Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6cb052db-b2e8-4906-a585-69043cc771d2.roa
File:                     6cb052db-b2e8-4906-a585-69043cc771d2.roa (raw, json)
Hash identifier:          Xmbzw72OBv57xwlcpHEbtojY2mx5xzoP+LfVguzxVpQ=
Subject key identifier:   B7:E8:4E:B9:97:CC:07:7D:EE:96:DD:97:DE:47:FF:DA:C4:AE:46:FD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5A526ED561BEF9E5E3D8BF55FE58E955585AB25B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6cb052db-b2e8-4906-a585-69043cc771d2.roa
Signing time:             Sat 28 Feb 2026 03:21:45 +0000
ROA not before:           Sat 28 Feb 2026 03:21:45 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        3.170.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:52:6e:d5:61:be:f9:e5:e3:d8:bf:55:fe:58:e9:55:58:5a:b2:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 03:21:45 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=af1b1e1a05785212a3ed7929fc3fb1da25dec51d5bb77de914fdd7b08e21eb76, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:12:1b:b8:f8:85:b0:a7:98:31:23:2e:3b:ce:
                    da:8b:1a:58:8f:12:c7:59:79:b1:2a:39:26:a5:71:
                    4b:ea:b4:e8:be:98:09:2f:29:a7:50:af:b7:d7:8f:
                    1e:eb:7c:41:c5:0c:2a:e3:60:51:4e:3f:e0:57:30:
                    0a:f2:f4:ae:49:2b:ab:8d:fd:28:7c:14:66:88:f4:
                    70:b3:3f:f9:e0:46:a2:ca:16:08:86:b8:76:e2:d8:
                    d0:33:d3:33:e0:2f:0a:2a:97:17:d1:00:88:e3:60:
                    1e:f3:ed:38:42:9c:90:c5:6c:f0:39:c3:ac:67:8e:
                    b0:34:56:25:0b:cb:e8:6a:60:49:f8:51:68:52:e5:
                    a1:71:68:b2:86:2d:18:49:47:6f:ff:0f:ec:bc:4b:
                    36:35:4a:38:c7:5e:9a:2a:95:79:40:68:62:7e:b9:
                    a3:53:94:de:cd:e9:7f:5a:31:60:74:b4:78:66:45:
                    ca:91:4c:89:db:c4:5b:2a:d3:8d:f8:18:71:90:5f:
                    6a:c1:50:bd:a5:e0:5e:5a:a2:a0:6a:ba:d9:43:5d:
                    41:7c:65:b8:17:83:59:97:8b:5f:0b:f9:0c:ce:7e:
                    89:8d:48:e7:94:80:6d:fb:91:e3:6f:85:c5:a6:07:
                    9c:17:ab:66:44:0a:a2:56:bc:90:88:05:23:20:6a:
                    fe:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:E8:4E:B9:97:CC:07:7D:EE:96:DD:97:DE:47:FF:DA:C4:AE:46:FD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/6cb052db-b2e8-4906-a585-69043cc771d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  3.170.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         42:cc:e2:4d:02:47:52:a3:83:28:8f:29:d7:b0:a1:ca:ab:b4:
         8d:91:99:84:97:06:87:30:f7:5a:46:4b:c3:37:f9:c6:f0:da:
         72:40:10:2d:5e:fc:55:35:f3:16:36:7b:ca:9a:d8:cb:98:40:
         01:7d:21:9a:90:f8:15:c1:f3:2e:00:fe:53:77:df:de:93:9d:
         60:b9:e7:6d:7a:6a:78:49:9c:28:15:c1:cd:0e:f0:e0:c3:5f:
         8e:6f:3f:1c:55:57:ab:2f:a4:57:01:24:60:a3:b8:1c:45:3c:
         f4:4e:f3:f3:fd:50:21:5c:9a:cc:18:7f:cf:10:3a:6f:51:c1:
         d0:a3:47:79:7d:44:c9:cb:b7:e9:89:2e:ae:e9:f8:81:06:1c:
         95:70:a9:0a:6b:07:25:7a:21:82:d8:92:2f:59:44:1f:1f:eb:
         ec:ca:66:21:c0:91:0c:b4:15:e5:af:a1:8f:b5:f0:af:19:c0:
         2e:ad:c9:b8:6a:db:a5:aa:7d:f1:b9:13:96:de:da:3d:c0:40:
         3d:00:10:52:9c:80:1f:11:9a:7c:97:b3:ec:78:fb:1f:49:94:
         6a:1d:2a:dc:17:4f:40:30:10:dd:80:24:b2:86:77:19:59:1b:
         e6:fa:c2:0d:69:1e:ff:90:6c:3d:d6:6c:9e:64:9d:15:b1:a1:
         25:c7:23:23
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWlJu1WG++eXj2L9V/ljpVVhaslswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDMyMTQ1WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZjFiMWUxYTA1Nzg1MjEyYTNlZDc5MjlmYzNmYjFkYTI1
ZGVjNTFkNWJiNzdkZTkxNGZkZDdiMDhlMjFlYjc2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgEhu4+IWwp5gxIy47ztqLGliPEsdZebEqOSalcUvqtOi+
mAkvKadQr7fXjx7rfEHFDCrjYFFOP+BXMAry9K5JK6uN/Sh8FGaI9HCzP/ngRqLK
FgiGuHbi2NAz0zPgLwoqlxfRAIjjYB7z7ThCnJDFbPA5w6xnjrA0ViULy+hqYEn4
UWhS5aFxaLKGLRhJR2//D+y8SzY1SjjHXpoqlXlAaGJ+uaNTlN7N6X9aMWB0tHhm
RcqRTInbxFsq0434GHGQX2rBUL2l4F5aoqBqutlDXUF8ZbgXg1mXi18L+QzOfomN
SOeUgG37keNvhcWmB5wXq2ZECqJWvJCIBSMgav7vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUt+hOuZfMB33ult2X3kf/2sSuRv0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzZjYjA1MmRiLWIyZTgtNDkwNi1hNTg1LTY5MDQzY2M3NzFkMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcDqoAwDQYJKoZIhvcNAQELBQADggEBAELM4k0CR1KjgyiPKdewocqrtI2R
mYSXBocw91pGS8M3+cbw2nJAEC1e/FU18xY2e8qa2MuYQAF9IZqQ+BXB8y4A/lN3
396TnWC55216anhJnCgVwc0O8ODDX45vPxxVV6svpFcBJGCjuBxFPPRO8/P9UCFc
mswYf88QOm9RwdCjR3l9RMnLt+mJLq7p+IEGHJVwqQprByV6IYLYki9ZRB8f6+zK
ZiHAkQy0FeWvoY+18K8ZwC6tybhq26WqffG5E5be2j3AQD0AEFKcgB8RmnyXs+x4
+x9JlGodKtwXT0AwEN2AJLKGdxlZG+b6wg1pHv+QbD3WbJ5knRWxoSXHIyM=
-----END CERTIFICATE-----