Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/343c963c-2a3e-4928-9210-25faa7d2e157.roa
File:                     343c963c-2a3e-4928-9210-25faa7d2e157.roa (raw, json)
Hash identifier:          N+OCczxTvZqrgX0d/PqMIKAxli5+0rfGJYyfd7yh7uA=
Subject key identifier:   16:92:57:1E:15:81:01:9D:FC:5A:46:A8:69:E5:BA:3E:3C:47:DA:C4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       79DC8A1F692DEB05D97E004E4FDF7B55CCA8DA83
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/343c963c-2a3e-4928-9210-25faa7d2e157.roa
Signing time:             Tue 17 Feb 2026 01:10:31 +0000
ROA not before:           Tue 17 Feb 2026 01:10:31 +0000
ROA not after:            Mon 18 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        3.248.244.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:dc:8a:1f:69:2d:eb:05:d9:7e:00:4e:4f:df:7b:55:cc:a8:da:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 17 01:10:31 2026 GMT
            Not After : May 18 23:59:59 2026 GMT
        Subject: serialNumber=cb79143c0fa931a61bb8da9cef799649cec5e79f5d7f01d6b8e5285b02d79d2b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a5:1b:87:b8:a2:cd:70:b0:f6:fb:31:51:99:
                    31:ad:f2:dc:18:d9:c8:fc:91:ca:57:09:17:1d:ac:
                    4a:91:97:2e:8b:cb:36:7f:40:81:47:2c:95:69:65:
                    76:d5:bb:3e:51:10:3e:46:e7:fe:2e:36:4a:b1:b8:
                    8d:7b:6a:bd:a8:14:25:8b:5b:21:86:8a:42:c3:63:
                    80:17:51:24:79:fe:f4:d1:c6:dd:19:13:21:a1:f1:
                    32:ca:4a:c7:45:6c:01:ed:a2:8f:58:2c:c9:a8:6b:
                    4d:38:e7:39:b5:00:19:3d:e9:52:c4:f4:71:ee:00:
                    28:1a:6e:32:59:f5:9f:1e:c4:9e:03:b5:d8:0f:6f:
                    40:30:47:a3:85:62:09:70:94:06:5a:5d:71:dd:3e:
                    9e:cf:e3:10:98:a3:fb:04:32:17:e5:0b:b3:e8:dd:
                    6d:ec:67:26:79:30:28:6a:bf:a3:f1:13:6e:fe:5c:
                    6d:b9:55:62:e8:6c:39:3c:3f:04:d5:53:71:2b:ca:
                    a4:c1:7f:0d:c6:bb:0f:b4:e0:ea:da:3a:04:9a:dc:
                    60:e3:1e:b0:75:a9:b7:06:5b:bb:26:c6:f4:2e:d8:
                    a9:3d:e4:43:35:23:e5:16:e9:20:59:29:3b:2c:d2:
                    b0:f8:e5:ea:ff:3b:c5:83:39:f7:54:04:1e:f8:53:
                    c4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:92:57:1E:15:81:01:9D:FC:5A:46:A8:69:E5:BA:3E:3C:47:DA:C4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/343c963c-2a3e-4928-9210-25faa7d2e157.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.248.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:3e:c0:bb:c2:12:fb:db:15:f2:af:fb:78:bd:bf:ee:f9:49:
         a8:8a:b3:8d:71:a0:78:69:05:30:0c:fe:91:a8:95:c0:a1:2a:
         e2:b8:22:00:52:6e:48:26:73:46:42:42:55:6e:b1:ac:e0:aa:
         19:c7:a1:4a:09:04:7b:66:85:2d:c3:33:5c:17:84:75:57:48:
         74:ea:be:c9:c5:b0:cf:02:ab:16:d8:e6:68:06:20:2b:93:56:
         eb:99:9b:cf:a4:49:8e:c9:e1:26:1e:8e:49:a0:a3:2b:ce:d4:
         e8:a0:47:f0:87:f2:81:05:dd:29:f2:b9:6f:a7:61:02:72:59:
         01:3a:bb:0a:13:91:33:ec:6f:9f:5d:06:45:b3:f4:14:27:b0:
         2a:02:11:b1:2b:69:91:ce:b6:7c:22:da:de:df:79:65:29:0c:
         b7:e1:94:45:ed:ca:ae:f5:dd:4e:e9:e1:e1:51:ba:ed:41:98:
         7f:0e:58:37:34:06:3f:0d:68:b8:d8:43:8d:5d:a0:d5:d2:fd:
         c0:c2:06:39:c8:2e:47:c9:26:63:d8:fc:e0:de:43:38:81:dd:
         b2:f0:f2:d4:44:0d:ef:8d:8d:be:b1:98:47:2d:71:0f:42:9b:
         90:eb:8d:83:23:fb:3a:78:40:f1:42:47:60:76:3b:81:88:6f:
         93:72:9c:d9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUedyKH2kt6wXZfgBOT997Vcyo2oMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjE3MDExMDMxWhcNMjYwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjc5MTQzYzBmYTkzMWE2MWJiOGRhOWNlZjc5OTY0OWNl
YzVlNzlmNWQ3ZjAxZDZiOGU1Mjg1YjAyZDc5ZDJiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdpRuHuKLNcLD2+zFRmTGt8twY2cj8kcpXCRcdrEqRly6L
yzZ/QIFHLJVpZXbVuz5RED5G5/4uNkqxuI17ar2oFCWLWyGGikLDY4AXUSR5/vTR
xt0ZEyGh8TLKSsdFbAHtoo9YLMmoa0045zm1ABk96VLE9HHuACgabjJZ9Z8exJ4D
tdgPb0AwR6OFYglwlAZaXXHdPp7P4xCYo/sEMhflC7Po3W3sZyZ5MChqv6PxE27+
XG25VWLobDk8PwTVU3EryqTBfw3Guw+04OraOgSa3GDjHrB1qbcGW7smxvQu2Kk9
5EM1I+UW6SBZKTss0rD45er/O8WDOfdUBB74U8TbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFpJXHhWBAZ38WkaoaeW6PjxH2sQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM0M2M5NjNjLTJhM2UtNDkyOC05MjEwLTI1ZmFhN2QyZTE1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAID+PQwDQYJKoZIhvcNAQELBQADggEBAE8+wLvCEvvbFfKv+3i9v+75SaiK
s41xoHhpBTAM/pGolcChKuK4IgBSbkgmc0ZCQlVusazgqhnHoUoJBHtmhS3DM1wX
hHVXSHTqvsnFsM8CqxbY5mgGICuTVuuZm8+kSY7J4SYejkmgoyvO1OigR/CH8oEF
3SnyuW+nYQJyWQE6uwoTkTPsb59dBkWz9BQnsCoCEbEraZHOtnwi2t7feWUpDLfh
lEXtyq713U7p4eFRuu1BmH8OWDc0Bj8NaLjYQ41doNXS/cDCBjnILkfJJmPY/ODe
QziB3bLw8tREDe+Njb6xmEctcQ9Cm5DrjYMj+zp4QPFCR2B2O4GIb5NynNk=
-----END CERTIFICATE-----