Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bd7dba11-a4d3-4132-aea8-83567d15412a.roa
File:                     bd7dba11-a4d3-4132-aea8-83567d15412a.roa (raw, json)
Hash identifier:          GbbvoLgkp+KJS1dNc4G8z69MTYjOIp1sc8uXNWiw8B0=
Subject key identifier:   86:F4:B4:D2:7E:CE:2E:9D:D8:D0:08:27:F1:DE:8D:83:C7:56:06:FD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       247F8E5962AE6D2808284523B3193ACF460D70B3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bd7dba11-a4d3-4132-aea8-83567d15412a.roa
Signing time:             Tue 24 Feb 2026 03:30:57 +0000
ROA not before:           Tue 24 Feb 2026 03:30:57 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.240.50.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:7f:8e:59:62:ae:6d:28:08:28:45:23:b3:19:3a:cf:46:0d:70:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 24 03:30:57 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=1e060b5a8b466c4f54a881d47faf4d4f8da648747b1061f574a55ca0cf7ce61d, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2d:bf:9e:f5:7c:3b:96:d8:47:bf:e3:d0:6d:
                    e9:86:49:7f:aa:39:8d:f2:25:f0:b0:51:06:80:bc:
                    b8:41:6b:d4:30:11:a7:5d:9e:23:45:74:c4:94:e7:
                    2a:e5:36:10:95:a0:4e:b8:d8:ee:2f:c1:59:08:29:
                    32:e1:dc:68:e1:fc:35:e9:2e:fe:e4:a0:b1:a5:1b:
                    6f:02:08:1b:a2:a4:62:f7:c7:21:b5:81:58:90:bc:
                    44:ea:0a:2c:1d:1a:ad:80:0d:e5:b8:0f:ea:8f:0c:
                    e9:be:6a:6a:fc:ed:68:85:ea:b8:f0:6c:3e:21:0d:
                    8b:8f:fa:3c:3e:b1:4c:4d:06:68:b7:a8:b2:47:39:
                    fc:9b:60:3a:a5:11:b1:f6:8c:7a:4e:5a:c8:fd:79:
                    54:37:d2:7b:2c:c8:00:d5:69:f0:31:8f:cd:18:16:
                    f1:ab:91:03:19:de:8b:67:ef:43:fc:d4:54:c1:6c:
                    b3:6c:44:48:0e:43:17:36:d9:7c:6a:8b:a1:15:88:
                    45:d2:7b:f0:0f:b3:13:94:de:41:9b:b4:5b:74:6f:
                    4c:f5:75:98:10:7b:b3:30:43:39:cd:94:67:d6:c7:
                    28:93:6c:25:4e:1f:b0:46:12:cc:af:af:c4:d5:a0:
                    00:2c:b8:ba:9d:00:64:79:a7:81:98:80:6b:58:6e:
                    db:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F4:B4:D2:7E:CE:2E:9D:D8:D0:08:27:F1:DE:8D:83:C7:56:06:FD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bd7dba11-a4d3-4132-aea8-83567d15412a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.240.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         04:a0:33:30:de:94:af:83:3e:07:e5:da:99:4e:bc:45:87:0a:
         b9:5a:6a:82:c9:d0:c9:49:20:f0:97:be:0a:f0:73:c8:41:70:
         b7:32:49:35:0f:67:dd:09:1b:70:a3:b2:5f:1c:38:b9:9e:50:
         72:c4:4e:60:49:b9:3e:5b:cb:0d:8d:58:1b:69:25:f4:d3:85:
         de:f3:79:a7:86:5b:56:78:c7:d8:d2:75:75:32:c6:51:7a:0c:
         da:c9:1f:99:cb:5f:d5:48:4f:f3:a2:75:d6:ff:5f:cd:fa:14:
         91:32:00:8f:f3:25:6e:8c:3c:48:eb:47:97:6c:1d:c6:c4:18:
         bc:0c:cb:88:f4:32:2c:fc:06:ad:bc:cc:e8:05:72:62:3a:f8:
         fd:c5:77:ef:93:61:25:4c:46:8f:a8:53:bc:77:da:37:74:ca:
         3b:da:b7:a8:ac:95:50:40:5f:72:26:37:02:fc:02:a3:08:71:
         43:a5:84:ff:c9:31:30:5b:bc:c3:48:05:42:3c:86:de:d3:a6:
         2b:5a:d7:76:50:da:db:00:46:d5:03:e6:d0:f9:99:fe:5a:b7:
         48:a3:ee:b2:3d:1a:01:34:5b:16:f8:a6:e6:15:aa:ea:c8:f0:
         ff:b4:21:f4:3b:5a:05:70:18:3c:e0:9f:5c:75:40:18:bb:c4:
         01:bc:68:96
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJH+OWWKubSgIKEUjsxk6z0YNcLMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI0MDMzMDU3WhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTA2MGI1YThiNDY2YzRmNTRhODgxZDQ3ZmFmNGQ0Zjhk
YTY0ODc0N2IxMDYxZjU3NGE1NWNhMGNmN2NlNjFkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsLb+e9Xw7lthHv+PQbemGSX+qOY3yJfCwUQaAvLhBa9Qw
EaddniNFdMSU5yrlNhCVoE642O4vwVkIKTLh3Gjh/DXpLv7koLGlG28CCBuipGL3
xyG1gViQvETqCiwdGq2ADeW4D+qPDOm+amr87WiF6rjwbD4hDYuP+jw+sUxNBmi3
qLJHOfybYDqlEbH2jHpOWsj9eVQ30nssyADVafAxj80YFvGrkQMZ3otn70P81FTB
bLNsREgOQxc22Xxqi6EViEXSe/APsxOU3kGbtFt0b0z1dZgQe7MwQznNlGfWxyiT
bCVOH7BGEsyvr8TVoAAsuLqdAGR5p4GYgGtYbttfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhvS00n7OLp3Y0Agn8d6Ng8dWBv0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JkN2RiYTExLWE0ZDMtNDEzMi1hZWE4LTgzNTY3ZDE1NDEyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE28DIwDQYJKoZIhvcNAQELBQADggEBAASgMzDelK+DPgfl2plOvEWHCrla
aoLJ0MlJIPCXvgrwc8hBcLcySTUPZ90JG3Cjsl8cOLmeUHLETmBJuT5byw2NWBtp
JfTThd7zeaeGW1Z4x9jSdXUyxlF6DNrJH5nLX9VIT/Oiddb/X836FJEyAI/zJW6M
PEjrR5dsHcbEGLwMy4j0Miz8Bq28zOgFcmI6+P3Fd++TYSVMRo+oU7x32jd0yjva
t6islVBAX3ImNwL8AqMIcUOlhP/JMTBbvMNIBUI8ht7Tpita13ZQ2tsARtUD5tD5
mf5at0ij7rI9GgE0Wxb4puYVqurI8P+0IfQ7WgVwGDzgn1x1QBi7xAG8aJY=
-----END CERTIFICATE-----