Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2e8f6f4-0d5d-43c4-8493-ca93c43a429e.roa
File:                     d2e8f6f4-0d5d-43c4-8493-ca93c43a429e.roa (raw, json)
Hash identifier:          zgm5NnqZRc1nlFJEHiYhprLjP3KHNiEWchPoT4zy6HE=
Subject key identifier:   FD:89:DB:7D:C4:1B:61:D1:6F:28:33:D1:88:71:1B:AD:79:C0:AE:1A
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0544542AD95C042F53641EE7033965510BDE198C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2e8f6f4-0d5d-43c4-8493-ca93c43a429e.roa
Signing time:             Sat 28 Feb 2026 01:40:32 +0000
ROA not before:           Sat 28 Feb 2026 01:40:32 +0000
ROA not after:            Fri 29 May 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        35.71.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:44:54:2a:d9:5c:04:2f:53:64:1e:e7:03:39:65:51:0b:de:19:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 28 01:40:32 2026 GMT
            Not After : May 29 23:59:59 2026 GMT
        Subject: serialNumber=7bbdb1958085bcf028a8d7a944966faefe2e5e29cfc492cd7dd6af73166bd92b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d4:be:22:17:b3:f4:03:c1:92:20:7b:c9:47:
                    a7:57:67:0d:5d:11:2f:02:3b:42:ea:f5:88:ed:db:
                    e5:83:0a:3a:b2:90:e4:6c:f1:99:13:74:97:c2:eb:
                    77:9a:29:11:83:1f:df:1b:dc:3d:04:fb:40:a4:87:
                    81:e9:cc:7e:c1:2f:a8:89:4e:92:ee:38:cc:30:3b:
                    c6:35:6a:60:3c:c6:7d:5c:d0:7a:28:bd:14:36:4e:
                    a7:7b:84:8a:13:42:c1:6c:21:c2:32:0f:75:58:e1:
                    b0:3a:44:88:d5:49:74:9a:bf:ec:79:d6:d1:f1:f1:
                    99:01:87:ab:1a:a6:c4:e0:90:2c:5e:4b:a9:01:58:
                    0e:9f:2f:bf:3f:e4:16:40:56:79:71:c5:85:a3:ff:
                    03:60:cb:0c:b5:47:0b:3f:c8:0f:0d:81:c5:84:56:
                    cd:54:5b:cf:94:49:1d:33:1a:7b:75:27:ef:4d:66:
                    72:57:80:6b:1a:6a:14:6b:71:80:9c:d5:a5:0f:24:
                    b7:82:ff:2b:42:fa:c0:cd:17:5c:f5:cf:55:af:9b:
                    19:c7:1b:52:37:0f:52:37:22:a8:42:28:ff:33:b6:
                    eb:93:19:a5:39:b6:38:5f:3a:4a:b6:ab:34:d0:47:
                    65:6a:fd:b7:88:34:40:6c:b9:fa:93:55:aa:37:f0:
                    52:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:89:DB:7D:C4:1B:61:D1:6F:28:33:D1:88:71:1B:AD:79:C0:AE:1A
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d2e8f6f4-0d5d-43c4-8493-ca93c43a429e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.71.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:51:6e:cd:8d:b7:0c:3c:97:16:8d:63:bb:5e:77:84:13:af:
         d8:23:b0:8e:83:f0:97:f6:0d:13:36:4d:55:de:13:09:dd:1b:
         e8:81:99:ee:ed:2c:86:14:9f:f2:a8:df:3b:2a:99:0d:b9:61:
         0b:ca:e9:fe:33:89:43:11:7c:fd:63:8d:da:70:8e:03:23:4c:
         c7:9d:f7:8a:fe:de:b9:2c:10:57:3e:76:c0:b4:3f:c8:be:d4:
         e3:22:3d:c1:5c:0b:a9:d3:5f:f4:8f:f9:fb:ec:62:19:c2:2e:
         98:71:dd:ed:51:fd:cd:33:b0:83:c6:0c:e6:6e:a3:7c:68:46:
         6c:9a:ab:83:40:b1:1a:ce:eb:a2:5c:0c:f5:1b:7b:f2:00:82:
         f2:f7:d4:7b:bc:37:f1:f1:de:42:03:71:35:30:3e:04:be:dc:
         b4:1e:93:0c:ce:a2:0c:31:f5:27:d2:64:58:c7:51:b5:2b:26:
         b9:c9:9f:19:d0:5e:dd:c8:f7:6f:9d:d6:4c:d9:d5:e7:e6:36:
         06:d1:dc:30:ca:b5:ff:7b:1e:cf:1c:22:cf:9b:6f:8a:14:17:
         bc:7d:45:4e:73:75:fe:12:1d:38:a9:4d:2d:8b:ba:68:04:3b:
         0a:4d:5f:62:46:ff:dc:f6:42:3a:18:38:e4:8f:28:f2:6b:5f:
         b5:27:3c:94
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBURUKtlcBC9TZB7nAzllUQveGYwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI4MDE0MDMyWhcNMjYwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YmJkYjE5NTgwODViY2YwMjhhOGQ3YTk0NDk2NmZhZWZl
MmU1ZTI5Y2ZjNDkyY2Q3ZGQ2YWY3MzE2NmJkOTJiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC51L4iF7P0A8GSIHvJR6dXZw1dES8CO0Lq9Yjt2+WDCjqy
kORs8ZkTdJfC63eaKRGDH98b3D0E+0Ckh4HpzH7BL6iJTpLuOMwwO8Y1amA8xn1c
0HoovRQ2Tqd7hIoTQsFsIcIyD3VY4bA6RIjVSXSav+x51tHx8ZkBh6sapsTgkCxe
S6kBWA6fL78/5BZAVnlxxYWj/wNgywy1Rws/yA8NgcWEVs1UW8+USR0zGnt1J+9N
ZnJXgGsaahRrcYCc1aUPJLeC/ytC+sDNF1z1z1WvmxnHG1I3D1I3IqhCKP8ztuuT
GaU5tjhfOkq2qzTQR2Vq/beINEBsufqTVao38FJNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/YnbfcQbYdFvKDPRiHEbrXnArhowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QyZThmNmY0LTBkNWQtNDNjNC04NDkzLWNhOTNjNDNhNDI5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIjR0QwDQYJKoZIhvcNAQELBQADggEBAJ5Rbs2Ntww8lxaNY7ted4QTr9gj
sI6D8Jf2DRM2TVXeEwndG+iBme7tLIYUn/Ko3zsqmQ25YQvK6f4ziUMRfP1jjdpw
jgMjTMed94r+3rksEFc+dsC0P8i+1OMiPcFcC6nTX/SP+fvsYhnCLphx3e1R/c0z
sIPGDOZuo3xoRmyaq4NAsRrO66JcDPUbe/IAgvL31Hu8N/Hx3kIDcTUwPgS+3LQe
kwzOogwx9SfSZFjHUbUrJrnJnxnQXt3I92+d1kzZ1efmNgbR3DDKtf97Hs8cIs+b
b4oUF7x9RU5zdf4SHTipTS2LumgEOwpNX2JG/9z2QjoYOOSPKPJrX7UnPJQ=
-----END CERTIFICATE-----