Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74f2ecdf-d5d5-4b42-92a4-04fcfd19f695.roa
File:                     74f2ecdf-d5d5-4b42-92a4-04fcfd19f695.roa (raw, json)
Hash identifier:          Uk5ShDutCxS2Hnbk5bk423WpqN99y5TOCHqG6yh/+rc=
Subject key identifier:   44:D5:A9:36:A2:1D:43:05:02:21:11:C3:4F:3E:6C:E0:F8:19:00:8F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       519FA054B72E19763C99A1BBBF1494EE088E0617
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74f2ecdf-d5d5-4b42-92a4-04fcfd19f695.roa
Signing time:             Tue 24 Feb 2026 03:00:55 +0000
ROA not before:           Tue 24 Feb 2026 03:00:55 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.204.32.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:9f:a0:54:b7:2e:19:76:3c:99:a1:bb:bf:14:94:ee:08:8e:06:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 24 03:00:55 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=07060d6260b49a204293169cfc81d0ef099160caa722456f07edb84d5e06b0dc, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a9:e7:e5:7b:c9:9c:33:cd:a0:58:0e:3f:3e:
                    70:c0:d2:ca:ab:85:b5:44:92:7c:79:36:e9:ab:d0:
                    72:1e:17:5a:1d:a6:2e:a2:a5:04:c4:94:cb:76:b2:
                    b6:63:fe:c4:da:71:41:a0:d9:a9:66:fa:77:8d:54:
                    2f:12:fa:e9:a3:16:b0:fc:91:25:83:0d:46:ab:55:
                    d2:67:d2:18:ca:e4:6f:70:85:a8:06:3b:a9:8b:22:
                    9d:e3:d7:d6:9b:f7:a0:6f:20:d6:cd:dc:32:52:03:
                    00:aa:b5:52:41:01:e9:8b:da:88:13:60:ee:0d:a2:
                    2e:b3:9c:c3:6a:ac:0c:4f:b6:df:79:ef:95:4f:96:
                    07:25:76:48:d9:75:91:14:96:f8:69:40:f1:f8:ab:
                    b2:7e:63:44:fe:ac:40:98:04:b1:81:0d:2c:c1:ff:
                    80:04:d5:0a:41:8b:30:a4:44:38:1f:f5:94:93:f0:
                    09:63:a2:ce:89:3d:82:67:92:e4:3e:fb:8f:b7:c2:
                    8d:c2:9e:1b:09:29:b9:38:ba:20:3d:de:93:87:ef:
                    55:df:15:39:96:b4:73:17:85:aa:41:ce:7e:f1:f2:
                    86:9e:8c:c5:d4:18:9f:69:c1:ae:e8:ad:be:55:c6:
                    00:ba:02:cf:22:ab:24:d1:58:3b:3e:5b:28:5d:12:
                    59:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:D5:A9:36:A2:1D:43:05:02:21:11:C3:4F:3E:6C:E0:F8:19:00:8F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/74f2ecdf-d5d5-4b42-92a4-04fcfd19f695.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.204.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8a:c9:81:cc:97:77:ce:1e:0f:51:27:b7:f5:d9:4a:cc:2a:43:
         f7:38:cf:f9:95:4a:66:26:b3:f1:a9:a9:53:1f:95:65:4e:10:
         eb:d3:2c:f3:3f:9b:a6:85:b9:16:42:60:eb:e0:0d:75:6b:de:
         20:0b:a9:84:c2:f6:f3:be:6b:b4:03:73:44:d1:45:5d:73:6a:
         a5:26:38:be:a3:c4:87:86:3b:6f:d8:7e:e1:5f:c5:e1:76:12:
         73:97:84:cc:4b:a0:96:1d:13:66:b5:5d:2b:c7:47:93:57:f6:
         0b:fd:69:47:3d:7b:08:51:61:bd:89:80:3d:1d:1a:ad:e1:b9:
         73:ea:ea:8a:51:52:ff:70:3b:68:55:69:9c:8e:ac:99:71:10:
         ed:53:6b:f4:6e:89:d6:54:b7:e8:0e:d1:7c:cf:42:c4:3f:b6:
         49:e7:ec:71:90:0e:55:53:82:0e:cd:b1:95:8a:85:dd:dc:ad:
         5f:1b:7d:ad:83:f2:94:1d:9d:63:ad:21:b2:ed:28:26:f7:3a:
         b7:35:ca:1e:80:a4:b1:e7:68:44:0d:6d:8b:68:48:a4:8e:8e:
         05:ec:07:0f:b6:fc:18:54:2c:67:93:80:fb:0d:79:3b:3e:12:
         64:8d:1a:5c:98:b2:7c:35:7f:19:16:2b:41:c1:ed:65:87:29:
         50:62:0d:74
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUZ+gVLcuGXY8maG7vxSU7giOBhcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI0MDMwMDU1WhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNzA2MGQ2MjYwYjQ5YTIwNDI5MzE2OWNmYzgxZDBlZjA5
OTE2MGNhYTcyMjQ1NmYwN2VkYjg0ZDVlMDZiMGRjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFqefle8mcM82gWA4/PnDA0sqrhbVEknx5Numr0HIeF1od
pi6ipQTElMt2srZj/sTacUGg2alm+neNVC8S+umjFrD8kSWDDUarVdJn0hjK5G9w
hagGO6mLIp3j19ab96BvINbN3DJSAwCqtVJBAemL2ogTYO4Noi6znMNqrAxPtt95
75VPlgcldkjZdZEUlvhpQPH4q7J+Y0T+rECYBLGBDSzB/4AE1QpBizCkRDgf9ZST
8Aljos6JPYJnkuQ++4+3wo3CnhsJKbk4uiA93pOH71XfFTmWtHMXhapBzn7x8oae
jMXUGJ9pwa7orb5VxgC6As8iqyTRWDs+WyhdEllNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURNWpNqIdQwUCIRHDTz5s4PgZAI8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc0ZjJlY2RmLWQ1ZDUtNGI0Mi05MmE0LTA0ZmNmZDE5ZjY5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ2zCAwDQYJKoZIhvcNAQELBQADggEBAIrJgcyXd84eD1Ent/XZSswqQ/c4
z/mVSmYms/GpqVMflWVOEOvTLPM/m6aFuRZCYOvgDXVr3iALqYTC9vO+a7QDc0TR
RV1zaqUmOL6jxIeGO2/YfuFfxeF2EnOXhMxLoJYdE2a1XSvHR5NX9gv9aUc9ewhR
Yb2JgD0dGq3huXPq6opRUv9wO2hVaZyOrJlxEO1Ta/RuidZUt+gO0XzPQsQ/tknn
7HGQDlVTgg7NsZWKhd3crV8bfa2D8pQdnWOtIbLtKCb3Orc1yh6ApLHnaEQNbYto
SKSOjgXsBw+2/BhULGeTgPsNeTs+EmSNGlyYsnw1fxkWK0HB7WWHKVBiDXQ=
-----END CERTIFICATE-----