Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/66496eeb-98fc-4220-823f-0c3b38023275.roa
File:                     66496eeb-98fc-4220-823f-0c3b38023275.roa (raw, json)
Hash identifier:          vfh9VLyig4EMMGnlMqs0qQFSYjsd3HGZ61zQmCLbu2I=
Subject key identifier:   49:B3:74:21:C2:AD:8A:36:E6:C2:7F:AE:ED:02:32:75:AE:61:BE:31
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2AE4B287033A581E9313FAE41DFF7DB41ED5EF37
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/66496eeb-98fc-4220-823f-0c3b38023275.roa
Signing time:             Sat 28 Feb 2026 01:50:53 +0000
ROA not before:           Sat 28 Feb 2026 01:50:53 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     7224
IP address blocks:        15.248.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:e4:b2:87:03:3a:58:1e:93:13:fa:e4:1d:ff:7d:b4:1e:d5:ef:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 01:50:53 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=153fa1a849fd5db12c6cb033c444ba5120896909af529d45c8a61801fdfc7fb1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:36:bc:bb:11:c4:a1:ab:a9:28:ad:f2:5e:06:
                    43:9f:da:8c:dc:b6:15:3a:7f:05:54:62:18:7f:f9:
                    97:c3:82:09:a0:40:02:57:fc:9a:c9:54:c7:27:02:
                    b0:f3:1a:76:d3:b6:53:cd:e9:ac:a2:1c:5b:0a:cd:
                    88:e4:89:71:47:63:fc:85:a9:81:54:eb:c2:82:5f:
                    97:e7:0d:ba:6a:9a:f7:47:85:09:68:f6:c0:eb:78:
                    12:22:d9:9d:3a:eb:48:9b:51:ad:5b:33:1b:66:76:
                    15:26:3c:1f:32:78:22:58:77:d1:7f:11:59:52:94:
                    f4:d0:6f:64:e2:80:e7:3e:cc:b7:25:ac:20:eb:64:
                    f4:d3:e4:b1:49:50:b8:45:98:0a:b0:23:47:8d:ad:
                    7a:e6:42:51:d8:8f:68:b3:46:ab:a1:92:04:6b:ab:
                    d4:0c:8d:a8:83:2a:ce:d4:e1:35:ea:4b:0b:41:e8:
                    8b:77:a4:8f:ee:b5:42:76:92:86:a9:d2:89:15:63:
                    7d:f1:b5:0e:ee:57:0f:65:31:a0:36:db:92:9b:de:
                    0f:1f:f8:e5:8e:bf:78:0c:9e:04:0c:07:5d:c0:2c:
                    0b:bf:43:a7:de:11:6b:ce:46:f8:ea:3a:26:d3:83:
                    77:91:64:0d:c9:85:32:9e:7e:6d:4d:a9:76:1d:dc:
                    0e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:B3:74:21:C2:AD:8A:36:E6:C2:7F:AE:ED:02:32:75:AE:61:BE:31
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/66496eeb-98fc-4220-823f-0c3b38023275.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.248.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:49:bd:db:54:03:55:b6:e8:95:ad:56:27:72:c6:7d:40:55:
         c8:e6:c3:31:8c:7f:be:b3:f0:9c:0d:e9:f6:98:99:e1:08:31:
         b9:c4:40:98:d9:e9:be:32:3a:0c:f8:b7:fc:08:6f:0c:63:3f:
         fe:ab:aa:86:4a:97:db:06:98:ed:9a:ed:80:94:e3:e9:00:64:
         a1:c6:b4:bd:96:b0:e6:90:e0:bf:8e:4c:36:81:7a:ac:d7:a3:
         3d:72:c2:b5:45:e0:9a:cd:07:d2:c7:f4:0a:95:4b:ae:1c:df:
         ee:f4:b1:a9:b0:11:a0:c5:02:67:3e:c3:6e:05:a2:d9:75:e3:
         b5:61:e0:21:39:51:c3:a1:51:c5:0b:a9:17:56:37:1b:2b:e9:
         92:f4:30:35:f1:b9:66:72:30:27:0f:24:26:28:41:75:13:1e:
         7d:19:ab:b0:f4:48:42:63:a6:28:b1:8a:a3:b2:b4:b6:d6:ce:
         b7:66:81:cd:ee:95:5d:87:37:51:43:3e:fb:19:d4:3f:d7:88:
         91:b2:fe:c3:78:a0:f8:8e:d8:43:58:8e:79:7a:8c:e0:97:ae:
         9b:d6:74:8b:b7:4f:87:e0:08:0e:cb:b6:e2:75:72:dc:81:5b:
         a6:6d:ca:9b:55:4b:98:a3:46:fa:64:2b:75:c7:19:7d:5f:e2:
         8d:9e:dc:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKuSyhwM6WB6TE/rkHf99tB7V7zcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDE1MDUzWhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTNmYTFhODQ5ZmQ1ZGIxMmM2Y2IwMzNjNDQ0YmE1MTIw
ODk2OTA5YWY1MjlkNDVjOGE2MTgwMWZkZmM3ZmIxMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgNry7EcShq6korfJeBkOf2ozcthU6fwVUYhh/+ZfDggmg
QAJX/JrJVMcnArDzGnbTtlPN6ayiHFsKzYjkiXFHY/yFqYFU68KCX5fnDbpqmvdH
hQlo9sDreBIi2Z0660ibUa1bMxtmdhUmPB8yeCJYd9F/EVlSlPTQb2TigOc+zLcl
rCDrZPTT5LFJULhFmAqwI0eNrXrmQlHYj2izRquhkgRrq9QMjaiDKs7U4TXqSwtB
6It3pI/utUJ2koap0okVY33xtQ7uVw9lMaA225Kb3g8f+OWOv3gMngQMB13ALAu/
Q6feEWvORvjqOibTg3eRZA3JhTKefm1NqXYd3A7fAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSbN0IcKtijbmwn+u7QIyda5hvjEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY2NDk2ZWViLTk4ZmMtNDIyMC04MjNmLTBjM2IzODAyMzI3NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAP+GkwDQYJKoZIhvcNAQELBQADggEBAJ1JvdtUA1W26JWtVidyxn1AVcjm
wzGMf76z8JwN6faYmeEIMbnEQJjZ6b4yOgz4t/wIbwxjP/6rqoZKl9sGmO2a7YCU
4+kAZKHGtL2WsOaQ4L+OTDaBeqzXoz1ywrVF4JrNB9LH9AqVS64c3+70samwEaDF
Amc+w24Fotl147Vh4CE5UcOhUcULqRdWNxsr6ZL0MDXxuWZyMCcPJCYoQXUTHn0Z
q7D0SEJjpiixiqOytLbWzrdmgc3ulV2HN1FDPvsZ1D/XiJGy/sN4oPiO2ENYjnl6
jOCXrpvWdIu3T4fgCA7LtuJ1ctyBW6ZtyptVS5ijRvpkK3XHGX1f4o2e3EA=
-----END CERTIFICATE-----