Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ba6cdb2-4752-4cba-b3ef-d76cfb4ad96f.roa
File:                     3ba6cdb2-4752-4cba-b3ef-d76cfb4ad96f.roa (raw, json)
Hash identifier:          rhKs9Tpd6Q+7w8CrHjsHLdtAR+3VANOCdZ+J4o6cQnU=
Subject key identifier:   89:2B:8B:69:00:8A:F4:34:7C:28:89:48:31:C6:E0:D1:D2:41:86:87
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       16C557AE3325212C35A07EBFCAE3AC09CF123411
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ba6cdb2-4752-4cba-b3ef-d76cfb4ad96f.roa
Signing time:             Tue 19 May 2026 02:20:31 +0000
ROA not before:           Tue 19 May 2026 02:20:31 +0000
ROA not after:            Mon 17 Aug 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        150.222.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 14 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:c5:57:ae:33:25:21:2c:35:a0:7e:bf:ca:e3:ac:09:cf:12:34:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 19 02:20:31 2026 GMT
            Not After : Aug 17 23:59:59 2026 GMT
        Subject: serialNumber=dea106551d54ef6185b264baca44558024d045a76735aa338622406b80aab0a6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e7:47:d6:56:08:ae:5d:5f:64:43:a4:d6:15:
                    e6:1e:a9:e6:bd:13:e4:d0:59:c0:7f:6b:12:8c:01:
                    d3:6d:e5:03:e4:ea:3d:c3:d3:8a:2e:b5:bb:2d:77:
                    db:46:f8:a6:41:e2:57:07:5a:e0:70:f4:05:e7:69:
                    9b:94:56:26:a1:bb:b2:42:19:55:6e:a8:b6:56:fd:
                    2d:4d:4c:7d:23:5d:e8:ab:61:51:66:b2:34:42:e4:
                    53:70:81:9a:5c:37:e4:d9:76:6d:e6:e8:b5:15:9c:
                    81:35:b2:e6:17:8f:80:49:b5:5c:87:77:eb:ba:ca:
                    a7:3a:c9:71:14:d1:96:06:31:d1:a0:fe:c1:6a:f3:
                    a4:15:91:b5:12:4a:b2:4c:e7:cf:4e:ff:d1:a1:99:
                    02:4a:ea:d4:f1:b1:b6:8f:49:80:15:38:3a:28:bb:
                    ff:d2:57:31:9c:95:d3:9e:93:a4:a7:21:05:1e:91:
                    cf:f4:ec:ee:d0:10:14:78:48:e6:8d:33:85:31:fa:
                    3e:f1:2c:d3:d1:c0:ce:75:0d:e3:0a:96:1d:38:14:
                    4e:89:88:14:45:03:8f:ec:8a:0f:6d:7e:30:9f:84:
                    03:11:8a:b3:5f:7f:e6:de:4d:c8:60:a1:20:14:94:
                    f5:fa:dc:eb:d0:f2:df:4f:16:43:f7:34:8a:97:ff:
                    4f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:2B:8B:69:00:8A:F4:34:7C:28:89:48:31:C6:E0:D1:D2:41:86:87
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3ba6cdb2-4752-4cba-b3ef-d76cfb4ad96f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.222.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:f9:e5:01:bb:6b:4f:40:ef:d4:a3:a4:43:4b:83:ab:41:b4:
         06:6b:37:45:d4:23:76:32:a0:11:75:0a:40:e7:df:f8:02:ea:
         ae:47:ea:8a:6e:70:a0:53:35:26:95:38:5e:e0:66:c6:93:77:
         2a:c3:18:23:6e:05:56:8e:f6:1d:c2:4c:13:66:55:63:be:39:
         51:33:75:e8:1c:28:99:f2:1e:af:5f:9d:e0:f0:3a:8d:71:1d:
         a6:05:58:de:97:45:1e:84:d3:b3:8e:9c:97:fb:da:a6:15:1c:
         fd:d7:88:43:1a:bd:8f:56:d3:46:a2:e4:b0:e6:e1:bb:a2:6c:
         51:dd:a3:40:60:d4:ed:3f:df:2c:a3:b8:71:fa:3d:e0:13:89:
         0f:02:30:14:bd:4d:2f:75:df:a4:7d:be:d5:aa:35:b2:09:9f:
         ea:e4:c5:90:96:e7:f0:ba:f7:c9:a3:39:bd:1a:41:1d:37:c7:
         c8:3e:82:f8:28:dc:cc:2f:0a:d7:f2:15:e7:5c:0f:e4:ba:e4:
         ed:fa:98:64:f2:6e:4b:43:c6:c9:77:04:da:a0:5d:5c:fd:db:
         9f:59:8b:16:01:97:f1:f2:b4:af:69:46:67:c7:ca:6d:d3:d1:
         27:50:a9:64:e9:be:b2:70:5c:db:09:00:cd:4e:ac:8f:eb:6c:
         6e:b5:e2:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFsVXrjMlISw1oH6/yuOsCc8SNBEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTE5MDIyMDMxWhcNMjYwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZWExMDY1NTFkNTRlZjYxODViMjY0YmFjYTQ0NTU4MDI0
ZDA0NWE3NjczNWFhMzM4NjIyNDA2YjgwYWFiMGE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDc50fWVgiuXV9kQ6TWFeYeqea9E+TQWcB/axKMAdNt5QPk
6j3D04outbstd9tG+KZB4lcHWuBw9AXnaZuUViahu7JCGVVuqLZW/S1NTH0jXeir
YVFmsjRC5FNwgZpcN+TZdm3m6LUVnIE1suYXj4BJtVyHd+u6yqc6yXEU0ZYGMdGg
/sFq86QVkbUSSrJM589O/9GhmQJK6tTxsbaPSYAVODoou//SVzGcldOek6SnIQUe
kc/07O7QEBR4SOaNM4Ux+j7xLNPRwM51DeMKlh04FE6JiBRFA4/sig9tfjCfhAMR
irNff+beTchgoSAUlPX63OvQ8t9PFkP3NIqX/0+DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiSuLaQCK9DR8KIlIMcbg0dJBhocwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiYTZjZGIyLTQ3NTItNGNiYS1iM2VmLWQ3NmNmYjRhZDk2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACW3uwwDQYJKoZIhvcNAQELBQADggEBALT55QG7a09A79SjpENLg6tBtAZr
N0XUI3YyoBF1CkDn3/gC6q5H6opucKBTNSaVOF7gZsaTdyrDGCNuBVaO9h3CTBNm
VWO+OVEzdegcKJnyHq9fneDwOo1xHaYFWN6XRR6E07OOnJf72qYVHP3XiEMavY9W
00ai5LDm4buibFHdo0Bg1O0/3yyjuHH6PeATiQ8CMBS9TS9136R9vtWqNbIJn+rk
xZCW5/C698mjOb0aQR03x8g+gvgo3MwvCtfyFedcD+S65O36mGTybktDxsl3BNqg
XVz9259ZixYBl/HytK9pRmfHym3T0SdQqWTpvrJwXNsJAM1OrI/rbG614k4=
-----END CERTIFICATE-----