx0Auy/yA9nVIrkjtJ/gw=
-----END CERTIFICATE-----