Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ebcf296f-7234-4ee5-a160-45fcad4b7895.roa
File:                     ebcf296f-7234-4ee5-a160-45fcad4b7895.roa (raw, json)
Hash identifier:          odlie+wl0+vDGpt09VymseCXC3rExfY7XqOJQ68dws4=
Subject key identifier:   2C:4B:7F:78:0D:1C:B1:F5:20:74:DD:68:9B:BF:0A:C4:DF:45:53:CC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7436C6C71D6AB49D174A77413915156FBB4696BC
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ebcf296f-7234-4ee5-a160-45fcad4b7895.roa
Signing time:             Wed 25 Feb 2026 03:00:10 +0000
ROA not before:           Wed 25 Feb 2026 03:00:10 +0000
ROA not after:            Tue 26 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.246.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:36:c6:c7:1d:6a:b4:9d:17:4a:77:41:39:15:15:6f:bb:46:96:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 25 03:00:10 2026 GMT
            Not After : May 26 23:59:59 2026 GMT
        Subject: serialNumber=4c96ad3b818717781c6acce205927c2bc2cee00dc70881204474962de488084c, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f0:88:7f:d3:97:35:3b:6d:db:81:ef:72:00:
                    c2:6a:6a:c6:1f:96:41:cc:74:c4:b3:ff:79:5d:1e:
                    ae:92:c3:c7:85:96:b8:03:ac:ac:b9:c0:2b:36:be:
                    fb:66:6c:98:4f:cb:17:61:91:0a:e7:3d:8c:dd:f7:
                    f1:25:3c:3d:ed:1e:59:05:3a:a1:37:47:49:dc:b3:
                    2b:bd:c6:57:47:5f:d3:75:9e:93:73:b9:ca:e8:fe:
                    5f:1c:e5:77:74:ce:e6:e6:7c:b5:2d:1a:9c:50:a7:
                    6b:0f:dd:02:c9:15:7e:c6:6c:f3:f1:3a:fc:43:83:
                    5d:63:31:3b:54:4e:96:76:69:88:e3:52:c6:13:8e:
                    f7:fb:ea:6f:11:33:b9:d4:2d:5a:3b:82:b4:ac:49:
                    49:a9:48:15:c8:af:f7:55:08:46:3a:ce:69:d9:f5:
                    14:d0:b6:39:cf:77:86:4a:12:f5:17:70:50:8a:a1:
                    b2:5b:b2:40:e8:b4:52:d9:9e:d3:3a:89:a7:07:10:
                    ce:b5:3f:88:f8:87:4a:17:4e:25:15:f1:66:83:48:
                    e9:31:5c:cb:4f:e3:74:26:45:07:f4:cf:c6:2e:ab:
                    ce:0f:f2:16:75:7f:4b:fa:95:b5:13:f7:e8:51:0d:
                    c1:9a:03:a0:86:3e:16:47:97:2a:ff:80:72:6a:bf:
                    58:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:4B:7F:78:0D:1C:B1:F5:20:74:DD:68:9B:BF:0A:C4:DF:45:53:CC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ebcf296f-7234-4ee5-a160-45fcad4b7895.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.246.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         79:ae:9f:21:37:61:fd:18:c0:2c:3e:b6:ae:f1:05:63:26:a6:
         af:24:07:cf:23:8f:f4:7d:e8:d5:8c:74:a4:1f:c9:c9:2e:b1:
         26:73:fd:41:7e:2e:b9:11:2f:f9:aa:56:1d:90:97:53:a4:9c:
         f6:f9:ed:5f:c4:a5:3e:09:87:90:15:6d:13:b3:61:cc:1b:55:
         ca:4c:dd:15:be:e7:02:f1:53:8b:8a:c8:9b:11:c5:2b:5a:ed:
         36:20:d4:c5:d9:8c:91:fc:f4:8a:71:d5:51:e3:98:d6:f9:1b:
         05:6f:dd:61:b4:36:50:e0:32:5e:a9:de:9b:92:95:af:b1:83:
         b6:c7:2a:78:f6:e2:28:e8:c3:07:ca:50:b6:bb:13:0e:a1:2c:
         69:2f:d8:cc:b1:9a:eb:b5:be:5c:f2:f6:e1:1f:0c:25:1e:cd:
         5e:8e:f7:45:a1:b6:80:24:cb:37:df:b3:31:bb:da:1e:4f:93:
         2b:c4:42:b9:13:4b:1b:79:03:64:04:20:0a:46:e2:ac:e7:28:
         c9:aa:4a:6f:c6:69:2d:45:10:2c:2c:f3:8f:5b:c9:a3:86:26:
         99:9b:cc:d3:8a:f3:b0:3b:64:35:7c:fb:20:b1:b0:dc:61:2f:
         7b:45:46:5e:c4:f0:a1:bc:8a:7d:8e:f9:44:dd:c6:27:08:2b:
         4a:65:a1:10
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdDbGxx1qtJ0XSndBORUVb7tGlrwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI1MDMwMDEwWhcNMjYwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Yzk2YWQzYjgxODcxNzc4MWM2YWNjZTIwNTkyN2MyYmMy
Y2VlMDBkYzcwODgxMjA0NDc0OTYyZGU0ODgwODRjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDK8Ih/05c1O23bge9yAMJqasYflkHMdMSz/3ldHq6Sw8eF
lrgDrKy5wCs2vvtmbJhPyxdhkQrnPYzd9/ElPD3tHlkFOqE3R0ncsyu9xldHX9N1
npNzucro/l8c5Xd0zubmfLUtGpxQp2sP3QLJFX7GbPPxOvxDg11jMTtUTpZ2aYjj
UsYTjvf76m8RM7nULVo7grSsSUmpSBXIr/dVCEY6zmnZ9RTQtjnPd4ZKEvUXcFCK
obJbskDotFLZntM6iacHEM61P4j4h0oXTiUV8WaDSOkxXMtP43QmRQf0z8Yuq84P
8hZ1f0v6lbUT9+hRDcGaA6CGPhZHlyr/gHJqv1hHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULEt/eA0csfUgdN1om78KxN9FU8wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ViY2YyOTZmLTcyMzQtNGVlNS1hMTYwLTQ1ZmNhZDRiNzg5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU29mAwDQYJKoZIhvcNAQELBQADggEBAHmunyE3Yf0YwCw+tq7xBWMmpq8k
B88jj/R96NWMdKQfyckusSZz/UF+LrkRL/mqVh2Ql1OknPb57V/EpT4Jh5AVbROz
YcwbVcpM3RW+5wLxU4uKyJsRxSta7TYg1MXZjJH89Ipx1VHjmNb5GwVv3WG0NlDg
Ml6p3puSla+xg7bHKnj24ijowwfKULa7Ew6hLGkv2Myxmuu1vlzy9uEfDCUezV6O
90WhtoAkyzffszG72h5PkyvEQrkTSxt5A2QEIApG4qznKMmqSm/GaS1FECws849b
yaOGJpmbzNOK87A7ZDV8+yCxsNxhL3tFRl7E8KG8in2O+UTdxicIK0ploRA=
-----END CERTIFICATE-----