Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c31ce4d-c77c-4f23-93ae-18987700ff43.roa
File:                     6c31ce4d-c77c-4f23-93ae-18987700ff43.roa (raw, json)
Hash identifier:          Jd/tlnvfD4TD/P9S+35qpkFMegmMRLsdw6ZzEhwBzgU=
Subject key identifier:   67:E8:A9:4A:64:FC:85:3B:E5:2D:C5:AC:7A:89:6D:3B:98:D7:67:35
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2C29A9310C287D65E88A3A50F0DD9603828E0464
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c31ce4d-c77c-4f23-93ae-18987700ff43.roa
Signing time:             Sat 16 May 2026 02:31:24 +0000
ROA not before:           Sat 16 May 2026 02:31:24 +0000
ROA not after:            Fri 14 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.238.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 18 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:29:a9:31:0c:28:7d:65:e8:8a:3a:50:f0:dd:96:03:82:8e:04:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 16 02:31:24 2026 GMT
            Not After : Aug 14 23:59:59 2026 GMT
        Subject: serialNumber=ae3cf805752d424607b512b303d026ac876ad05b995829988aae1dcba6ccaab9, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d3:19:ff:b7:3f:f6:e6:7f:d5:f8:d5:12:26:
                    18:f6:fd:98:7d:7c:59:dd:f7:d9:fa:a2:e5:06:8e:
                    5e:13:83:f7:3b:00:6b:87:43:27:7a:14:02:5d:47:
                    18:4f:ac:34:57:c9:ff:9e:26:ce:62:36:c2:14:70:
                    d9:de:08:66:73:49:96:c3:2a:3a:dc:f5:09:a4:8c:
                    f2:a1:4a:62:67:2e:f2:e6:84:ba:0f:87:40:48:3a:
                    61:06:70:44:46:9e:59:e6:13:7e:67:19:58:a8:a0:
                    e0:54:4e:41:c5:bd:3d:1d:47:8f:29:4e:b5:79:b0:
                    6d:7c:7e:c3:20:2a:f6:54:0c:36:6e:43:d4:df:cf:
                    e3:85:a4:1b:c3:6b:4c:87:e5:f6:73:5f:30:57:11:
                    fe:f3:e1:bc:48:fd:66:96:eb:9e:d0:45:ea:b7:2d:
                    06:e2:b8:13:8b:64:d7:27:03:93:97:c1:80:19:54:
                    f2:4b:f9:5b:c8:dd:83:13:9a:da:8e:fd:34:35:d5:
                    57:71:4a:b0:f8:2d:dc:af:07:9c:c7:1f:8f:9e:27:
                    06:00:62:4c:6f:7c:46:ed:e5:9f:7a:71:c9:0b:9f:
                    5d:2d:cc:df:83:6d:81:c3:56:10:dd:ee:88:c8:39:
                    50:dd:2f:00:77:28:3b:43:4a:d0:75:29:5e:4e:d0:
                    e0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:E8:A9:4A:64:FC:85:3B:E5:2D:C5:AC:7A:89:6D:3B:98:D7:67:35
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6c31ce4d-c77c-4f23-93ae-18987700ff43.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.238.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         72:28:62:0b:77:2b:14:7b:68:74:7f:4e:a8:9c:18:08:b7:93:
         4a:6e:54:3b:df:0f:d7:87:72:3e:fc:c2:1d:c5:b8:7d:23:27:
         83:0d:c7:10:05:5f:04:5c:f2:e2:a6:96:b4:0f:b9:d1:6b:e5:
         94:07:4f:54:91:1b:f2:9d:6f:f0:64:d2:c3:d2:99:88:d3:10:
         d0:9a:62:4c:67:d9:22:a5:ad:cc:ca:ef:57:59:e9:d5:ad:9c:
         83:21:6f:c0:44:0d:fa:43:24:b0:c2:9f:39:24:5f:94:d7:e9:
         24:ff:63:ae:06:d6:3f:84:34:b6:3c:cc:26:a6:62:f6:d3:f9:
         16:31:b0:b4:27:1f:17:7c:6b:da:3e:82:ea:50:b7:c0:e4:80:
         c2:3d:8a:25:30:b2:97:d9:3c:7a:2e:0b:b2:a5:8e:20:fb:69:
         be:e6:85:18:d8:2c:6c:09:f5:bf:f0:c1:27:05:1f:8a:e7:3e:
         ca:65:35:10:f6:35:1d:c3:9a:f6:ad:e6:fe:63:a4:23:f5:26:
         c3:64:41:40:4b:1b:90:36:7d:0b:86:5d:4a:c1:c8:49:4b:ea:
         11:6f:e1:d1:3b:f0:65:fb:7d:6e:ba:c9:07:60:2e:76:b5:28:
         d9:8b:7b:58:9b:63:07:9c:e7:10:c2:66:bd:4c:24:bd:0e:b0:
         32:d7:87:fb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULCmpMQwofWXoijpQ8N2WA4KOBGQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTE2MDIzMTI0WhcNMjYwODE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZTNjZjgwNTc1MmQ0MjQ2MDdiNTEyYjMwM2QwMjZhYzg3
NmFkMDViOTk1ODI5OTg4YWFlMWRjYmE2Y2NhYWI5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC90xn/tz/25n/V+NUSJhj2/Zh9fFnd99n6ouUGjl4Tg/c7
AGuHQyd6FAJdRxhPrDRXyf+eJs5iNsIUcNneCGZzSZbDKjrc9QmkjPKhSmJnLvLm
hLoPh0BIOmEGcERGnlnmE35nGViooOBUTkHFvT0dR48pTrV5sG18fsMgKvZUDDZu
Q9Tfz+OFpBvDa0yH5fZzXzBXEf7z4bxI/WaW657QReq3LQbiuBOLZNcnA5OXwYAZ
VPJL+VvI3YMTmtqO/TQ11VdxSrD4LdyvB5zHH4+eJwYAYkxvfEbt5Z96cckLn10t
zN+DbYHDVhDd7ojIOVDdLwB3KDtDStB1KV5O0OAdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZ+ipSmT8hTvlLcWseoltO5jXZzUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZjMzFjZTRkLWM3N2MtNGYyMy05M2FlLTE4OTg3NzAwZmY0My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ27jAwDQYJKoZIhvcNAQELBQADggEBAHIoYgt3KxR7aHR/TqicGAi3k0pu
VDvfD9eHcj78wh3FuH0jJ4MNxxAFXwRc8uKmlrQPudFr5ZQHT1SRG/Kdb/Bk0sPS
mYjTENCaYkxn2SKlrczK71dZ6dWtnIMhb8BEDfpDJLDCnzkkX5TX6ST/Y64G1j+E
NLY8zCamYvbT+RYxsLQnHxd8a9o+gupQt8DkgMI9iiUwspfZPHouC7KljiD7ab7m
hRjYLGwJ9b/wwScFH4rnPsplNRD2NR3Dmvat5v5jpCP1JsNkQUBLG5A2fQuGXUrB
yElL6hFv4dE78GX7fW66yQdgLna1KNmLe1ibYwec5xDCZr1MJL0OsDLXh/s=
-----END CERTIFICATE-----