Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3be7bc40-331c-4b3d-bd23-853da36434ef.roa
File:                     3be7bc40-331c-4b3d-bd23-853da36434ef.roa (raw, json)
Hash identifier:          X0qNAm1cHF8Ywl4mr3DJhiWTHBAce43KPs6xGm1WyRo=
Subject key identifier:   1A:63:C6:0B:1C:E5:BA:1A:6D:97:96:56:8C:7A:42:97:05:FF:01:74
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       21045D76F7103B63F5159BF8A25A358BEBAC9A9C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3be7bc40-331c-4b3d-bd23-853da36434ef.roa
Signing time:             Thu 26 Feb 2026 01:40:38 +0000
ROA not before:           Thu 26 Feb 2026 01:40:38 +0000
ROA not after:            Wed 27 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.240.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:04:5d:76:f7:10:3b:63:f5:15:9b:f8:a2:5a:35:8b:eb:ac:9a:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 26 01:40:38 2026 GMT
            Not After : May 27 23:59:59 2026 GMT
        Subject: serialNumber=e4fbc2cdcb26921458982469988a1afa110c4b893de0c5d4a28d38e2918cbd5b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ef:c2:a1:cf:9a:a6:d2:88:90:75:e4:9f:15:
                    81:5f:52:ab:86:6c:7c:da:1f:90:c0:3c:72:e2:4d:
                    f3:3c:62:4b:e7:9b:de:fc:34:36:b2:96:c5:d2:6a:
                    bc:02:17:d8:5a:ed:f6:91:5b:b9:15:bd:be:9c:c8:
                    0a:c0:a2:a3:c4:16:e3:07:e7:d6:fc:7a:cd:4a:04:
                    ca:24:06:a1:f7:84:99:e7:ba:6f:ca:73:d2:dd:39:
                    68:07:a6:f8:c3:9f:8b:14:29:8b:cf:c1:d3:b7:8b:
                    4d:e4:e3:c5:c3:cb:3c:5b:a2:91:23:1a:a5:6f:eb:
                    a5:d1:b2:f5:e5:29:81:07:18:26:d2:ec:da:8b:5b:
                    7c:62:33:f9:72:57:34:d7:84:ce:e8:53:f7:da:88:
                    4f:1a:16:c0:1a:11:a0:2e:45:58:a5:b7:f5:2e:ac:
                    fe:a3:8f:0e:32:fc:f1:0f:2d:ac:57:f4:1a:eb:6b:
                    b0:50:0f:88:eb:2e:0b:47:eb:49:9e:51:fd:34:6b:
                    20:d6:26:5d:9b:a8:61:e5:44:2d:2e:2d:99:13:e4:
                    70:d6:b8:f8:d8:a7:b5:67:76:45:c9:24:5d:b1:8c:
                    1d:6b:8a:49:4c:cc:3f:c3:25:aa:8f:b8:04:8b:b5:
                    33:2d:a1:5e:aa:78:f3:60:bc:17:9c:0c:5b:11:40:
                    07:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:63:C6:0B:1C:E5:BA:1A:6D:97:96:56:8C:7A:42:97:05:FF:01:74
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/3be7bc40-331c-4b3d-bd23-853da36434ef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.240.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:67:c3:9f:2a:7c:4f:37:e3:ee:1a:ba:a8:6e:af:ad:f3:5f:
         c5:9e:28:9b:03:2b:f3:63:9e:59:be:df:42:46:ae:d3:ba:e4:
         72:c3:54:27:a7:ca:4d:f8:26:62:87:d5:f5:d2:af:5b:2f:cd:
         e8:4c:6d:0b:c0:92:3e:12:57:57:34:3b:dd:52:65:85:b0:44:
         21:36:f9:8b:d8:92:95:81:a2:86:34:41:61:d7:a8:3a:48:18:
         91:c1:63:ea:8b:39:1a:1b:08:84:3b:e7:a4:cf:19:03:11:15:
         3a:3a:5e:04:92:1b:44:33:1c:e9:74:d6:08:f0:f0:20:9e:34:
         b8:69:db:1c:37:dc:5f:65:04:60:69:d4:b7:3c:6c:81:da:0f:
         88:41:56:ca:dc:91:fc:6d:68:74:9e:56:d6:1f:33:66:6d:9b:
         d3:7f:e1:99:5f:94:17:83:6d:85:29:ce:61:f7:47:d7:3f:8c:
         d9:4c:10:38:77:e3:4e:99:2d:f8:65:49:6d:95:fe:ae:5e:9f:
         f9:f1:93:95:e2:c0:ae:7c:b9:96:aa:3d:bd:74:aa:14:d1:08:
         cc:b6:eb:a1:a9:61:54:59:db:ab:dc:f9:8d:fc:f6:4d:97:83:
         c6:81:88:ae:cf:1e:91:08:c6:d2:b1:74:32:b1:81:94:3c:b5:
         d1:70:36:cc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIQRddvcQO2P1FZv4olo1i+usmpwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI2MDE0MDM4WhcNMjYwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNGZiYzJjZGNiMjY5MjE0NTg5ODI0Njk5ODhhMWFmYTEx
MGM0Yjg5M2RlMGM1ZDRhMjhkMzhlMjkxOGNiZDViMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCv78Khz5qm0oiQdeSfFYFfUquGbHzaH5DAPHLiTfM8Ykvn
m978NDaylsXSarwCF9ha7faRW7kVvb6cyArAoqPEFuMH59b8es1KBMokBqH3hJnn
um/Kc9LdOWgHpvjDn4sUKYvPwdO3i03k48XDyzxbopEjGqVv66XRsvXlKYEHGCbS
7NqLW3xiM/lyVzTXhM7oU/faiE8aFsAaEaAuRVilt/UurP6jjw4y/PEPLaxX9Brr
a7BQD4jrLgtH60meUf00ayDWJl2bqGHlRC0uLZkT5HDWuPjYp7VndkXJJF2xjB1r
iklMzD/DJaqPuASLtTMtoV6qePNgvBecDFsRQAdHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGmPGCxzluhptl5ZWjHpClwX/AXQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzNiZTdiYzQwLTMzMWMtNGIzZC1iZDIzLTg1M2RhMzY0MzRlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA28GYwDQYJKoZIhvcNAQELBQADggEBAB1nw58qfE834+4auqhur63zX8We
KJsDK/Njnlm+30JGrtO65HLDVCenyk34JmKH1fXSr1svzehMbQvAkj4SV1c0O91S
ZYWwRCE2+YvYkpWBooY0QWHXqDpIGJHBY+qLORobCIQ756TPGQMRFTo6XgSSG0Qz
HOl01gjw8CCeNLhp2xw33F9lBGBp1Lc8bIHaD4hBVsrckfxtaHSeVtYfM2Ztm9N/
4ZlflBeDbYUpzmH3R9c/jNlMEDh3406ZLfhlSW2V/q5en/nxk5XiwK58uZaqPb10
qhTRCMy266GpYVRZ26vc+Y389k2Xg8aBiK7PHpEIxtKxdDKxgZQ8tdFwNsw=
-----END CERTIFICATE-----