Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5933b4db-ccbb-47a3-a37b-fa7ff2d0ad09.roa
File:                     5933b4db-ccbb-47a3-a37b-fa7ff2d0ad09.roa (raw, json)
Hash identifier:          fOnLP5itH53UsFtolA1aueS2aMxcrDoDZxK47ZlLfeI=
Subject key identifier:   F8:76:43:75:A2:15:74:9F:A8:C3:DE:50:A7:9C:81:62:EE:6A:19:31
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7ADA93888CB9E8CB49A5A9A6529976BD1557F832
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5933b4db-ccbb-47a3-a37b-fa7ff2d0ad09.roa
Signing time:             Sat 28 Feb 2026 02:30:14 +0000
ROA not before:           Sat 28 Feb 2026 02:30:14 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        159.209.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:da:93:88:8c:b9:e8:cb:49:a5:a9:a6:52:99:76:bd:15:57:f8:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 02:30:14 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=2be940caedf56f1439875725bdf76f929810cfbd5986cfea1d78ace6bf7cb581, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:4b:89:96:b3:50:c7:a3:16:66:0f:ed:9c:31:
                    af:a2:e5:01:9a:fb:bf:f3:ae:a4:4f:32:86:a5:92:
                    8b:a7:86:1e:47:4f:5f:6c:3c:07:3f:71:ba:c7:23:
                    9f:92:ea:73:f6:58:85:a2:ee:0f:79:7f:d1:da:2b:
                    2a:5d:1d:93:aa:7f:bb:65:58:10:13:3c:73:53:58:
                    39:03:47:1f:8e:9b:ad:9d:3b:e4:21:aa:da:17:39:
                    dd:14:0d:88:26:e2:73:a4:16:5b:3f:b4:10:ef:8a:
                    11:7d:09:4d:46:8a:22:3b:18:ed:f0:b8:a9:f3:5b:
                    8f:bb:48:42:65:6b:26:96:41:f6:30:18:1f:6e:3c:
                    b2:1c:18:7d:51:06:4f:0c:f8:d4:fd:d8:f7:dd:0c:
                    af:12:44:1b:fe:4c:82:14:2b:e6:9a:7a:43:80:d9:
                    47:78:bb:6e:12:65:97:d0:10:74:b6:f0:49:27:ae:
                    c7:45:b3:91:8a:e9:79:83:ab:cc:a1:08:6e:aa:6f:
                    7c:c6:e2:25:47:5b:70:c5:b8:e8:07:cb:95:07:10:
                    1e:c1:92:c6:64:59:19:65:ba:a2:b0:31:5b:9c:52:
                    85:f2:d5:f0:ae:d5:97:76:7c:f7:2a:cc:14:9e:70:
                    db:52:6e:8e:24:39:6a:64:aa:58:7a:df:37:28:11:
                    d7:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:76:43:75:A2:15:74:9F:A8:C3:DE:50:A7:9C:81:62:EE:6A:19:31
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/5933b4db-ccbb-47a3-a37b-fa7ff2d0ad09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.209.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0d:b9:46:96:8e:0d:5d:9d:6b:a9:0c:31:d0:11:91:41:90:00:
         dd:01:15:87:52:cc:b8:24:a9:ef:4a:d2:10:9b:86:d0:80:50:
         b5:27:58:96:83:ae:1f:f1:b0:0d:52:e4:5b:1c:ea:72:85:4c:
         c9:fd:18:7f:56:62:4e:15:78:9f:dc:35:60:a1:c3:03:c2:3f:
         50:db:73:96:18:bc:97:fb:e3:60:78:c9:5d:84:b6:bd:c2:d9:
         d4:ab:c8:1a:68:d9:74:94:e6:7f:cc:be:8a:ab:09:b9:66:b6:
         44:41:2f:9a:3d:d9:c1:93:35:06:97:f2:ed:33:f4:8f:00:6e:
         4b:10:c7:73:ee:23:32:71:25:8c:c8:32:56:2b:3c:7a:fc:6c:
         91:83:cc:61:c8:c8:f0:eb:e5:89:3b:11:24:de:f2:9e:ce:3c:
         f8:11:9d:37:ad:42:ff:75:90:17:22:93:95:8e:31:61:f4:56:
         32:6e:aa:94:60:13:c2:46:ec:43:4a:ee:73:41:65:fb:22:9e:
         6c:e4:65:fd:8b:a0:4e:d9:6c:44:a9:57:73:65:48:56:04:7b:
         5f:de:13:3a:36:4e:be:fa:54:43:21:41:c3:e1:9c:fd:8a:54:
         60:61:52:3d:db:d6:22:fa:d9:a2:8e:ba:19:1b:d3:3b:8d:ba:
         ff:c0:47:30
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUetqTiIy56MtJpammUpl2vRVX+DIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDIzMDE0WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYmU5NDBjYWVkZjU2ZjE0Mzk4NzU3MjViZGY3NmY5Mjk4
MTBjZmJkNTk4NmNmZWExZDc4YWNlNmJmN2NiNTgxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtS4mWs1DHoxZmD+2cMa+i5QGa+7/zrqRPMoalkounhh5H
T19sPAc/cbrHI5+S6nP2WIWi7g95f9HaKypdHZOqf7tlWBATPHNTWDkDRx+Om62d
O+QhqtoXOd0UDYgm4nOkFls/tBDvihF9CU1GiiI7GO3wuKnzW4+7SEJlayaWQfYw
GB9uPLIcGH1RBk8M+NT92PfdDK8SRBv+TIIUK+aaekOA2Ud4u24SZZfQEHS28Ekn
rsdFs5GK6XmDq8yhCG6qb3zG4iVHW3DFuOgHy5UHEB7BksZkWRlluqKwMVucUoXy
1fCu1Zd2fPcqzBSecNtSbo4kOWpkqlh63zcoEdfFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU+HZDdaIVdJ+ow95Qp5yBYu5qGTEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzU5MzNiNGRiLWNjYmItNDdhMy1hMzdiLWZhN2ZmMmQwYWQwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCf0TANBgkqhkiG9w0BAQsFAAOCAQEADblGlo4NXZ1rqQwx0BGRQZAA3QEV
h1LMuCSp70rSEJuG0IBQtSdYloOuH/GwDVLkWxzqcoVMyf0Yf1ZiThV4n9w1YKHD
A8I/UNtzlhi8l/vjYHjJXYS2vcLZ1KvIGmjZdJTmf8y+iqsJuWa2REEvmj3ZwZM1
Bpfy7TP0jwBuSxDHc+4jMnEljMgyVis8evxskYPMYcjI8OvliTsRJN7yns48+BGd
N61C/3WQFyKTlY4xYfRWMm6qlGATwkbsQ0ruc0Fl+yKebORl/YugTtlsRKlXc2VI
VgR7X94TOjZOvvpUQyFBw+Gc/YpUYGFSPdvWIvrZoo66GRvTO426/8BHMA==
-----END CERTIFICATE-----