Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/526b5e1a-0587-49a4-9b97-ce53249ba44b.roa
File:                     526b5e1a-0587-49a4-9b97-ce53249ba44b.roa (raw, json)
Hash identifier:          6WUaXn+CfjQRo50mRyRRiGIfEUWbD5nTw7a3bSxfwL8=
Subject key identifier:   D2:7A:BA:86:2D:8E:86:02:B7:BE:C1:7F:66:83:4A:62:0E:90:40:85
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       21C5599B0DFA0A43E4DB4D2272876C35422D624E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/526b5e1a-0587-49a4-9b97-ce53249ba44b.roa
Signing time:             Fri 15 May 2026 03:42:01 +0000
ROA not before:           Fri 15 May 2026 03:42:01 +0000
ROA not after:            Thu 13 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.255.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 18 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:c5:59:9b:0d:fa:0a:43:e4:db:4d:22:72:87:6c:35:42:2d:62:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 15 03:42:01 2026 GMT
            Not After : Aug 13 23:59:59 2026 GMT
        Subject: serialNumber=89e9195168c7be3a20603ead63a6920ab50a6e1546a2eda48477fc3b6a358d6d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:cc:cf:25:62:c3:13:ac:e1:00:12:07:29:31:
                    a9:c5:5a:dd:47:23:86:d9:3d:17:8e:ec:7c:43:0d:
                    22:73:92:07:f2:de:48:a4:52:fe:f3:75:d3:c7:1c:
                    e0:8c:f0:d4:7d:ac:d3:ed:d0:0a:a2:5d:2d:41:e3:
                    95:72:9b:65:98:96:c6:af:9a:0a:9f:41:a4:00:08:
                    35:e9:64:e5:b6:b2:a8:19:6e:2e:13:2c:02:36:dd:
                    1c:d8:c8:d9:29:0f:bb:4e:4e:cf:49:0c:8f:45:be:
                    42:13:29:a2:b3:a1:5f:4b:57:68:98:46:d8:2a:1e:
                    c8:cd:6e:70:cb:01:5a:85:5d:20:06:71:4c:d2:9a:
                    35:ef:3a:38:1b:eb:92:a2:d1:6c:80:3a:28:2f:ae:
                    5a:1e:09:7e:6e:80:21:a9:4b:35:c1:2d:d7:68:f2:
                    c0:01:e5:7e:dd:d0:6f:85:00:95:d4:11:af:47:a9:
                    70:2d:8d:e4:4d:df:94:64:10:2c:cd:5d:5b:45:10:
                    35:89:3c:3c:16:8e:c5:16:8d:be:19:e3:eb:d8:d0:
                    4e:83:bf:c8:95:c9:28:6a:0a:13:20:a8:3b:91:46:
                    d5:56:aa:2d:5b:d2:b1:b0:85:fb:87:7d:f9:6b:b8:
                    6b:b4:9a:55:c7:f3:2a:cf:eb:df:69:43:76:04:b3:
                    67:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:7A:BA:86:2D:8E:86:02:B7:BE:C1:7F:66:83:4A:62:0E:90:40:85
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/526b5e1a-0587-49a4-9b97-ce53249ba44b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.255.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:32:0d:3e:5c:4f:cd:aa:1a:90:8c:e0:da:1d:c8:84:30:23:
         e8:6f:38:5c:f0:4a:d6:fc:2f:72:5e:dd:98:42:d3:ae:38:05:
         5c:88:72:8d:6d:3d:06:37:30:18:d2:7d:07:c3:5b:3c:cf:bc:
         f4:35:0c:5a:ba:4e:62:d0:7c:91:48:fd:34:7b:26:0a:c2:52:
         11:ff:97:b5:de:a5:24:36:8a:94:79:e1:71:d3:0c:f7:f9:ce:
         73:32:b9:ca:28:04:b8:34:0b:67:f4:81:b2:cd:e6:18:ea:88:
         60:0d:85:b7:e9:b3:53:d8:61:76:d3:fa:6c:ab:65:b6:87:94:
         c5:04:da:f0:9a:1f:fe:2d:c1:c2:f2:f3:db:a2:5b:0f:e1:4c:
         cd:2e:c1:71:07:af:59:ec:8f:a4:e8:b8:d3:6e:17:9e:c3:d8:
         00:7f:57:1d:2c:ed:22:1e:26:21:28:f4:b8:2e:e9:57:0f:96:
         a9:fd:0e:96:68:d2:ec:32:cb:d6:76:93:c7:3f:06:71:03:b1:
         5c:a7:e5:bb:fc:84:cc:a2:b4:cf:32:0d:2c:89:5a:35:c3:d6:
         75:79:e9:f3:11:d5:aa:95:29:6c:28:93:7d:cc:c4:ff:42:fb:
         44:ce:53:d6:78:4d:7b:25:88:03:d6:49:e8:39:ed:56:3b:34:
         3b:b1:9c:65
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIcVZmw36CkPk200icodsNUItYk4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTE1MDM0MjAxWhcNMjYwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4OWU5MTk1MTY4YzdiZTNhMjA2MDNlYWQ2M2E2OTIwYWI1
MGE2ZTE1NDZhMmVkYTQ4NDc3ZmMzYjZhMzU4ZDZkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZzM8lYsMTrOEAEgcpManFWt1HI4bZPReO7HxDDSJzkgfy
3kikUv7zddPHHOCM8NR9rNPt0AqiXS1B45Vym2WYlsavmgqfQaQACDXpZOW2sqgZ
bi4TLAI23RzYyNkpD7tOTs9JDI9FvkITKaKzoV9LV2iYRtgqHsjNbnDLAVqFXSAG
cUzSmjXvOjgb65Ki0WyAOigvrloeCX5ugCGpSzXBLddo8sAB5X7d0G+FAJXUEa9H
qXAtjeRN35RkECzNXVtFEDWJPDwWjsUWjb4Z4+vY0E6Dv8iVyShqChMgqDuRRtVW
qi1b0rGwhfuHfflruGu0mlXH8yrP699pQ3YEs2cfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0nq6hi2OhgK3vsF/ZoNKYg6QQIUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzUyNmI1ZTFhLTA1ODctNDlhNC05Yjk3LWNlNTMyNDliYTQ0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2/34wDQYJKoZIhvcNAQELBQADggEBAKMyDT5cT82qGpCM4NodyIQwI+hv
OFzwStb8L3Je3ZhC0644BVyIco1tPQY3MBjSfQfDWzzPvPQ1DFq6TmLQfJFI/TR7
JgrCUhH/l7XepSQ2ipR54XHTDPf5znMyucooBLg0C2f0gbLN5hjqiGANhbfps1PY
YXbT+myrZbaHlMUE2vCaH/4twcLy89uiWw/hTM0uwXEHr1nsj6TouNNuF57D2AB/
Vx0s7SIeJiEo9Lgu6VcPlqn9DpZo0uwyy9Z2k8c/BnEDsVyn5bv8hMyitM8yDSyJ
WjXD1nV56fMR1aqVKWwok33MxP9C+0TOU9Z4TXsliAPWSeg57VY7NDuxnGU=
-----END CERTIFICATE-----