Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c31ce4d-c77c-4f23-93ae-18987700ff43.roa
File:                     6c31ce4d-c77c-4f23-93ae-18987700ff43.roa (raw, json)
Hash identifier:          8v1eGrLYrlPyH5m8CKln2yFwjolIsqANXR9R+06kM40=
Subject key identifier:   28:27:ED:56:33:32:55:E7:A8:F1:D5:48:FB:C4:9A:53:22:DE:32:6E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1635671E2CC641B2DD728359A261AE4C842D32E6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c31ce4d-c77c-4f23-93ae-18987700ff43.roa
Signing time:             Wed 25 Feb 2026 02:50:54 +0000
ROA not before:           Wed 25 Feb 2026 02:50:54 +0000
ROA not after:            Tue 26 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.238.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:35:67:1e:2c:c6:41:b2:dd:72:83:59:a2:61:ae:4c:84:2d:32:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 25 02:50:54 2026 GMT
            Not After : May 26 23:59:59 2026 GMT
        Subject: serialNumber=75e53041e1a74687f5e1d539e69a439a6df9e179592d71dccab6679b3f84b616, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:80:3e:b7:82:40:56:f2:5a:51:5d:4a:e9:01:
                    96:c9:5a:58:ff:71:05:65:01:1d:fb:00:78:08:7e:
                    65:ff:5a:1f:14:02:ce:c3:4b:50:41:47:c0:35:ac:
                    af:31:4c:45:4c:1b:58:7f:c5:e7:f5:68:50:a2:af:
                    32:a5:b2:45:d5:86:f4:ec:c3:7d:7f:8e:76:af:76:
                    5d:ae:95:dc:9b:01:38:6e:cb:f0:69:db:e4:e2:c9:
                    c8:c0:99:f2:7f:8b:88:93:19:d4:09:fa:6f:a7:31:
                    61:8d:4a:36:65:eb:3a:df:0b:70:54:e7:86:56:40:
                    6e:50:09:c1:0a:fa:04:96:2f:59:d9:aa:63:46:8a:
                    79:b4:57:2f:3a:3d:ff:50:07:76:c8:2f:d8:9a:e6:
                    36:3b:e8:e8:26:11:26:d0:e1:7b:41:fc:fc:4f:3a:
                    b3:89:8c:0f:33:3d:53:32:df:b0:bd:58:e0:c8:59:
                    0b:af:6c:b0:b2:7c:7d:8d:6d:bb:53:33:21:ae:40:
                    47:f1:cb:b5:37:3d:20:14:fd:26:41:01:5a:8f:8a:
                    2d:36:db:9f:96:ca:4c:98:8b:41:6c:63:df:ec:3c:
                    63:cd:be:fe:28:18:9e:99:9a:1f:17:2b:67:01:8c:
                    4b:d5:a7:49:36:64:80:44:b9:88:90:1e:41:08:d3:
                    10:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:27:ED:56:33:32:55:E7:A8:F1:D5:48:FB:C4:9A:53:22:DE:32:6E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c31ce4d-c77c-4f23-93ae-18987700ff43.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.238.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9c:34:56:3e:67:d0:bd:89:d1:3f:82:f3:75:f9:67:a8:2b:17:
         17:2b:cb:20:15:a3:e0:e8:a3:29:fd:da:65:63:85:1b:36:48:
         39:9c:5c:af:f4:68:e5:b8:e2:1a:df:48:42:fa:02:d6:0d:06:
         0f:28:49:8c:36:60:08:a7:8d:64:f3:49:62:34:a4:c9:b8:35:
         65:6f:48:25:ad:a9:6f:3c:9d:36:c1:cb:ff:40:4f:7a:63:75:
         3f:7c:eb:1d:62:00:ec:37:c2:68:b1:4f:1c:91:b7:98:3b:63:
         71:91:fa:21:95:34:6d:91:29:38:3e:98:1d:a8:13:5d:53:73:
         2b:0e:0a:4e:be:ca:16:89:61:a9:ea:5f:4d:c3:39:d6:e9:e1:
         02:3f:14:82:38:92:05:75:31:f6:89:7d:f8:a8:14:e1:a6:30:
         c1:fa:94:0e:47:dd:db:1d:c9:18:f4:f0:ed:ee:2a:59:c6:e5:
         91:6a:4b:69:8b:44:65:df:41:1b:41:62:a2:3d:ae:45:00:7d:
         24:89:0a:b4:e8:bc:34:8e:77:1c:39:0f:71:86:88:28:30:68:
         5e:a0:8a:5a:2b:24:07:a1:dc:e3:ce:70:92:a8:e1:72:c5:a7:
         b6:f2:0d:a1:14:da:06:35:b5:c5:31:62:3d:93:05:55:9d:11:
         b8:e1:4a:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFjVnHizGQbLdcoNZomGuTIQtMuYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI1MDI1MDU0WhcNMjYwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NWU1MzA0MWUxYTc0Njg3ZjVlMWQ1MzllNjlhNDM5YTZk
ZjllMTc5NTkyZDcxZGNjYWI2Njc5YjNmODRiNjE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRgD63gkBW8lpRXUrpAZbJWlj/cQVlAR37AHgIfmX/Wh8U
As7DS1BBR8A1rK8xTEVMG1h/xef1aFCirzKlskXVhvTsw31/jnavdl2uldybAThu
y/Bp2+TiycjAmfJ/i4iTGdQJ+m+nMWGNSjZl6zrfC3BU54ZWQG5QCcEK+gSWL1nZ
qmNGinm0Vy86Pf9QB3bIL9ia5jY76OgmESbQ4XtB/PxPOrOJjA8zPVMy37C9WODI
WQuvbLCyfH2NbbtTMyGuQEfxy7U3PSAU/SZBAVqPii0225+WykyYi0FsY9/sPGPN
vv4oGJ6Zmh8XK2cBjEvVp0k2ZIBEuYiQHkEI0xD9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKCftVjMyVeeo8dVI+8SaUyLeMm4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZjMzFjZTRkLWM3N2MtNGYyMy05M2FlLTE4OTg3NzAwZmY0My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ27jAwDQYJKoZIhvcNAQELBQADggEBAJw0Vj5n0L2J0T+C83X5Z6grFxcr
yyAVo+Dooyn92mVjhRs2SDmcXK/0aOW44hrfSEL6AtYNBg8oSYw2YAinjWTzSWI0
pMm4NWVvSCWtqW88nTbBy/9AT3pjdT986x1iAOw3wmixTxyRt5g7Y3GR+iGVNG2R
KTg+mB2oE11TcysOCk6+yhaJYanqX03DOdbp4QI/FII4kgV1MfaJffioFOGmMMH6
lA5H3dsdyRj08O3uKlnG5ZFqS2mLRGXfQRtBYqI9rkUAfSSJCrTovDSOdxw5D3GG
iCgwaF6gilorJAeh3OPOcJKo4XLFp7byDaEU2gY1tcUxYj2TBVWdEbjhSmE=
-----END CERTIFICATE-----