Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4524df21-4ec7-4287-b1ee-e4f4bf219d5c.roa
File:                     4524df21-4ec7-4287-b1ee-e4f4bf219d5c.roa (raw, json)
Hash identifier:          qtqu8P/YDhVNWnlnS6WBIH8bePKXjnNoeTmtVnGEBp0=
Subject key identifier:   4C:E3:B8:CF:DA:FD:81:21:CB:E9:63:3D:57:93:AA:F7:59:54:44:13
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       261D08696DDAFEFEFEBEF3BF93997CA9E6208ECA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4524df21-4ec7-4287-b1ee-e4f4bf219d5c.roa
Signing time:             Sat 28 Feb 2026 01:30:19 +0000
ROA not before:           Sat 28 Feb 2026 01:30:19 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        15.168.96.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:1d:08:69:6d:da:fe:fe:fe:be:f3:bf:93:99:7c:a9:e6:20:8e:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 01:30:19 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=dc6b15d9a37d63e6a283f01026cd90c7feed14f2178b2206908000b99bcddb4f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8b:0d:95:61:02:9f:d2:6d:02:98:01:82:c8:
                    e5:40:06:67:85:0c:60:0c:0b:46:1b:6f:95:eb:dc:
                    3f:dd:4a:83:f2:d5:64:54:8c:c7:06:f7:8d:16:8a:
                    25:43:fc:b6:7a:41:1a:5a:7c:f7:eb:49:17:41:d5:
                    97:e2:87:d7:47:57:24:17:29:b0:c7:cd:8f:ac:ee:
                    0a:b9:e7:ae:ae:57:b0:47:4b:ca:04:09:71:71:cb:
                    ef:fb:f5:09:4f:c7:76:ad:62:f1:21:f0:eb:a6:04:
                    a8:29:b7:08:67:7a:0f:4c:6f:89:48:34:1f:f5:e3:
                    60:49:bd:36:54:a3:17:98:32:f7:c2:bd:f8:d1:00:
                    16:f3:18:a2:b4:da:eb:60:fd:8d:06:f3:21:0b:1d:
                    62:ee:4f:7d:e1:01:30:8c:05:db:24:cd:70:63:2d:
                    64:c4:66:f1:64:c7:c9:62:f9:33:dc:26:7f:ba:72:
                    a1:cb:fa:85:b7:08:c3:02:1b:49:93:d5:7e:78:4b:
                    09:60:47:b0:a7:00:82:18:8a:fb:17:6e:ce:bd:75:
                    e6:e0:af:6d:f1:f2:80:89:d6:66:3e:7e:cf:82:60:
                    77:cc:fc:93:38:5f:76:22:03:03:40:38:55:21:98:
                    f8:69:6c:34:72:39:51:6c:ed:2e:ff:61:d4:02:5e:
                    cb:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:E3:B8:CF:DA:FD:81:21:CB:E9:63:3D:57:93:AA:F7:59:54:44:13
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4524df21-4ec7-4287-b1ee-e4f4bf219d5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.168.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:23:d2:ba:e6:4e:47:e6:f5:bf:48:1a:34:8d:3b:31:0e:72:
         dd:cf:f2:e2:3f:e4:f4:bf:9d:34:1c:04:c1:1f:dd:4e:59:4a:
         8c:ad:58:25:22:73:a1:62:40:ef:80:e3:be:be:2e:c0:28:20:
         f6:5d:e7:e3:45:b2:5f:e4:b9:fa:2d:ab:60:2a:07:ee:f1:ac:
         1b:63:41:20:34:d4:26:89:14:5b:9f:af:06:a0:c4:f8:f9:66:
         b4:7d:6f:ae:aa:3a:0d:c8:4a:9c:49:88:c4:f0:8d:0d:a9:15:
         26:01:cd:10:fb:92:db:6f:3e:97:4f:95:04:09:64:96:cb:d1:
         fa:99:45:38:38:c3:2d:ca:af:55:12:1a:b1:25:39:aa:c9:42:
         d7:bd:e4:e7:7c:5c:6e:be:72:3a:0a:41:28:9f:29:5d:98:fc:
         42:9c:2a:1c:64:e2:ee:d1:21:63:7c:7d:b5:24:a1:7f:b9:9a:
         99:e5:f1:71:2f:3c:43:61:de:bd:9f:80:e3:27:f1:c2:9b:94:
         8a:c4:e1:ce:b9:dd:43:a4:26:35:83:47:09:47:a1:de:ce:5a:
         d3:37:e8:f8:d8:ec:49:f1:94:d0:8c:ab:e1:69:56:67:dc:3b:
         e0:34:9a:70:8d:f9:30:9b:38:e1:67:18:ce:5d:80:49:f8:69:
         e2:83:60:75
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJh0IaW3a/v7+vvO/k5l8qeYgjsowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDEzMDE5WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzZiMTVkOWEzN2Q2M2U2YTI4M2YwMTAyNmNkOTBjN2Zl
ZWQxNGYyMTc4YjIyMDY5MDgwMDBiOTliY2RkYjRmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCviw2VYQKf0m0CmAGCyOVABmeFDGAMC0Ybb5Xr3D/dSoPy
1WRUjMcG940WiiVD/LZ6QRpafPfrSRdB1Zfih9dHVyQXKbDHzY+s7gq5566uV7BH
S8oECXFxy+/79QlPx3atYvEh8OumBKgptwhneg9Mb4lINB/142BJvTZUoxeYMvfC
vfjRABbzGKK02utg/Y0G8yELHWLuT33hATCMBdskzXBjLWTEZvFkx8li+TPcJn+6
cqHL+oW3CMMCG0mT1X54SwlgR7CnAIIYivsXbs69debgr23x8oCJ1mY+fs+CYHfM
/JM4X3YiAwNAOFUhmPhpbDRyOVFs7S7/YdQCXstBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTOO4z9r9gSHL6WM9V5Oq91lURBMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ1MjRkZjIxLTRlYzctNDI4Ny1iMWVlLWU0ZjRiZjIxOWQ1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIPqGAwDQYJKoZIhvcNAQELBQADggEBAIoj0rrmTkfm9b9IGjSNOzEOct3P
8uI/5PS/nTQcBMEf3U5ZSoytWCUic6FiQO+A476+LsAoIPZd5+NFsl/kufotq2Aq
B+7xrBtjQSA01CaJFFufrwagxPj5ZrR9b66qOg3ISpxJiMTwjQ2pFSYBzRD7kttv
PpdPlQQJZJbL0fqZRTg4wy3Kr1USGrElOarJQte95Od8XG6+cjoKQSifKV2Y/EKc
Khxk4u7RIWN8fbUkoX+5mpnl8XEvPENh3r2fgOMn8cKblIrE4c653UOkJjWDRwlH
od7OWtM36PjY7EnxlNCMq+FpVmfcO+A0mnCN+TCbOOFnGM5dgEn4aeKDYHU=
-----END CERTIFICATE-----