Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d6cb1427-2b74-471f-869a-aae45f5776d4.roa
File:                     d6cb1427-2b74-471f-869a-aae45f5776d4.roa (raw, json)
Hash identifier:          eODqkt4Qg3hhFGZi8lx+sB2qk3pS3opKhp6VkNHzyQA=
Subject key identifier:   13:8C:E1:8F:CC:07:76:EC:13:EF:D6:3C:FC:28:39:3F:E4:73:69:A0
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2436F493FAC33C8B4D40F87E758459D9DD2F8D46
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d6cb1427-2b74-471f-869a-aae45f5776d4.roa
Signing time:             Mon 23 Feb 2026 00:10:08 +0000
ROA not before:           Mon 23 Feb 2026 00:10:08 +0000
ROA not after:            Sun 24 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        18.68.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:36:f4:93:fa:c3:3c:8b:4d:40:f8:7e:75:84:59:d9:dd:2f:8d:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 23 00:10:08 2026 GMT
            Not After : May 24 23:59:59 2026 GMT
        Subject: serialNumber=3e5bbbd1ba1436aedb6cd92a5a6dd1cfdcd0348d30aab260e59594002a0d1438, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:37:cc:5b:d5:78:b8:bf:06:f9:77:e9:c8:6b:
                    2f:e3:d8:53:ab:1a:e5:ed:7b:01:cb:4b:2e:8b:8d:
                    8f:ff:54:9d:15:a3:60:20:14:1f:af:e0:a0:07:ad:
                    ce:52:84:ee:aa:60:13:5e:37:fb:35:f2:62:53:99:
                    ca:eb:e8:7d:df:71:c5:bf:66:ef:e9:51:54:85:92:
                    71:af:1e:65:40:df:02:98:38:00:de:16:23:c3:58:
                    10:30:8f:b6:e4:65:57:43:4f:96:80:da:c8:26:ef:
                    41:84:6f:bc:5a:6c:1e:6c:7c:c4:e9:75:b8:3b:f0:
                    94:82:4c:c4:b4:8d:b9:a1:c2:4d:fb:bd:48:15:f6:
                    e8:8f:a2:07:de:13:57:21:ba:62:4f:1b:33:e3:06:
                    76:2a:33:02:64:6d:3b:8b:9d:80:64:17:39:73:6e:
                    4d:f7:fa:51:76:d3:c2:b6:c1:a1:f0:61:80:12:37:
                    d4:1f:f6:97:18:e9:66:4e:95:15:19:10:54:b6:f1:
                    1f:30:d2:92:aa:83:ec:81:12:11:62:b8:04:b5:d7:
                    52:35:c9:95:d7:df:ba:13:c5:b4:81:24:2c:40:70:
                    b1:1d:6c:61:df:ce:70:15:76:cc:46:22:ea:5e:5a:
                    a9:f0:d9:f0:a6:47:3d:76:72:f0:75:78:21:c3:3b:
                    67:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:8C:E1:8F:CC:07:76:EC:13:EF:D6:3C:FC:28:39:3F:E4:73:69:A0
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d6cb1427-2b74-471f-869a-aae45f5776d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.68.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:f3:fe:b6:84:d0:4d:2c:0a:8c:06:ec:af:6b:3c:4d:f4:58:
         8a:e8:23:21:55:d0:84:0d:2b:1e:ab:de:be:b8:d6:53:1c:82:
         a2:46:f1:c8:28:42:0b:4d:74:2f:28:8a:74:e6:00:5f:c1:57:
         4d:aa:c9:7a:f1:3a:aa:4c:02:97:d2:f2:a5:3b:63:24:83:fe:
         08:39:26:57:35:6d:a7:42:7c:db:af:8c:5b:43:6c:6a:61:fd:
         57:60:72:89:e2:c3:7f:18:40:d4:ee:3c:39:20:b0:9b:8d:06:
         07:00:59:f4:a1:44:41:eb:d7:45:c5:2a:70:a9:06:3f:34:8f:
         cf:5c:20:a4:d1:18:e2:80:54:b0:fe:26:5a:a4:e5:84:e7:3e:
         e7:ec:2e:5c:29:22:9a:5d:8e:cc:4a:4d:a3:77:2b:c9:4e:5f:
         ec:a7:b3:d2:16:b6:39:6f:e5:17:52:40:35:09:39:72:da:49:
         4e:6c:f3:90:4d:e4:41:88:ce:54:b8:fc:ba:cf:50:33:43:ba:
         5a:24:b0:ab:e4:37:8f:b0:7a:55:d9:de:76:23:60:02:ed:bf:
         f1:08:2e:82:10:c6:08:b8:c7:35:eb:e5:e4:53:dd:57:3a:0c:
         43:ed:42:ef:46:9a:68:80:74:b4:87:eb:7f:24:2d:da:20:b2:
         31:3b:0b:43
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJDb0k/rDPItNQPh+dYRZ2d0vjUYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjIzMDAxMDA4WhcNMjYwNTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZTViYmJkMWJhMTQzNmFlZGI2Y2Q5MmE1YTZkZDFjZmRj
ZDAzNDhkMzBhYWIyNjBlNTk1OTQwMDJhMGQxNDM4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoN8xb1Xi4vwb5d+nIay/j2FOrGuXtewHLSy6LjY//VJ0V
o2AgFB+v4KAHrc5ShO6qYBNeN/s18mJTmcrr6H3fccW/Zu/pUVSFknGvHmVA3wKY
OADeFiPDWBAwj7bkZVdDT5aA2sgm70GEb7xabB5sfMTpdbg78JSCTMS0jbmhwk37
vUgV9uiPogfeE1chumJPGzPjBnYqMwJkbTuLnYBkFzlzbk33+lF208K2waHwYYAS
N9Qf9pcY6WZOlRUZEFS28R8w0pKqg+yBEhFiuAS111I1yZXX37oTxbSBJCxAcLEd
bGHfznAVdsxGIupeWqnw2fCmRz12cvB1eCHDO2e3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUE4zhj8wHduwT79Y8/Cg5P+RzaaAwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Q2Y2IxNDI3LTJiNzQtNDcxZi04NjlhLWFhZTQ1ZjU3NzZkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASRIgwDQYJKoZIhvcNAQELBQADggEBADTz/raE0E0sCowG7K9rPE30WIro
IyFV0IQNKx6r3r641lMcgqJG8cgoQgtNdC8oinTmAF/BV02qyXrxOqpMApfS8qU7
YySD/gg5Jlc1badCfNuvjFtDbGph/Vdgconiw38YQNTuPDkgsJuNBgcAWfShREHr
10XFKnCpBj80j89cIKTRGOKAVLD+Jlqk5YTnPufsLlwpIppdjsxKTaN3K8lOX+yn
s9IWtjlv5RdSQDUJOXLaSU5s85BN5EGIzlS4/LrPUDNDuloksKvkN4+welXZ3nYj
YALtv/EILoIQxgi4xzXr5eRT3Vc6DEPtQu9GmmiAdLSH638kLdogsjE7C0M=
-----END CERTIFICATE-----