Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/94342818-992c-4f42-87b9-1174a55dacce.roa
File:                     94342818-992c-4f42-87b9-1174a55dacce.roa (raw, json)
Hash identifier:          eQ6RdHK6BV5n//7wj5dGf6KaHvldHwB6rCP8HB2b2G0=
Subject key identifier:   7C:96:FD:03:48:53:E3:25:0B:85:14:27:AA:2A:B5:C7:91:83:AD:EF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       346C213E4C1EDE3547DDA57F4B15865917256B7C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/94342818-992c-4f42-87b9-1174a55dacce.roa
Signing time:             Sat 28 Feb 2026 03:10:59 +0000
ROA not before:           Sat 28 Feb 2026 03:10:59 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.67.0.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:6c:21:3e:4c:1e:de:35:47:dd:a5:7f:4b:15:86:59:17:25:6b:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 03:10:59 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=9a3a1d28164f4ea328efc1c49076c8d14d9475c70d7630a0b91d3a80ce9efbf5, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:63:44:15:04:61:17:e1:29:e5:5f:98:a8:1d:
                    d9:72:86:46:46:5b:a5:e7:d1:68:70:9f:55:8b:ca:
                    a7:1b:9e:f6:5b:63:17:04:15:eb:b8:63:53:4a:8f:
                    ba:a6:60:a9:2a:fa:7f:c9:76:67:46:49:61:eb:c0:
                    d4:09:45:aa:fa:3e:bd:cc:74:5a:19:2e:be:7b:66:
                    8f:96:a9:ca:6a:e0:33:9a:0b:dd:23:10:6d:6c:d3:
                    df:a7:0b:61:fa:9a:73:4b:f0:20:f7:3e:77:59:f9:
                    8d:e4:36:d5:46:6a:45:c0:ae:bb:42:05:4d:f8:15:
                    1f:d5:95:96:14:f4:a0:37:2e:b7:1d:cd:1c:0b:ce:
                    9f:33:3d:f4:e9:e7:83:04:77:a6:87:8a:88:b5:a1:
                    ff:55:b2:23:e7:18:cd:c3:48:bc:91:f3:8d:85:c2:
                    89:d3:43:88:15:57:fb:9d:e6:1c:be:38:1e:14:05:
                    aa:14:08:f3:24:5e:60:37:62:45:bc:7c:53:7f:94:
                    d1:c5:f1:0e:d0:39:cc:e8:5d:98:1c:8f:08:72:4b:
                    b5:fb:df:b1:d6:33:7f:b4:af:7e:58:64:3d:4f:9a:
                    aa:b3:79:5f:a0:fb:86:ca:d2:fb:77:80:83:69:11:
                    fc:04:9b:1f:14:91:e1:d1:cd:7c:53:9f:60:5a:40:
                    59:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:96:FD:03:48:53:E3:25:0B:85:14:27:AA:2A:B5:C7:91:83:AD:EF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/94342818-992c-4f42-87b9-1174a55dacce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.67.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         ac:01:1c:8f:7a:ed:90:fd:4a:1d:8f:a6:51:ad:5d:d5:fd:b5:
         87:a3:d8:19:96:cd:f2:81:44:82:bc:d0:d5:35:3b:d4:bc:2d:
         b9:51:30:f9:dc:96:79:ce:24:c4:4f:43:5c:1d:5a:8c:87:22:
         d8:0e:70:f0:c9:11:b7:27:d0:9e:3f:3d:22:2d:5f:7c:bc:9a:
         4b:42:6a:4a:7b:90:d1:be:23:6c:b6:1f:51:8c:cc:6b:21:90:
         ee:2e:93:e9:57:27:f5:dd:49:40:f0:3f:50:4b:dc:af:c1:e6:
         8d:ee:ab:c3:41:b8:98:17:e2:90:bc:7f:e4:20:19:28:bf:4a:
         e4:f6:b2:8d:cb:3e:dd:2f:29:84:80:1d:d9:18:e9:71:71:b1:
         bb:7b:2d:9a:61:cf:12:9e:08:90:5a:b9:c3:63:fc:b7:c7:6c:
         9a:22:93:40:52:29:d6:0a:ca:48:c5:dc:a1:32:08:43:15:86:
         cb:cf:05:33:a9:d8:82:c6:ee:ca:6c:19:07:fd:aa:37:bb:2d:
         fa:ac:dc:c1:5d:ee:33:03:f1:f1:9e:fc:96:72:e6:24:6e:96:
         fd:ef:11:63:50:e3:a2:da:90:b6:51:3c:78:34:fd:50:b3:c5:
         f7:d2:6c:c5:45:6e:97:9b:54:7f:34:40:6f:11:be:92:ef:96:
         94:86:cc:ff
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNGwhPkwe3jVH3aV/SxWGWRcla3wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDMxMDU5WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YTNhMWQyODE2NGY0ZWEzMjhlZmMxYzQ5MDc2YzhkMTRk
OTQ3NWM3MGQ3NjMwYTBiOTFkM2E4MGNlOWVmYmY1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMY0QVBGEX4SnlX5ioHdlyhkZGW6Xn0Whwn1WLyqcbnvZb
YxcEFeu4Y1NKj7qmYKkq+n/JdmdGSWHrwNQJRar6Pr3MdFoZLr57Zo+Wqcpq4DOa
C90jEG1s09+nC2H6mnNL8CD3PndZ+Y3kNtVGakXArrtCBU34FR/VlZYU9KA3Lrcd
zRwLzp8zPfTp54MEd6aHioi1of9VsiPnGM3DSLyR842FwonTQ4gVV/ud5hy+OB4U
BaoUCPMkXmA3YkW8fFN/lNHF8Q7QOczoXZgcjwhyS7X737HWM3+0r35YZD1Pmqqz
eV+g+4bK0vt3gINpEfwEmx8UkeHRzXxTn2BaQFmfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfJb9A0hT4yULhRQnqiq1x5GDre8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk0MzQyODE4LTk5MmMtNGY0Mi04N2I5LTExNzRhNTVkYWNjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2QwAwDQYJKoZIhvcNAQELBQADggEBAKwBHI967ZD9Sh2PplGtXdX9tYej
2BmWzfKBRIK80NU1O9S8LblRMPnclnnOJMRPQ1wdWoyHItgOcPDJEbcn0J4/PSIt
X3y8mktCakp7kNG+I2y2H1GMzGshkO4uk+lXJ/XdSUDwP1BL3K/B5o3uq8NBuJgX
4pC8f+QgGSi/SuT2so3LPt0vKYSAHdkY6XFxsbt7LZphzxKeCJBaucNj/LfHbJoi
k0BSKdYKykjF3KEyCEMVhsvPBTOp2ILG7spsGQf9qje7Lfqs3MFd7jMD8fGe/JZy
5iRulv3vEWNQ46LakLZRPHg0/VCzxffSbMVFbpebVH80QG8RvpLvlpSGzP8=
-----END CERTIFICATE-----