Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a6c99457-d6e4-410f-b770-4179301bd116.roa
File:                     a6c99457-d6e4-410f-b770-4179301bd116.roa (raw, json)
Hash identifier:          dVEy4hMk4g5sQPl+5lgYTyUwPgJgQztE2O2I8C+iL/0=
Subject key identifier:   A1:C0:C8:93:CE:90:B6:41:FA:55:14:A2:ED:95:A6:00:B3:E9:8A:BA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       63B7896BD68CEFFBDC50FFF6822CBF6AFDE4217F
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a6c99457-d6e4-410f-b770-4179301bd116.roa
Signing time:             Tue 19 May 2026 02:30:49 +0000
ROA not before:           Tue 19 May 2026 02:30:49 +0000
ROA not after:            Mon 17 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        136.136.0.0/14 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 18 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:b7:89:6b:d6:8c:ef:fb:dc:50:ff:f6:82:2c:bf:6a:fd:e4:21:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 19 02:30:49 2026 GMT
            Not After : Aug 17 23:59:59 2026 GMT
        Subject: serialNumber=9cf83b224fa4b977f0fad6c2cf1f785c341fa42b3feac6062b48aede1d403ba7, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:43:34:29:44:f4:16:ec:11:ff:7a:13:ef:ee:
                    62:d9:83:4b:9d:72:fa:b6:ba:5f:9f:40:5a:15:ec:
                    35:33:f9:be:1c:8e:cb:0e:90:c1:e3:90:71:d1:ed:
                    4e:e3:e8:e9:7d:9d:56:39:e4:70:bd:a5:dd:2d:86:
                    b8:26:8d:72:75:df:45:b9:92:72:e7:70:c1:df:7a:
                    c4:a2:6d:bc:84:92:7a:71:aa:0e:1d:f8:cf:0e:e7:
                    e7:3a:52:ed:fe:2c:4e:bf:ab:ee:d5:3a:87:4f:52:
                    a7:ac:c2:b8:b5:ff:b6:6c:cc:fa:c1:81:11:7f:c7:
                    9a:14:a1:6a:9f:5b:76:83:a7:92:88:94:62:51:29:
                    e3:22:3c:77:15:4f:ab:3c:c0:59:b7:99:92:87:bf:
                    6b:e9:75:df:23:8d:b3:11:d0:20:2c:d5:26:00:fd:
                    7e:90:e5:dc:2b:5e:f3:1b:05:71:e6:47:12:f5:08:
                    f2:c7:3d:d5:44:b1:93:5b:e0:86:71:92:b8:c8:6d:
                    9a:c9:8b:d8:ba:0c:01:20:f6:95:8b:8f:9e:b6:b1:
                    b9:04:5a:fb:1d:c2:bc:8c:37:d4:5f:0b:d1:7e:1e:
                    49:19:6e:5b:09:c2:82:bc:09:51:0f:b5:4f:0b:77:
                    62:1d:80:2e:b8:25:3d:bc:45:84:fc:c5:e1:7c:c2:
                    fc:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C0:C8:93:CE:90:B6:41:FA:55:14:A2:ED:95:A6:00:B3:E9:8A:BA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/a6c99457-d6e4-410f-b770-4179301bd116.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.136.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         7c:e6:18:70:86:05:03:04:f9:5c:82:be:26:60:05:82:ae:74:
         08:78:7c:8d:a2:10:6e:ca:32:5e:46:31:81:04:fb:ea:3c:f4:
         bd:6a:1d:a6:81:c8:a7:d9:86:89:e8:b8:16:79:f4:73:57:00:
         e6:0b:63:63:d9:d1:ea:65:ef:ee:aa:6f:8e:f5:8f:c3:5f:fc:
         79:62:09:ca:22:50:5b:b5:7e:f8:cc:9d:63:d6:71:7f:69:df:
         99:01:46:72:60:3d:96:5e:bb:61:0d:4c:a8:aa:6b:39:42:f6:
         d5:ef:b1:d3:01:a2:03:48:9d:4e:f4:4c:3d:c9:f3:63:00:48:
         31:fd:14:3e:0d:20:d3:11:8a:d5:34:c6:dd:0f:3b:89:a0:49:
         d6:c9:41:e3:00:4b:58:b6:17:b9:3d:45:28:7f:95:4d:81:05:
         e7:d6:ab:bc:ee:d2:a3:0b:c1:ed:d9:4a:94:04:b0:88:31:93:
         89:cf:28:a3:39:d4:ed:32:0a:67:d5:8f:ef:8e:09:a2:b4:82:
         8f:0b:55:5c:80:18:79:62:42:01:32:fc:6f:76:ce:f3:e5:10:
         dd:77:6a:c4:af:71:27:75:43:4e:6f:60:bf:fb:66:4c:2a:51:
         f6:db:bb:90:49:82:e3:bb:3c:0b:2e:88:63:f4:07:76:de:31:
         64:a4:3d:7c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY7eJa9aM7/vcUP/2giy/av3kIX8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTE5MDIzMDQ5WhcNMjYwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5Y2Y4M2IyMjRmYTRiOTc3ZjBmYWQ2YzJjZjFmNzg1YzM0
MWZhNDJiM2ZlYWM2MDYyYjQ4YWVkZTFkNDAzYmE3MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtQzQpRPQW7BH/ehPv7mLZg0udcvq2ul+fQFoV7DUz+b4c
jssOkMHjkHHR7U7j6Ol9nVY55HC9pd0thrgmjXJ130W5knLncMHfesSibbyEknpx
qg4d+M8O5+c6Uu3+LE6/q+7VOodPUqeswri1/7ZszPrBgRF/x5oUoWqfW3aDp5KI
lGJRKeMiPHcVT6s8wFm3mZKHv2vpdd8jjbMR0CAs1SYA/X6Q5dwrXvMbBXHmRxL1
CPLHPdVEsZNb4IZxkrjIbZrJi9i6DAEg9pWLj562sbkEWvsdwryMN9RfC9F+HkkZ
blsJwoK8CVEPtU8Ld2IdgC64JT28RYT8xeF8wvzzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUocDIk86QtkH6VRSi7ZWmALPpirowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2E2Yzk5NDU3LWQ2ZTQtNDEwZi1iNzcwLTQxNzkzMDFiZDExNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwKIiDANBgkqhkiG9w0BAQsFAAOCAQEAfOYYcIYFAwT5XIK+JmAFgq50CHh8
jaIQbsoyXkYxgQT76jz0vWodpoHIp9mGiei4Fnn0c1cA5gtjY9nR6mXv7qpvjvWP
w1/8eWIJyiJQW7V++MydY9Zxf2nfmQFGcmA9ll67YQ1MqKprOUL21e+x0wGiA0id
TvRMPcnzYwBIMf0UPg0g0xGK1TTG3Q87iaBJ1slB4wBLWLYXuT1FKH+VTYEF59ar
vO7SowvB7dlKlASwiDGTic8ooznU7TIKZ9WP744JorSCjwtVXIAYeWJCATL8b3bO
8+UQ3XdqxK9xJ3VDTm9gv/tmTCpR9tu7kEmC47s8Cy6IY/QHdt4xZKQ9fA==
-----END CERTIFICATE-----