Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9b297106-5adb-42a3-be39-8d4eb4ec1873.roa
File:                     9b297106-5adb-42a3-be39-8d4eb4ec1873.roa (raw, json)
Hash identifier:          48ghSy8qAb82MAupSlYrxcjVU6nAylfmRVXY6u6ARZA=
Subject key identifier:   DE:DD:CA:C8:83:B9:37:F1:8C:4B:69:FA:F6:8C:AF:6B:7B:02:2E:34
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1061C368DF9A7FC023270C021AAA4C931557592A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9b297106-5adb-42a3-be39-8d4eb4ec1873.roa
Signing time:             Sat 28 Feb 2026 01:40:35 +0000
ROA not before:           Sat 28 Feb 2026 01:40:35 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        54.88.0.0/14 maxlen: 14
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:61:c3:68:df:9a:7f:c0:23:27:0c:02:1a:aa:4c:93:15:57:59:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 01:40:35 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=aa01cdd7d6b23a6db7227531460a45ed8df11678b3bd17ce1b92395258c3d714, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:d6:0c:1c:ef:ac:b2:2f:e8:bd:4a:de:7d:29:
                    1f:31:64:c7:72:cf:65:52:3a:eb:b7:33:d3:0a:b2:
                    13:91:05:40:45:36:86:de:c8:1a:e5:9b:9a:d5:f6:
                    8e:f1:12:4d:17:05:5a:cf:b2:ff:3a:05:30:ba:c9:
                    e8:3c:a6:ba:5a:4d:c0:b1:70:02:34:80:f1:6d:17:
                    03:f2:65:2f:10:28:eb:19:e5:97:97:2d:9a:dc:75:
                    fb:1e:ee:16:5c:7c:61:d4:d2:44:5d:4d:b7:06:6e:
                    2b:e2:d7:53:a5:5e:f5:05:26:5a:94:0f:c9:36:3b:
                    ed:67:68:35:1c:d0:c5:f2:b9:58:d1:be:a4:40:3e:
                    75:27:85:b0:86:16:1f:8e:d7:0c:9e:f8:71:f9:8e:
                    52:8c:04:55:c8:bd:27:8d:6a:0d:74:89:89:a7:dc:
                    87:fc:10:79:09:47:c8:25:c6:a7:22:e4:8c:a2:c1:
                    b4:62:e9:9d:eb:f4:e3:dc:bc:f7:1b:f6:d1:42:ee:
                    e4:e5:0b:29:77:31:31:29:0f:0f:53:0e:12:49:6c:
                    dc:ef:94:a2:3b:2d:76:7f:dc:b6:0d:f1:ff:2f:a8:
                    6f:c6:3e:58:88:6a:4c:c1:2c:13:61:ed:87:76:d2:
                    f3:bd:4c:0e:8d:76:45:24:91:05:8f:40:d2:e8:a2:
                    cd:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:DD:CA:C8:83:B9:37:F1:8C:4B:69:FA:F6:8C:AF:6B:7B:02:2E:34
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9b297106-5adb-42a3-be39-8d4eb4ec1873.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.88.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         38:f2:76:7b:2d:55:d7:1c:df:ea:a1:d7:cc:53:31:84:07:76:
         6a:e8:c1:a8:5a:28:1d:1a:54:ae:3f:66:38:19:1b:f9:d9:f8:
         cc:34:2b:42:a0:13:02:2b:37:e8:c3:49:e0:ee:1a:9a:d6:0a:
         ae:c0:df:a3:d5:ef:7c:a8:72:75:8e:97:94:82:7d:22:ff:73:
         b3:75:9a:cc:07:82:56:c3:0b:43:ad:93:79:61:5b:38:e8:40:
         7a:db:32:d0:17:bf:8b:e9:05:92:ef:0a:d2:77:35:18:4a:7e:
         5e:7c:bd:c7:e8:4e:2b:8b:62:80:4d:72:b4:0a:50:8e:9c:cb:
         cc:c4:1f:ac:52:df:8f:78:c3:01:41:a6:17:b7:30:f9:e6:23:
         17:ad:c2:d4:b2:3b:db:d1:35:90:5e:e7:88:24:36:4f:fc:ee:
         6d:03:26:84:44:c2:31:f9:75:61:f5:d1:1a:7f:43:7e:48:c4:
         46:e2:44:f4:88:30:80:81:cf:e2:cf:27:52:6c:77:bd:2f:be:
         a7:95:d6:07:57:9a:f7:6c:01:b7:bd:3d:8d:a4:1c:35:81:e7:
         9c:af:c0:ba:39:37:6c:fa:17:40:88:14:7d:f8:62:16:a4:a8:
         79:0d:52:7e:74:4a:4d:cd:08:f6:66:92:7c:90:80:29:15:05:
         19:f5:ad:ea
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEGHDaN+af8AjJwwCGqpMkxVXWSowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDE0MDM1WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTAxY2RkN2Q2YjIzYTZkYjcyMjc1MzE0NjBhNDVlZDhk
ZjExNjc4YjNiZDE3Y2UxYjkyMzk1MjU4YzNkNzE0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDO1gwc76yyL+i9St59KR8xZMdyz2VSOuu3M9MKshORBUBF
NobeyBrlm5rV9o7xEk0XBVrPsv86BTC6yeg8prpaTcCxcAI0gPFtFwPyZS8QKOsZ
5ZeXLZrcdfse7hZcfGHU0kRdTbcGbivi11OlXvUFJlqUD8k2O+1naDUc0MXyuVjR
vqRAPnUnhbCGFh+O1wye+HH5jlKMBFXIvSeNag10iYmn3If8EHkJR8glxqci5Iyi
wbRi6Z3r9OPcvPcb9tFC7uTlCyl3MTEpDw9TDhJJbNzvlKI7LXZ/3LYN8f8vqG/G
PliIakzBLBNh7Yd20vO9TA6NdkUkkQWPQNLoos1ZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU3t3KyIO5N/GMS2n69oyva3sCLjQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzliMjk3MTA2LTVhZGItNDJhMy1iZTM5LThkNGViNGVjMTg3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwI2WDANBgkqhkiG9w0BAQsFAAOCAQEAOPJ2ey1V1xzf6qHXzFMxhAd2aujB
qFooHRpUrj9mOBkb+dn4zDQrQqATAis36MNJ4O4amtYKrsDfo9XvfKhydY6XlIJ9
Iv9zs3WazAeCVsMLQ62TeWFbOOhAetsy0Be/i+kFku8K0nc1GEp+Xny9x+hOK4ti
gE1ytApQjpzLzMQfrFLfj3jDAUGmF7cw+eYjF63C1LI729E1kF7niCQ2T/zubQMm
hETCMfl1YfXRGn9DfkjERuJE9IgwgIHP4s8nUmx3vS++p5XWB1ea92wBt709jaQc
NYHnnK/Aujk3bPoXQIgUffhiFqSoeQ1SfnRKTc0I9maSfJCAKRUFGfWt6g==
-----END CERTIFICATE-----