Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c3d56cab-ff52-47c9-8bbe-1ce3598bf804.roa
File:                     c3d56cab-ff52-47c9-8bbe-1ce3598bf804.roa (raw, json)
Hash identifier:          oxH7qi1xL2n3H6YF/jUmw6OZ7fUZxpEyzLu1YTS4a+0=
Subject key identifier:   C8:EF:06:AA:AB:BC:75:65:A7:D9:20:EC:23:44:12:77:B3:56:B2:84
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       02EAEE538E67E96234AE75CE073BC0ECAB193A5E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c3d56cab-ff52-47c9-8bbe-1ce3598bf804.roa
Signing time:             Sat 28 Feb 2026 02:21:14 +0000
ROA not before:           Sat 28 Feb 2026 02:21:14 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        192.39.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ea:ee:53:8e:67:e9:62:34:ae:75:ce:07:3b:c0:ec:ab:19:3a:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 02:21:14 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=3774868b35dff544d4cc0e9fc1a7e07848c90ed7e14c8b482833401710d689a0, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:da:dd:8e:60:eb:b1:25:fc:61:0d:71:08:b3:
                    99:54:83:01:9c:4c:5b:c0:7d:3f:7f:49:14:e0:db:
                    50:90:ba:ec:9b:c9:a0:d3:fe:43:ec:3c:8f:92:0d:
                    6c:3f:66:a9:7c:a9:1c:f0:df:10:c2:49:a1:28:d4:
                    eb:ca:cf:21:a1:be:15:a9:31:f7:fb:03:5a:a1:dd:
                    f7:31:51:4e:1d:d1:ff:82:95:6e:49:08:17:56:79:
                    13:4c:68:50:80:d7:ea:db:ad:fe:e5:c5:39:cc:32:
                    9a:be:aa:f5:fd:96:d5:20:00:84:04:6f:62:2f:24:
                    64:6e:5f:1e:df:a9:91:f8:38:8b:95:ac:12:bd:de:
                    77:3d:b0:ac:82:4a:b9:36:eb:11:b2:55:32:41:b6:
                    ee:cf:72:a9:bc:d3:8d:8a:b4:ee:a0:7a:f8:9b:3f:
                    8c:76:c5:db:44:6e:3b:10:da:95:5e:77:a7:76:ab:
                    1c:7a:6c:d0:bb:b7:75:4c:d1:88:08:7e:01:78:8a:
                    b0:22:69:91:a6:c2:e0:f7:df:2e:4d:0b:cb:86:1d:
                    75:95:2a:45:49:d5:d1:f6:51:4b:0d:e1:3e:bd:19:
                    9c:6f:75:e4:59:9e:0c:4c:cd:f9:78:2b:f3:fc:b7:
                    64:e7:47:20:c4:ee:ae:9a:db:9f:0e:2f:df:b5:ce:
                    b0:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:EF:06:AA:AB:BC:75:65:A7:D9:20:EC:23:44:12:77:B3:56:B2:84
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c3d56cab-ff52-47c9-8bbe-1ce3598bf804.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.39.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         51:bc:3b:f1:9f:28:1e:ae:fd:ac:80:04:91:34:86:29:12:95:
         39:eb:ed:50:a1:bf:6b:97:11:de:ba:49:00:2b:fe:f3:6d:c7:
         38:73:f9:7f:cb:d8:95:1f:49:f5:4d:2b:54:69:bb:90:31:cd:
         65:fc:a1:bb:29:78:ef:88:f0:b9:ba:c3:7a:6d:ae:93:e1:a6:
         e6:f3:65:2a:f5:06:ed:74:a0:92:1a:c9:7a:be:17:36:43:c7:
         62:33:fa:46:8b:ce:87:85:2a:cf:7c:7d:03:67:4b:32:37:45:
         e3:4c:7e:48:0e:0d:00:52:3c:fb:35:7b:73:aa:b2:97:2a:aa:
         8e:3a:7d:97:4f:2f:31:e0:e9:13:27:ea:cf:cb:3d:ed:aa:0f:
         d2:06:b9:b0:91:f1:44:46:85:75:30:b9:59:dd:b6:31:44:c0:
         e6:24:61:83:e7:39:fe:29:74:4c:a8:b3:a1:2a:e8:b8:f3:a0:
         a4:c9:1c:0b:20:dc:39:68:ed:be:68:95:e7:d1:09:0e:a7:ec:
         ad:ef:89:1c:69:3c:66:f9:c6:1d:b4:21:7d:c6:3b:90:87:2b:
         d0:48:cc:ad:ab:a1:c2:92:9a:f3:90:67:ab:53:06:7f:3e:d0:
         6d:56:11:9d:73:ee:99:c6:14:22:e2:00:9b:ef:27:b4:c6:39:
         f4:45:75:7a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAuruU45n6WI0rnXOBzvA7KsZOl4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDIyMTE0WhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNzc0ODY4YjM1ZGZmNTQ0ZDRjYzBlOWZjMWE3ZTA3ODQ4
YzkwZWQ3ZTE0YzhiNDgyODMzNDAxNzEwZDY4OWEwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDH2t2OYOuxJfxhDXEIs5lUgwGcTFvAfT9/SRTg21CQuuyb
yaDT/kPsPI+SDWw/Zql8qRzw3xDCSaEo1OvKzyGhvhWpMff7A1qh3fcxUU4d0f+C
lW5JCBdWeRNMaFCA1+rbrf7lxTnMMpq+qvX9ltUgAIQEb2IvJGRuXx7fqZH4OIuV
rBK93nc9sKyCSrk26xGyVTJBtu7Pcqm8042KtO6gevibP4x2xdtEbjsQ2pVed6d2
qxx6bNC7t3VM0YgIfgF4irAiaZGmwuD33y5NC8uGHXWVKkVJ1dH2UUsN4T69GZxv
deRZngxMzfl4K/P8t2TnRyDE7q6a258OL9+1zrCRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUyO8Gqqu8dWWn2SDsI0QSd7NWsoQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2MzZDU2Y2FiLWZmNTItNDdjOS04YmJlLTFjZTM1OThiZjgwNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwDAJzANBgkqhkiG9w0BAQsFAAOCAQEAUbw78Z8oHq79rIAEkTSGKRKVOevt
UKG/a5cR3rpJACv+823HOHP5f8vYlR9J9U0rVGm7kDHNZfyhuyl474jwubrDem2u
k+Gm5vNlKvUG7XSgkhrJer4XNkPHYjP6RovOh4Uqz3x9A2dLMjdF40x+SA4NAFI8
+zV7c6qylyqqjjp9l08vMeDpEyfqz8s97aoP0ga5sJHxREaFdTC5Wd22MUTA5iRh
g+c5/il0TKizoSrouPOgpMkcCyDcOWjtvmiV59EJDqfsre+JHGk8ZvnGHbQhfcY7
kIcr0EjMrauhwpKa85Bnq1MGfz7QbVYRnXPumcYUIuIAm+8ntMY59EV1eg==
-----END CERTIFICATE-----