Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2fffb11c-00ad-483d-ac86-b25c14b51e3d.roa
File:                     2fffb11c-00ad-483d-ac86-b25c14b51e3d.roa (raw, json)
Hash identifier:          1Wgxbz7frTYwWcNObyhEQiaN7YlVBWI1lMhGtihT+GM=
Subject key identifier:   50:D8:B1:A7:77:4E:4D:ED:58:21:DE:B2:38:B6:32:16:37:CB:A5:9A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6D00593C0AAC4EB6E12624267EC269E46F6EEEA3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2fffb11c-00ad-483d-ac86-b25c14b51e3d.roa
Signing time:             Sat 28 Feb 2026 02:50:33 +0000
ROA not before:           Sat 28 Feb 2026 02:50:33 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.239.208.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:00:59:3c:0a:ac:4e:b6:e1:26:24:26:7e:c2:69:e4:6f:6e:ee:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 02:50:33 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=df026f3be2f13c7a57ffaa9d7ba5fcdd74d11a002b3ff39c75fea462f28fd4bf, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:34:80:dd:93:f3:54:36:4c:79:f0:e6:11:82:
                    60:40:c1:8a:cb:af:f3:84:59:43:29:5f:3e:71:66:
                    10:c3:3f:78:5b:b5:9a:12:52:8d:4e:ec:73:3e:7c:
                    82:74:7e:d4:ad:c7:cb:5a:13:f6:e2:64:ae:55:e4:
                    61:bc:4e:a4:dc:a0:bd:68:7f:55:f7:21:8d:a2:b1:
                    58:47:a3:1c:39:66:ac:10:b0:60:77:47:49:46:46:
                    14:25:9f:81:16:7c:b2:bb:17:07:77:39:05:05:82:
                    ce:a3:86:70:14:bd:c5:3c:4a:3b:81:ea:2d:18:3f:
                    63:3d:f1:84:f0:3f:53:69:21:c7:53:86:5f:1a:81:
                    bb:f5:54:d5:98:a9:b1:36:76:ca:a7:9f:63:7f:2c:
                    78:1a:46:58:43:05:d9:e7:bd:e5:15:de:27:e0:6a:
                    3a:21:15:da:48:31:5c:29:21:23:01:3e:8d:d0:49:
                    61:fd:2a:7b:89:03:bf:1d:5d:62:52:12:7a:02:b7:
                    34:5f:0c:de:dc:a4:09:ee:19:a0:7d:24:94:b2:24:
                    08:bf:23:09:9b:fb:4c:a7:1f:01:45:fe:2a:92:20:
                    f2:07:af:85:de:0b:e6:f8:a7:35:57:43:d8:69:05:
                    c6:69:d9:0a:ac:45:49:a2:52:03:03:ad:e4:e4:fb:
                    7e:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:D8:B1:A7:77:4E:4D:ED:58:21:DE:B2:38:B6:32:16:37:CB:A5:9A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2fffb11c-00ad-483d-ac86-b25c14b51e3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.239.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9a:1b:95:a9:d3:ed:e9:88:52:f6:86:3e:8e:7f:f7:01:09:ad:
         8d:63:3f:e6:e0:5f:ba:ca:2e:c8:38:71:42:f5:61:74:bc:2c:
         2a:f6:52:e9:8e:5b:c9:7d:3c:c4:0f:9c:f5:aa:fb:50:2b:87:
         e1:c8:d8:4b:78:13:c5:0e:35:d8:54:84:7f:34:45:b7:89:8c:
         bf:fc:38:e0:20:07:98:2b:bc:ab:89:6a:12:a9:5a:c0:a0:f7:
         48:62:99:8e:cf:87:5d:d1:80:55:af:88:d8:40:32:fd:5d:82:
         90:d8:e7:4a:31:fa:68:07:4c:71:27:06:3b:0a:b4:b7:3f:4b:
         c9:21:24:15:78:b3:18:50:ed:8d:24:e4:2e:f0:54:fc:88:d8:
         75:45:b2:02:94:70:6b:ba:4f:6a:f6:6b:24:96:b7:88:18:51:
         01:5d:07:75:be:9c:79:61:b3:3f:a2:87:c9:99:25:30:05:92:
         22:b4:27:78:0b:d7:21:01:11:02:1b:00:a1:2b:c4:00:39:b8:
         16:d2:1b:75:21:f0:da:bd:01:eb:2b:b8:3c:c4:d1:0a:22:53:
         e4:6f:97:3e:3c:dd:a4:4c:71:9c:c1:a2:27:4d:6b:d4:64:58:
         1e:a7:1c:7d:69:b3:3b:58:15:4b:4a:94:74:ee:ed:84:ce:0d:
         d4:a8:bf:45
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbQBZPAqsTrbhJiQmfsJp5G9u7qMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDI1MDMzWhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjAyNmYzYmUyZjEzYzdhNTdmZmFhOWQ3YmE1ZmNkZDc0
ZDExYTAwMmIzZmYzOWM3NWZlYTQ2MmYyOGZkNGJmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3NIDdk/NUNkx58OYRgmBAwYrLr/OEWUMpXz5xZhDDP3hb
tZoSUo1O7HM+fIJ0ftStx8taE/biZK5V5GG8TqTcoL1of1X3IY2isVhHoxw5ZqwQ
sGB3R0lGRhQln4EWfLK7Fwd3OQUFgs6jhnAUvcU8SjuB6i0YP2M98YTwP1NpIcdT
hl8agbv1VNWYqbE2dsqnn2N/LHgaRlhDBdnnveUV3ifgajohFdpIMVwpISMBPo3Q
SWH9KnuJA78dXWJSEnoCtzRfDN7cpAnuGaB9JJSyJAi/Iwmb+0ynHwFF/iqSIPIH
r4XeC+b4pzVXQ9hpBcZp2QqsRUmiUgMDreTk+35vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUNixp3dOTe1YId6yOLYyFjfLpZowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJmZmZiMTFjLTAwYWQtNDgzZC1hYzg2LWIyNWMxNGI1MWUzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ279AwDQYJKoZIhvcNAQELBQADggEBAJoblanT7emIUvaGPo5/9wEJrY1j
P+bgX7rKLsg4cUL1YXS8LCr2UumOW8l9PMQPnPWq+1Arh+HI2Et4E8UONdhUhH80
RbeJjL/8OOAgB5grvKuJahKpWsCg90himY7Ph13RgFWviNhAMv1dgpDY50ox+mgH
THEnBjsKtLc/S8khJBV4sxhQ7Y0k5C7wVPyI2HVFsgKUcGu6T2r2aySWt4gYUQFd
B3W+nHlhsz+ih8mZJTAFkiK0J3gL1yEBEQIbAKErxAA5uBbSG3Uh8Nq9AesruDzE
0QoiU+Rvlz483aRMcZzBoidNa9RkWB6nHH1psztYFUtKlHTu7YTODdSov0U=
-----END CERTIFICATE-----