Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3bf74f8-f8ed-4714-a9ea-6890406bdffa.roa
File:                     b3bf74f8-f8ed-4714-a9ea-6890406bdffa.roa (raw, json)
Hash identifier:          cnuUV5tk+6+rS6lkTbDDe3yi40aMG3JtQfeHQU7Mk2g=
Subject key identifier:   4D:4E:8B:F5:85:ED:8F:D5:5B:08:B7:D5:DD:6A:AF:4A:E5:2A:CA:A9
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1F247BDFEABB622A83D702ED5B77B1E7FD6617BB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3bf74f8-f8ed-4714-a9ea-6890406bdffa.roa
Signing time:             Tue 24 Feb 2026 03:50:13 +0000
ROA not before:           Tue 24 Feb 2026 03:50:13 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.245.64.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:24:7b:df:ea:bb:62:2a:83:d7:02:ed:5b:77:b1:e7:fd:66:17:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 24 03:50:13 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=6d00605c63ff9b745c98c215852b09af48e74599bf24def919412a1174b4bfbd, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2b:b3:51:7a:fc:74:12:4c:04:3e:cc:b2:86:
                    c3:dd:13:0e:7f:af:1a:7d:79:fb:ce:26:9f:69:6b:
                    3f:03:a7:02:b1:c2:6a:1b:d0:68:4e:38:7e:ed:98:
                    2a:bd:75:25:9b:38:5f:83:3d:71:8d:e8:04:1b:39:
                    ba:fe:51:24:73:53:a4:ac:2d:51:9c:d6:e8:5e:2f:
                    54:79:7c:b7:d2:e9:2c:56:b4:ed:1f:3e:a7:28:3d:
                    53:4a:94:f0:83:d8:88:e2:cf:dc:19:c7:76:a6:3e:
                    91:1a:28:c1:01:24:a8:1c:25:70:c5:89:5a:2e:31:
                    f7:82:de:88:2c:9c:42:3e:5f:12:73:4e:af:e0:13:
                    15:49:e0:97:17:b4:f7:2c:68:4a:c1:59:ad:61:3e:
                    55:61:32:69:11:00:10:03:5e:1d:7b:91:8f:24:04:
                    c1:40:7b:7b:92:9f:8c:9e:f1:e4:64:58:b5:75:ad:
                    c0:e3:3d:aa:62:e4:ea:40:e4:71:07:fb:5f:fc:6d:
                    d6:08:d1:1d:09:75:85:1d:95:8f:b2:c1:7a:0c:42:
                    89:c8:86:7a:ec:bf:8f:da:9d:f3:46:c1:45:c2:42:
                    c0:f0:ff:d3:6a:78:4d:66:96:0a:55:8e:2d:1b:2c:
                    a6:de:cd:64:bd:f6:e7:3b:b8:09:09:c8:c1:d0:03:
                    b4:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:4E:8B:F5:85:ED:8F:D5:5B:08:B7:D5:DD:6A:AF:4A:E5:2A:CA:A9
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b3bf74f8-f8ed-4714-a9ea-6890406bdffa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.245.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4e:19:be:99:77:0b:2c:12:54:a2:61:17:60:50:a1:95:70:14:
         96:bc:b4:54:52:67:0a:b4:3e:5d:1d:2c:f4:1c:66:11:9b:23:
         b6:cf:1b:ae:99:b6:93:3e:63:a3:51:ab:87:d5:af:57:9e:b7:
         69:54:b5:de:77:d5:cf:eb:d7:e2:fe:81:f4:d1:e3:29:e1:ba:
         51:a1:99:b4:7d:be:ca:8b:bc:ee:2b:ed:18:4d:ef:82:6b:77:
         f2:3a:68:80:12:7d:61:0c:83:45:fc:6b:f1:dd:35:a3:9f:fb:
         06:fe:82:47:17:4d:8a:63:11:94:8e:98:41:4a:52:05:68:8d:
         ce:5d:e1:d2:37:17:56:c9:39:29:e5:bd:98:44:1d:d3:2b:2a:
         20:03:ce:e2:c8:e8:47:35:2e:04:b1:a4:79:ac:22:3f:2b:99:
         07:1c:e2:4d:25:1a:c4:d3:29:f8:52:b3:39:4f:e0:65:d0:36:
         20:5e:ec:90:89:3a:4f:0a:35:1f:5f:b1:40:a5:15:e6:f0:27:
         2c:9c:e3:26:ba:ca:80:c7:db:8b:44:b6:ab:46:e2:02:dc:50:
         be:c4:a2:ed:99:05:12:9b:1a:3e:4f:0b:36:59:93:3b:fd:6e:
         65:b6:c7:f7:f4:11:e9:bd:8d:d0:f4:ff:16:a5:51:82:91:e9:
         5f:66:c3:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHyR73+q7YiqD1wLtW3ex5/1mF7swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI0MDM1MDEzWhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZDAwNjA1YzYzZmY5Yjc0NWM5OGMyMTU4NTJiMDlhZjQ4
ZTc0NTk5YmYyNGRlZjkxOTQxMmExMTc0YjRiZmJkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpK7NRevx0EkwEPsyyhsPdEw5/rxp9efvOJp9paz8DpwKx
wmob0GhOOH7tmCq9dSWbOF+DPXGN6AQbObr+USRzU6SsLVGc1uheL1R5fLfS6SxW
tO0fPqcoPVNKlPCD2Ijiz9wZx3amPpEaKMEBJKgcJXDFiVouMfeC3ogsnEI+XxJz
Tq/gExVJ4JcXtPcsaErBWa1hPlVhMmkRABADXh17kY8kBMFAe3uSn4ye8eRkWLV1
rcDjPapi5OpA5HEH+1/8bdYI0R0JdYUdlY+ywXoMQonIhnrsv4/anfNGwUXCQsDw
/9NqeE1mlgpVji0bLKbezWS99uc7uAkJyMHQA7TVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTU6L9YXtj9VbCLfV3WqvSuUqyqkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2IzYmY3NGY4LWY4ZWQtNDcxNC1hOWVhLTY4OTA0MDZiZGZmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ29UAwDQYJKoZIhvcNAQELBQADggEBAE4Zvpl3CywSVKJhF2BQoZVwFJa8
tFRSZwq0Pl0dLPQcZhGbI7bPG66ZtpM+Y6NRq4fVr1eet2lUtd531c/r1+L+gfTR
4ynhulGhmbR9vsqLvO4r7RhN74Jrd/I6aIASfWEMg0X8a/HdNaOf+wb+gkcXTYpj
EZSOmEFKUgVojc5d4dI3F1bJOSnlvZhEHdMrKiADzuLI6Ec1LgSxpHmsIj8rmQcc
4k0lGsTTKfhSszlP4GXQNiBe7JCJOk8KNR9fsUClFebwJyyc4ya6yoDH24tEtqtG
4gLcUL7Eou2ZBRKbGj5PCzZZkzv9bmW2x/f0Eem9jdD0/xalUYKR6V9mw1Y=
-----END CERTIFICATE-----