Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/47d76cb8-4a77-4b47-bcc1-2306da9cea6d.roa
File:                     47d76cb8-4a77-4b47-bcc1-2306da9cea6d.roa (raw, json)
Hash identifier:          BRspdnik+T9lT16kHqbSHWtB5JpATwGrzowFtkY2fSE=
Subject key identifier:   EB:A7:23:19:A3:C9:1D:2C:A6:51:65:37:10:FF:36:AB:22:A1:D0:8B
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7498570F8709C9A6A2B172146032A749D2F0E9BE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/47d76cb8-4a77-4b47-bcc1-2306da9cea6d.roa
Signing time:             Sat 28 Feb 2026 04:10:08 +0000
ROA not before:           Sat 28 Feb 2026 04:10:08 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:98:57:0f:87:09:c9:a6:a2:b1:72:14:60:32:a7:49:d2:f0:e9:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 04:10:08 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=fbf2a1f90ea763a85dd6ea4c2ca0ceb450f821e4cd8cd5f7361ebddba3aa9f59, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:50:da:e7:d6:2a:32:01:1f:af:08:b5:3c:5d:
                    e3:a6:1d:b5:10:ac:36:d1:c5:38:6e:db:79:56:99:
                    81:a8:aa:80:60:3f:b7:55:a2:6c:35:c6:fe:fe:ca:
                    23:f8:0d:ed:87:1e:71:af:52:00:8a:fc:73:53:db:
                    de:3b:e5:e6:82:58:ce:06:3d:a7:c8:21:9f:60:82:
                    24:a1:ae:23:47:59:6a:c8:cd:27:3b:0b:1f:54:e9:
                    a0:6f:9a:12:74:d1:71:fc:55:51:bc:c6:7a:21:76:
                    c1:66:0e:33:68:0d:d1:bb:61:10:21:5b:84:1e:20:
                    20:57:46:4f:51:05:97:fe:28:53:67:60:16:39:7f:
                    5f:2b:1d:41:9f:a2:57:3d:c2:d7:82:51:9d:fb:7d:
                    c5:70:06:98:37:d1:ea:4d:d4:b2:36:05:13:54:4c:
                    23:be:cd:b7:37:6e:3b:8b:1b:54:c7:2a:88:66:e7:
                    0f:8d:5c:8b:bb:e5:1a:c3:fe:6c:07:a8:39:83:f1:
                    2d:cc:95:1d:94:4a:02:43:26:5d:52:eb:42:52:1d:
                    26:dd:53:34:db:0c:99:b9:76:fa:72:8c:06:ab:21:
                    fc:78:55:5e:7a:3e:82:0c:50:d1:58:72:e4:b6:47:
                    88:bd:1f:ae:a8:6b:25:8f:11:8d:45:bd:d5:63:10:
                    a2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:A7:23:19:A3:C9:1D:2C:A6:51:65:37:10:FF:36:AB:22:A1:D0:8B
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/47d76cb8-4a77-4b47-bcc1-2306da9cea6d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:8f:13:ac:31:95:09:f7:48:c8:a0:00:9f:b2:06:89:79:33:
         45:91:fe:83:31:56:b6:64:60:1b:82:ac:36:d2:35:bd:3a:84:
         51:5a:78:5f:a0:af:9b:2c:f3:7b:c3:da:89:2b:0d:a1:cd:75:
         ef:da:23:36:e0:a1:e7:47:0d:cb:1a:12:59:7d:8c:85:93:db:
         fd:df:b4:b2:03:93:65:8b:21:f2:b4:37:70:99:92:77:b4:17:
         aa:70:ab:86:37:d8:5a:ba:54:02:19:68:6e:1e:90:ee:4e:40:
         45:4c:1c:7c:b4:31:35:6e:9d:b4:4d:79:fe:c4:bf:38:1b:50:
         a2:86:2f:3f:41:df:cf:4f:a7:b6:f6:98:63:46:7b:c1:b7:64:
         1f:17:65:20:c5:b1:fd:68:3f:63:2e:ea:4e:ad:9b:bf:09:e8:
         b9:9b:e3:e6:fe:17:98:16:df:48:1c:d0:3a:d0:5d:cf:2d:16:
         c3:3e:1c:e7:7d:91:9a:42:59:f4:6f:ac:eb:1e:a6:23:34:1f:
         0d:e0:e6:26:4a:f6:21:dd:2b:79:22:43:26:b7:2d:a7:dc:1e:
         de:71:28:ba:11:6e:8e:66:39:bf:7a:8e:c6:d7:c1:db:97:99:
         22:b9:ea:26:bf:3e:6e:f8:fb:69:ca:3b:52:5a:b4:b2:56:cc:
         4a:c6:14:95
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdJhXD4cJyaaisXIUYDKnSdLw6b4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDQxMDA4WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYmYyYTFmOTBlYTc2M2E4NWRkNmVhNGMyY2EwY2ViNDUw
ZjgyMWU0Y2Q4Y2Q1ZjczNjFlYmRkYmEzYWE5ZjU5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjUNrn1ioyAR+vCLU8XeOmHbUQrDbRxThu23lWmYGoqoBg
P7dVomw1xv7+yiP4De2HHnGvUgCK/HNT29475eaCWM4GPafIIZ9ggiShriNHWWrI
zSc7Cx9U6aBvmhJ00XH8VVG8xnohdsFmDjNoDdG7YRAhW4QeICBXRk9RBZf+KFNn
YBY5f18rHUGfolc9wteCUZ37fcVwBpg30epN1LI2BRNUTCO+zbc3bjuLG1THKohm
5w+NXIu75RrD/mwHqDmD8S3MlR2USgJDJl1S60JSHSbdUzTbDJm5dvpyjAarIfx4
VV56PoIMUNFYcuS2R4i9H66oayWPEY1FvdVjEKIrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU66cjGaPJHSymUWU3EP82qyKh0IswHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ3ZDc2Y2I4LTRhNzctNGI0Ny1iY2MxLTIzMDZkYTljZWE2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0X/gwDQYJKoZIhvcNAQELBQADggEBAKiPE6wxlQn3SMigAJ+yBol5M0WR
/oMxVrZkYBuCrDbSNb06hFFaeF+gr5ss83vD2okrDaHNde/aIzbgoedHDcsaEll9
jIWT2/3ftLIDk2WLIfK0N3CZkne0F6pwq4Y32Fq6VAIZaG4ekO5OQEVMHHy0MTVu
nbRNef7EvzgbUKKGLz9B389Pp7b2mGNGe8G3ZB8XZSDFsf1oP2Mu6k6tm78J6Lmb
4+b+F5gW30gc0DrQXc8tFsM+HOd9kZpCWfRvrOsepiM0Hw3g5iZK9iHdK3kiQya3
LafcHt5xKLoRbo5mOb96jsbXwduXmSK56ia/Pm74+2nKO1JatLJWzErGFJU=
-----END CERTIFICATE-----