Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42d4e0f9-643f-403e-ad5c-970a88292360.roa
File:                     42d4e0f9-643f-403e-ad5c-970a88292360.roa (raw, json)
Hash identifier:          YcAqW7u+kZb9xTX///pb2GvivmCva0yMqddiOPONAV8=
Subject key identifier:   65:6E:D1:C8:5D:54:64:4D:E1:15:CA:C1:9C:AA:31:AC:E8:B5:E7:45
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       41EDAE0BC28DE77DCFD375B6443DE7A9631B6941
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42d4e0f9-643f-403e-ad5c-970a88292360.roa
Signing time:             Tue 17 Feb 2026 01:50:14 +0000
ROA not before:           Tue 17 Feb 2026 01:50:14 +0000
ROA not after:            Mon 18 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.217.224.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:ed:ae:0b:c2:8d:e7:7d:cf:d3:75:b6:44:3d:e7:a9:63:1b:69:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 17 01:50:14 2026 GMT
            Not After : May 18 23:59:59 2026 GMT
        Subject: serialNumber=de1b3830ef77fb487df90094468e15c90ba79c426579b162464c01b70bd4c886, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e2:60:18:65:3b:14:4e:c4:23:d3:46:90:00:
                    1c:98:ed:c4:6c:81:ae:8b:0b:51:7a:fb:8e:cc:74:
                    f1:47:d4:43:0e:fe:ba:a3:c3:27:30:28:9a:7a:86:
                    c2:55:85:b8:3f:88:2c:bf:01:2c:66:c4:e5:e4:3f:
                    4b:4d:29:29:cc:89:ea:ab:7e:f0:ee:ab:f4:b9:42:
                    96:d3:d8:8b:e9:a1:3c:5c:c2:9a:47:17:6e:6c:43:
                    f9:9b:ff:e0:63:8f:42:8c:25:d0:ae:fa:33:3b:aa:
                    e9:d0:52:cb:2e:38:5f:3f:cf:eb:32:81:e1:2b:a1:
                    30:4f:73:6b:a4:aa:d5:82:fe:d2:eb:59:b1:f1:a8:
                    64:5f:fc:81:c8:da:dc:10:d9:57:10:1a:f1:d5:8b:
                    a4:68:f3:e6:94:76:91:38:04:7d:27:43:11:4e:d6:
                    9e:64:d4:7d:a0:26:c4:7e:b0:fe:a4:c4:1b:f0:9f:
                    f4:37:90:57:1a:73:cf:19:b0:0f:d1:de:ae:10:be:
                    f6:e9:ca:88:e5:45:13:3c:c7:a9:35:4e:4f:86:b8:
                    ea:53:00:a3:f0:9e:93:62:a4:58:31:c9:03:b5:ab:
                    e0:a6:07:4f:06:ab:db:95:dc:64:64:e8:6f:d1:23:
                    f5:2e:7e:25:b7:df:5b:60:2a:3f:d1:13:a1:f2:49:
                    f9:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:6E:D1:C8:5D:54:64:4D:E1:15:CA:C1:9C:AA:31:AC:E8:B5:E7:45
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/42d4e0f9-643f-403e-ad5c-970a88292360.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.217.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         5a:9c:70:bb:3e:96:44:48:4a:f1:19:ff:71:88:5b:53:29:1d:
         90:cb:0c:ef:dc:25:0a:8f:fc:ab:58:cf:4b:7a:a2:2d:7e:50:
         82:f6:f3:b2:d9:92:07:51:7c:4f:5e:52:96:9b:ac:16:ec:2f:
         52:c1:6b:f8:d1:5b:14:a6:d0:7e:13:d6:2e:60:84:2e:50:ed:
         84:7d:dc:15:86:d9:37:3b:fc:5a:c4:a8:74:9b:d4:ef:98:e8:
         37:46:0a:0c:aa:3d:b9:ac:ec:35:68:0e:f9:dd:e6:38:3e:ad:
         6c:9b:84:cd:05:17:75:6e:d6:71:da:03:29:31:b2:70:94:65:
         14:87:1e:32:23:e9:07:79:32:75:4e:47:e3:0c:f0:85:db:cf:
         1a:49:9c:24:f4:f8:94:81:9c:16:31:56:75:10:8c:c5:09:73:
         8c:d4:96:88:95:37:8d:68:10:34:e3:7c:1c:61:bb:41:48:a8:
         11:6c:b6:64:a1:f4:19:23:17:e0:a1:ee:5e:3b:6d:f4:93:bb:
         6d:9a:2a:84:ae:f2:ac:5a:d8:2e:99:9e:f9:3c:f5:f9:a4:5c:
         75:1b:45:c7:b3:4f:26:bc:71:b2:10:f4:e1:01:47:6d:21:c4:
         75:c9:36:1e:5b:ff:d5:04:97:ea:ad:b0:75:17:8f:e3:a4:17:
         88:99:e1:78
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQe2uC8KN533P03W2RD3nqWMbaUEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjE3MDE1MDE0WhcNMjYwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZTFiMzgzMGVmNzdmYjQ4N2RmOTAwOTQ0NjhlMTVjOTBi
YTc5YzQyNjU3OWIxNjI0NjRjMDFiNzBiZDRjODg2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC64mAYZTsUTsQj00aQAByY7cRsga6LC1F6+47MdPFH1EMO
/rqjwycwKJp6hsJVhbg/iCy/ASxmxOXkP0tNKSnMieqrfvDuq/S5QpbT2IvpoTxc
wppHF25sQ/mb/+Bjj0KMJdCu+jM7qunQUssuOF8/z+sygeEroTBPc2ukqtWC/tLr
WbHxqGRf/IHI2twQ2VcQGvHVi6Ro8+aUdpE4BH0nQxFO1p5k1H2gJsR+sP6kxBvw
n/Q3kFcac88ZsA/R3q4QvvbpyojlRRM8x6k1Tk+GuOpTAKPwnpNipFgxyQO1q+Cm
B08Gq9uV3GRk6G/RI/UufiW331tgKj/RE6HySfnNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZW7RyF1UZE3hFcrBnKoxrOi150UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQyZDRlMGY5LTY0M2YtNDAzZS1hZDVjLTk3MGE4ODI5MjM2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU22eAwDQYJKoZIhvcNAQELBQADggEBAFqccLs+lkRISvEZ/3GIW1MpHZDL
DO/cJQqP/KtYz0t6oi1+UIL287LZkgdRfE9eUpabrBbsL1LBa/jRWxSm0H4T1i5g
hC5Q7YR93BWG2Tc7/FrEqHSb1O+Y6DdGCgyqPbms7DVoDvnd5jg+rWybhM0FF3Vu
1nHaAykxsnCUZRSHHjIj6Qd5MnVOR+MM8IXbzxpJnCT0+JSBnBYxVnUQjMUJc4zU
loiVN41oEDTjfBxhu0FIqBFstmSh9BkjF+Ch7l47bfSTu22aKoSu8qxa2C6Znvk8
9fmkXHUbRcezTya8cbIQ9OEBR20hxHXJNh5b/9UEl+qtsHUXj+OkF4iZ4Xg=
-----END CERTIFICATE-----