Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7548a798-1ee1-411b-9334-05aa053078b8.roa
File:                     7548a798-1ee1-411b-9334-05aa053078b8.roa (raw, json)
Hash identifier:          9ptlWPVuj5p/yRALfkCzGeKeZXDJtzsZpdefavAJO+c=
Subject key identifier:   5A:4C:A6:62:BD:3F:58:A0:64:58:AE:37:6C:7C:45:D9:E9:88:51:B3
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1A97C88C96BFCFECD9AB90CCE6284231893CF98D
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7548a798-1ee1-411b-9334-05aa053078b8.roa
Signing time:             Tue 24 Feb 2026 03:21:43 +0000
ROA not before:           Tue 24 Feb 2026 03:21:43 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.232.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:97:c8:8c:96:bf:cf:ec:d9:ab:90:cc:e6:28:42:31:89:3c:f9:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 24 03:21:43 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=60c4372a2018754e4d3e0b060cab82a10d25e4775d1ecd37f36082b0fecfa057, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7b:8f:06:41:16:6a:a2:4a:76:c4:ae:98:42:
                    9e:27:8a:aa:47:ae:cc:f7:d2:09:a6:8b:b3:bf:dd:
                    3e:9e:5d:23:0a:48:f5:c1:bd:89:da:98:a4:8f:ac:
                    99:0b:4a:63:b1:ec:c2:a7:c0:e8:04:f2:03:12:e0:
                    ba:f3:20:ef:6a:11:61:85:6b:22:b5:96:82:31:1f:
                    4b:a3:d1:5c:08:c7:6b:2b:1a:65:6e:16:ce:b6:b0:
                    db:1e:1f:47:5b:4c:23:03:ca:39:69:51:5f:74:7d:
                    89:ea:51:96:6a:b4:da:d3:9d:53:38:55:bd:0f:69:
                    0d:5a:9e:b8:b2:ab:cc:1e:61:4c:5a:c9:06:d1:a2:
                    52:2c:a2:61:93:af:a7:66:61:cc:49:59:fd:63:08:
                    c8:de:8b:12:66:6b:cd:ae:db:39:0d:e1:f5:92:42:
                    08:96:8d:37:3d:3e:96:25:05:66:c6:54:53:5f:71:
                    b2:80:09:2c:07:f4:a2:53:57:58:86:c3:96:41:c6:
                    82:df:a9:37:7f:18:57:b0:10:81:b3:a0:7e:7a:e6:
                    78:1d:59:2e:b4:b1:7c:fa:b7:3f:e6:96:22:2d:93:
                    e7:b2:08:f2:46:b2:62:fc:42:53:95:fb:62:67:57:
                    1e:6e:9f:bd:36:49:04:ed:0d:3d:90:fb:16:2d:e2:
                    b0:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:4C:A6:62:BD:3F:58:A0:64:58:AE:37:6C:7C:45:D9:E9:88:51:B3
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/7548a798-1ee1-411b-9334-05aa053078b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.232.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         80:a3:c4:2d:5c:a0:77:69:f7:ca:e1:07:0e:d9:da:41:fd:b8:
         a5:c1:45:dc:51:92:19:f6:91:7f:5f:89:32:29:ef:8f:68:f1:
         b7:1c:5a:15:30:4b:8a:e1:14:e6:54:6d:01:4a:3a:e3:ac:ed:
         94:5c:b1:67:57:f1:f7:93:8e:60:d7:25:df:27:46:03:70:0c:
         74:1b:2c:d2:88:7d:0c:27:08:a1:e3:38:7b:53:50:20:dd:46:
         b0:e0:99:8c:30:9e:a6:0c:6c:09:f1:e1:97:4a:42:cb:1b:5e:
         36:3b:8d:92:55:20:69:23:41:a4:73:d9:27:3c:de:6e:e8:ab:
         ba:5f:0a:b9:ef:ec:da:eb:e3:28:42:4f:2f:fb:a5:bb:7d:d4:
         ee:8f:f0:98:43:43:85:c1:ba:a9:46:ac:b5:cf:22:96:32:6b:
         21:1d:2b:9d:11:79:aa:9b:cf:02:17:64:aa:d4:70:79:a0:8e:
         64:18:44:2c:54:30:d5:f0:4a:79:04:e3:68:57:de:7e:50:60:
         a0:44:2e:67:62:5a:6c:04:4f:a6:d5:ff:b1:69:c7:2f:70:2e:
         62:21:8c:b4:b2:0a:fa:40:c6:7a:75:95:73:ca:9e:f4:55:67:
         d7:c2:84:b0:ec:b8:be:f9:51:4c:e7:cc:91:47:83:81:91:3d:
         86:2e:a5:8a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGpfIjJa/z+zZq5DM5ihCMYk8+Y0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI0MDMyMTQzWhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MGM0MzcyYTIwMTg3NTRlNGQzZTBiMDYwY2FiODJhMTBk
MjVlNDc3NWQxZWNkMzdmMzYwODJiMGZlY2ZhMDU3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCee48GQRZqokp2xK6YQp4niqpHrsz30gmmi7O/3T6eXSMK
SPXBvYnamKSPrJkLSmOx7MKnwOgE8gMS4LrzIO9qEWGFayK1loIxH0uj0VwIx2sr
GmVuFs62sNseH0dbTCMDyjlpUV90fYnqUZZqtNrTnVM4Vb0PaQ1anriyq8weYUxa
yQbRolIsomGTr6dmYcxJWf1jCMjeixJma82u2zkN4fWSQgiWjTc9PpYlBWbGVFNf
cbKACSwH9KJTV1iGw5ZBxoLfqTd/GFewEIGzoH565ngdWS60sXz6tz/mliItk+ey
CPJGsmL8QlOV+2JnVx5un702SQTtDT2Q+xYt4rDJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWkymYr0/WKBkWK43bHxF2emIUbMwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzc1NDhhNzk4LTFlZTEtNDExYi05MzM0LTA1YWEwNTMwNzhiOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAY26IAwDQYJKoZIhvcNAQELBQADggEBAICjxC1coHdp98rhBw7Z2kH9uKXB
RdxRkhn2kX9fiTIp749o8bccWhUwS4rhFOZUbQFKOuOs7ZRcsWdX8feTjmDXJd8n
RgNwDHQbLNKIfQwnCKHjOHtTUCDdRrDgmYwwnqYMbAnx4ZdKQssbXjY7jZJVIGkj
QaRz2Sc83m7oq7pfCrnv7Nrr4yhCTy/7pbt91O6P8JhDQ4XBuqlGrLXPIpYyayEd
K50ReaqbzwIXZKrUcHmgjmQYRCxUMNXwSnkE42hX3n5QYKBELmdiWmwET6bV/7Fp
xy9wLmIhjLSyCvpAxnp1lXPKnvRVZ9fChLDsuL75UUznzJFHg4GRPYYupYo=
-----END CERTIFICATE-----