Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e2f91278-8951-4ed9-bea5-7300ead84196.roa
File:                     e2f91278-8951-4ed9-bea5-7300ead84196.roa (raw, json)
Hash identifier:          kXk+k8YLvnoAc6h0E8xKjWlgifCWDhSCt5HrRDNHRn8=
Subject key identifier:   73:90:6E:00:0B:5B:10:CA:A0:F6:7B:61:89:B9:C5:21:DB:42:99:9E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       17FEBD3F1E9D468591398002D7B38C0E6FE57CB7
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e2f91278-8951-4ed9-bea5-7300ead84196.roa
Signing time:             Fri 15 May 2026 03:10:32 +0000
ROA not before:           Fri 15 May 2026 03:10:32 +0000
ROA not after:            Thu 13 Aug 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        54.204.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 14 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:fe:bd:3f:1e:9d:46:85:91:39:80:02:d7:b3:8c:0e:6f:e5:7c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 15 03:10:32 2026 GMT
            Not After : Aug 13 23:59:59 2026 GMT
        Subject: serialNumber=c0769a08c9cea797c3f2bf0909f1279d4cbb036756a35bc3bd515833102e9339, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:25:8d:9e:b8:78:f8:98:1f:c1:09:ae:eb:99:
                    59:c8:59:4e:2f:50:0b:5a:ee:1f:1a:ef:e7:6e:fe:
                    d3:8c:dc:f5:d9:d9:80:cc:24:c7:80:84:fb:14:3f:
                    98:97:38:4b:2e:4e:cb:d2:16:7d:45:15:d2:e0:da:
                    05:8c:92:e1:de:f4:69:94:21:bd:3d:92:74:94:02:
                    10:12:39:43:6c:6d:cb:63:d6:f4:14:d9:a2:08:73:
                    ff:ff:84:bb:cb:62:aa:43:97:d6:ac:b5:33:72:b5:
                    2d:61:c7:79:d3:fd:4f:64:a4:43:ce:50:5b:1a:0a:
                    20:a8:88:9f:24:e1:f3:3e:1a:fc:22:0f:4e:58:1c:
                    c4:b6:cf:75:0f:19:4b:2b:05:bc:f5:80:d6:a2:91:
                    18:c6:8c:72:8d:71:bc:f9:af:19:8d:7d:a8:9a:10:
                    55:b9:8d:e8:9e:b7:76:04:31:1c:ca:c5:13:17:99:
                    84:84:6e:a4:c8:da:aa:7f:e7:8e:34:74:8c:ba:17:
                    9b:cb:6a:6b:45:82:15:3e:29:19:58:85:25:14:d1:
                    23:f6:6f:df:76:71:2d:01:d3:b6:c7:3d:27:2d:aa:
                    1a:ac:00:25:80:43:05:fc:37:36:8f:b9:6a:2b:b3:
                    b6:bd:2b:90:ce:ce:04:b6:b8:82:ef:36:04:27:01:
                    b8:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:90:6E:00:0B:5B:10:CA:A0:F6:7B:61:89:B9:C5:21:DB:42:99:9E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e2f91278-8951-4ed9-bea5-7300ead84196.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.204.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:a2:98:7e:79:2e:e4:b2:9d:ab:bc:fc:41:73:d0:97:37:d4:
         a2:02:b5:35:48:47:89:4c:39:c8:ba:f5:f2:ab:ad:f4:09:b4:
         e0:a2:64:e4:dd:28:3b:8d:ba:ee:0e:a2:f5:64:dc:68:24:d3:
         3f:45:8c:59:1d:64:20:9b:b1:4d:c3:a2:49:c9:97:6a:83:ef:
         98:67:1b:bc:7f:57:f4:3b:e7:f6:2a:c5:28:a7:72:0d:fa:68:
         6e:cc:db:e6:a2:43:0d:ed:df:bc:a1:e8:31:da:01:37:53:bb:
         b5:1d:55:5a:1e:91:45:34:01:97:69:63:89:02:a9:5c:52:15:
         44:22:25:04:e0:d7:6e:b2:cb:e2:91:3a:1f:cc:81:c1:7c:d6:
         a2:af:e1:49:1b:60:a6:b8:91:d8:9b:d0:0f:11:4b:c4:05:84:
         a5:77:f7:0f:c3:8f:dc:14:02:d1:de:63:82:4a:97:74:8c:28:
         11:32:61:c4:c8:a9:77:94:e9:28:ba:41:19:f2:70:16:db:3e:
         dc:e8:2f:77:4d:6a:4b:dd:8f:bc:7a:e9:6e:d8:c2:3a:d9:f5:
         96:e9:a8:08:3a:66:3b:6e:0b:1c:be:f1:75:b6:34:3a:a6:72:
         c4:86:5b:31:8f:e5:28:7c:54:93:1d:af:80:d8:07:a1:60:db:
         00:cf:62:06
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF/69Px6dRoWROYAC17OMDm/lfLcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTE1MDMxMDMyWhcNMjYwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMDc2OWEwOGM5Y2VhNzk3YzNmMmJmMDkwOWYxMjc5ZDRj
YmIwMzY3NTZhMzViYzNiZDUxNTgzMzEwMmU5MzM5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQJY2euHj4mB/BCa7rmVnIWU4vUAta7h8a7+du/tOM3PXZ
2YDMJMeAhPsUP5iXOEsuTsvSFn1FFdLg2gWMkuHe9GmUIb09knSUAhASOUNsbctj
1vQU2aIIc///hLvLYqpDl9astTNytS1hx3nT/U9kpEPOUFsaCiCoiJ8k4fM+Gvwi
D05YHMS2z3UPGUsrBbz1gNaikRjGjHKNcbz5rxmNfaiaEFW5jeiet3YEMRzKxRMX
mYSEbqTI2qp/5440dIy6F5vLamtFghU+KRlYhSUU0SP2b992cS0B07bHPSctqhqs
ACWAQwX8NzaPuWors7a9K5DOzgS2uILvNgQnAbihAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUc5BuAAtbEMqg9nthibnFIdtCmZ4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2UyZjkxMjc4LTg5NTEtNGVkOS1iZWE1LTczMDBlYWQ4NDE5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI2zDQwDQYJKoZIhvcNAQELBQADggEBACuimH55LuSynau8/EFz0Jc31KIC
tTVIR4lMOci69fKrrfQJtOCiZOTdKDuNuu4OovVk3Ggk0z9FjFkdZCCbsU3DoknJ
l2qD75hnG7x/V/Q75/YqxSincg36aG7M2+aiQw3t37yh6DHaATdTu7UdVVoekUU0
AZdpY4kCqVxSFUQiJQTg126yy+KROh/MgcF81qKv4UkbYKa4kdib0A8RS8QFhKV3
9w/Dj9wUAtHeY4JKl3SMKBEyYcTIqXeU6Si6QRnycBbbPtzoL3dNakvdj7x66W7Y
wjrZ9ZbpqAg6ZjtuCxy+8XW2NDqmcsSGWzGP5Sh8VJMdr4DYB6Fg2wDPYgY=
-----END CERTIFICATE-----