Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bcf80c54-6e30-4c17-851c-6a3c0676f77d.roa
File:                     bcf80c54-6e30-4c17-851c-6a3c0676f77d.roa (raw, json)
Hash identifier:          exbIe+umY8s+0U9LdLA9Lo8ShHOhdeu/l5SyA+VJpHA=
Subject key identifier:   16:B6:9F:F9:92:A0:8F:9B:63:B8:5F:90:1D:9A:B6:C9:3C:52:BE:65
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       78513F06E57961C286EAB88979144F05E11B1AAA
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bcf80c54-6e30-4c17-851c-6a3c0676f77d.roa
Signing time:             Sat 28 Feb 2026 02:31:23 +0000
ROA not before:           Sat 28 Feb 2026 02:31:23 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        140.145.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:51:3f:06:e5:79:61:c2:86:ea:b8:89:79:14:4f:05:e1:1b:1a:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 02:31:23 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=b551acd85b132a8d2f338dd6eff7513a14f7fac83b344b5b1e0522f7bbce913a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:85:8a:7c:fa:b8:2b:cc:b7:af:b6:f3:85:87:
                    d1:b2:54:cc:42:ca:7c:27:96:d4:e8:3d:1f:13:f1:
                    01:c4:2b:03:6b:83:0f:c0:c4:27:8d:6f:86:26:d8:
                    21:b4:34:e4:56:27:fc:6c:a7:88:e0:a8:ea:5c:a4:
                    26:99:f7:91:af:47:d0:3d:19:05:84:22:80:6b:bf:
                    8f:80:1d:3f:93:6d:1c:52:cc:0e:37:e3:75:91:a3:
                    af:b4:66:ff:83:86:be:7a:ec:64:9d:f4:d7:56:6c:
                    54:aa:ae:bc:6a:b5:8d:61:e7:97:be:5f:b7:30:0c:
                    92:d3:13:79:a8:bb:7e:09:8d:3e:4e:0d:58:02:9b:
                    6d:eb:57:f0:7d:36:9c:b9:e8:c5:4a:cf:fe:b5:2e:
                    11:58:33:0f:ef:0f:e1:fb:e5:9e:9c:a5:15:f6:32:
                    6a:ec:7d:cf:04:16:8e:9b:22:27:c2:59:f5:b8:3f:
                    e2:9c:2c:8f:77:c8:29:34:4c:6b:48:43:51:a5:39:
                    df:63:9c:1f:20:73:9a:c8:5a:09:4a:f6:36:4a:ff:
                    66:7a:b7:d7:5e:a7:f3:ec:b1:f1:b2:e4:49:74:09:
                    aa:25:1b:6d:16:cf:90:51:ef:11:43:75:96:97:f5:
                    db:c6:66:ee:80:90:6e:aa:f2:3c:16:94:bd:c4:10:
                    4f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:B6:9F:F9:92:A0:8F:9B:63:B8:5F:90:1D:9A:B6:C9:3C:52:BE:65
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bcf80c54-6e30-4c17-851c-6a3c0676f77d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.145.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a8:a1:6b:d1:bf:2b:15:c2:1c:f5:8f:d8:59:e7:61:d5:72:4a:
         ee:ae:c7:41:20:28:8b:06:4b:fc:7c:ec:0a:a0:0e:73:9c:ec:
         88:57:33:2d:cf:8d:d1:89:2b:79:ed:a1:0a:97:22:7a:4d:f0:
         65:41:85:e5:65:75:ef:d3:1f:21:00:f3:04:92:9e:7b:dc:39:
         27:02:5e:b6:27:33:ba:b6:48:a8:22:c0:ca:43:c9:29:5c:ad:
         43:47:4f:26:64:81:28:57:a3:24:57:7e:b0:93:23:ba:73:d4:
         fa:2b:ee:5c:f3:db:6e:19:a4:4d:c0:70:74:30:45:de:f2:8e:
         fc:ca:9b:af:17:93:f9:3c:24:2e:e8:d6:f9:85:d8:63:4e:6a:
         49:ec:40:50:de:68:f4:94:28:c2:d9:e0:cb:48:44:71:b9:37:
         13:74:2f:18:81:01:80:ef:00:40:0e:d5:fa:0f:e5:ef:50:b9:
         b5:21:e2:ba:25:d0:c7:77:1c:33:9a:07:bd:18:19:14:45:c6:
         bc:fe:aa:45:2a:08:a8:2f:a6:d1:1b:4b:5e:4c:11:cd:51:6f:
         7f:e5:04:b8:b0:2d:04:ce:79:53:ed:57:8f:0c:bf:e5:f5:d1:
         64:78:30:2f:83:47:a5:f7:f7:db:88:a6:ce:9c:e9:ef:14:73:
         60:78:19:00
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeFE/BuV5YcKG6riJeRRPBeEbGqowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDIzMTIzWhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTUxYWNkODViMTMyYThkMmYzMzhkZDZlZmY3NTEzYTE0
ZjdmYWM4M2IzNDRiNWIxZTA1MjJmN2JiY2U5MTNhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3hYp8+rgrzLevtvOFh9GyVMxCynwnltToPR8T8QHEKwNr
gw/AxCeNb4Ym2CG0NORWJ/xsp4jgqOpcpCaZ95GvR9A9GQWEIoBrv4+AHT+TbRxS
zA4343WRo6+0Zv+Dhr567GSd9NdWbFSqrrxqtY1h55e+X7cwDJLTE3mou34JjT5O
DVgCm23rV/B9Npy56MVKz/61LhFYMw/vD+H75Z6cpRX2Mmrsfc8EFo6bIifCWfW4
P+KcLI93yCk0TGtIQ1GlOd9jnB8gc5rIWglK9jZK/2Z6t9dep/PssfGy5El0Caol
G20Wz5BR7xFDdZaX9dvGZu6AkG6q8jwWlL3EEE/pAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFraf+ZKgj5tjuF+QHZq2yTxSvmUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JjZjgwYzU0LTZlMzAtNGMxNy04NTFjLTZhM2MwNjc2Zjc3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCMkTANBgkqhkiG9w0BAQsFAAOCAQEAqKFr0b8rFcIc9Y/YWedh1XJK7q7H
QSAoiwZL/HzsCqAOc5zsiFczLc+N0Ykree2hCpciek3wZUGF5WV179MfIQDzBJKe
e9w5JwJeticzurZIqCLAykPJKVytQ0dPJmSBKFejJFd+sJMjunPU+ivuXPPbbhmk
TcBwdDBF3vKO/MqbrxeT+TwkLujW+YXYY05qSexAUN5o9JQowtngy0hEcbk3E3Qv
GIEBgO8AQA7V+g/l71C5tSHiuiXQx3ccM5oHvRgZFEXGvP6qRSoIqC+m0RtLXkwR
zVFvf+UEuLAtBM55U+1Xjwy/5fXRZHgwL4NHpff324imzpzp7xRzYHgZAA==
-----END CERTIFICATE-----