Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/526b5e1a-0587-49a4-9b97-ce53249ba44b.roa
File:                     526b5e1a-0587-49a4-9b97-ce53249ba44b.roa (raw, json)
Hash identifier:          zi/jS+VsKTGsq6sGGbEu1lWsRL6/n/VrmDUVSkD1ZKY=
Subject key identifier:   AA:8B:85:20:C6:3D:F2:D6:A1:B3:2F:04:66:69:33:73:46:15:F1:71
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3D650B0F082FDC83F666630EABE714394874C713
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/526b5e1a-0587-49a4-9b97-ce53249ba44b.roa
Signing time:             Tue 24 Feb 2026 04:01:03 +0000
ROA not before:           Tue 24 Feb 2026 04:01:03 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.255.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:65:0b:0f:08:2f:dc:83:f6:66:63:0e:ab:e7:14:39:48:74:c7:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 24 04:01:03 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=005d375c702bd35ea5a4e6bdf2dd122f9a72e19dd59f148e1f2572ec8f36b184, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:1e:e2:3a:bb:25:eb:28:da:d2:be:a5:51:9e:
                    43:22:40:36:40:3d:e7:3b:d3:d3:66:47:eb:ac:92:
                    ce:5a:3d:86:44:3a:a6:d8:24:b9:77:da:52:bc:c3:
                    15:02:9e:c9:7f:4d:2f:b0:3a:5c:6d:06:c7:ee:a5:
                    5f:f9:6b:4f:ec:5f:fa:12:1c:54:15:f7:7a:61:93:
                    3a:51:9e:0d:f2:4d:6f:a8:b2:6c:9b:4a:e6:57:7f:
                    b7:45:1f:09:4d:25:28:1b:0a:96:5d:f1:14:0c:38:
                    94:38:41:0d:f1:c7:f6:00:34:da:0a:43:74:b9:ea:
                    97:b5:30:7c:07:36:48:26:4c:e6:ef:a6:0e:3b:94:
                    f8:f8:41:2b:0b:20:d9:a3:df:81:03:ef:a2:f3:45:
                    23:86:8c:39:a4:fd:f2:67:a2:80:43:50:e3:6a:69:
                    69:1b:c7:d9:bb:c7:d5:32:fb:9b:83:f5:b2:80:41:
                    05:7e:91:24:07:1d:4a:dd:3b:23:9f:e3:1e:8c:ea:
                    51:14:3c:7c:1e:32:da:68:37:73:61:3f:b5:05:4c:
                    9a:7a:7d:b5:87:bd:a1:9b:8d:91:1c:19:9a:0f:56:
                    60:ec:f1:c7:8d:60:86:68:7a:15:a5:0b:c2:c7:59:
                    29:c7:99:2a:55:95:99:51:0f:79:2d:de:b3:b8:46:
                    29:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:8B:85:20:C6:3D:F2:D6:A1:B3:2F:04:66:69:33:73:46:15:F1:71
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/526b5e1a-0587-49a4-9b97-ce53249ba44b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.255.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:0d:4a:36:09:6c:f3:18:eb:3a:3f:4e:aa:13:21:37:d1:53:
         6d:bb:06:36:59:cd:d4:98:9d:e5:c2:52:08:cb:e6:24:a4:f3:
         52:38:d8:07:1f:6d:46:cb:3c:71:8c:38:10:f4:2a:72:a0:a2:
         91:49:a3:6e:cb:f4:5a:43:3a:80:d5:3f:43:32:ef:b9:e1:08:
         53:b3:9a:d8:21:7a:23:72:65:ff:30:26:75:ca:ba:40:91:2c:
         c5:2c:62:ba:2e:bc:a3:11:09:7a:d3:46:ef:7d:35:fd:42:43:
         5f:c0:47:80:64:21:ce:af:99:6e:14:5f:d2:86:90:b7:ce:d2:
         94:19:24:46:87:12:f6:a8:e0:e3:d4:ba:46:46:ab:ba:31:f6:
         45:00:e7:9f:3d:d2:d0:0b:cf:3f:76:c8:81:96:f8:f1:2d:d7:
         45:25:60:37:9e:89:5c:7f:4b:91:ae:fe:ac:a0:77:71:91:84:
         e8:37:61:de:8f:5f:af:b0:39:c5:c9:0d:02:41:53:3d:0e:cc:
         7d:0e:ad:25:7f:32:77:1d:ff:4c:22:be:76:6e:d8:31:f8:17:
         87:89:5b:e6:8a:26:a1:87:fd:cc:de:b0:9e:a9:1e:8a:db:c9:
         c5:66:69:96:ad:81:14:6c:44:e7:7a:4a:d7:b0:a7:a7:0b:5e:
         a8:59:1c:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPWULDwgv3IP2ZmMOq+cUOUh0xxMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI0MDQwMTAzWhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMDVkMzc1YzcwMmJkMzVlYTVhNGU2YmRmMmRkMTIyZjlh
NzJlMTlkZDU5ZjE0OGUxZjI1NzJlYzhmMzZiMTg0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkHuI6uyXrKNrSvqVRnkMiQDZAPec709NmR+usks5aPYZE
OqbYJLl32lK8wxUCnsl/TS+wOlxtBsfupV/5a0/sX/oSHFQV93phkzpRng3yTW+o
smybSuZXf7dFHwlNJSgbCpZd8RQMOJQ4QQ3xx/YANNoKQ3S56pe1MHwHNkgmTObv
pg47lPj4QSsLINmj34ED76LzRSOGjDmk/fJnooBDUONqaWkbx9m7x9Uy+5uD9bKA
QQV+kSQHHUrdOyOf4x6M6lEUPHweMtpoN3NhP7UFTJp6fbWHvaGbjZEcGZoPVmDs
8ceNYIZoehWlC8LHWSnHmSpVlZlRD3kt3rO4RintAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqouFIMY98tahsy8EZmkzc0YV8XEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUyNmI1ZTFhLTA1ODctNDlhNC05Yjk3LWNlNTMyNDliYTQ0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2/34wDQYJKoZIhvcNAQELBQADggEBAC4NSjYJbPMY6zo/TqoTITfRU227
BjZZzdSYneXCUgjL5iSk81I42AcfbUbLPHGMOBD0KnKgopFJo27L9FpDOoDVP0My
77nhCFOzmtgheiNyZf8wJnXKukCRLMUsYrouvKMRCXrTRu99Nf1CQ1/AR4BkIc6v
mW4UX9KGkLfO0pQZJEaHEvao4OPUukZGq7ox9kUA55890tALzz92yIGW+PEt10Ul
YDeeiVx/S5Gu/qygd3GRhOg3Yd6PX6+wOcXJDQJBUz0OzH0OrSV/Mncd/0wivnZu
2DH4F4eJW+aKJqGH/czesJ6pHorbycVmaZatgRRsROd6Stewp6cLXqhZHG4=
-----END CERTIFICATE-----