Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fcdc548d-2687-47e2-bad3-e444c64df64b.roa
File:                     fcdc548d-2687-47e2-bad3-e444c64df64b.roa (raw, json)
Hash identifier:          LowBj8JsJmxQeXpc5l0EVjMUKiiHylc2qI0iApuNync=
Subject key identifier:   F2:F7:AE:62:0E:F9:6B:3B:55:8C:84:2D:F4:CF:72:57:D1:63:B6:E7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       53CBC887280A3D128058AFBB70ECD1DFF6879676
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fcdc548d-2687-47e2-bad3-e444c64df64b.roa
Signing time:             Thu 26 Feb 2026 01:10:56 +0000
ROA not before:           Thu 26 Feb 2026 01:10:56 +0000
ROA not after:            Wed 27 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        148.162.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:cb:c8:87:28:0a:3d:12:80:58:af:bb:70:ec:d1:df:f6:87:96:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 26 01:10:56 2026 GMT
            Not After : May 27 23:59:59 2026 GMT
        Subject: serialNumber=d1958b94983bdd26f23b52f1d444ef3704e13617467cd3a5891ddf8ab70a6a43, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:22:de:fc:73:c3:76:35:f9:02:cc:e7:fe:93:
                    0c:a2:a9:47:c6:0a:2a:a6:f9:55:7b:d2:c5:af:f6:
                    d6:a0:9e:10:4f:0a:c6:6f:9f:02:ac:7e:02:ca:a8:
                    d7:22:ea:8e:8c:79:53:f0:c2:73:34:b9:37:4d:a7:
                    b3:47:76:b8:87:c9:08:b3:71:d6:ba:dc:a7:92:59:
                    26:ed:d7:43:4a:4a:e2:64:b7:8f:b3:86:1f:e3:0f:
                    43:75:79:53:45:f4:37:73:b0:aa:49:f9:85:6d:6f:
                    bd:44:4e:e9:e6:f8:eb:15:23:26:2f:8d:e3:a0:f5:
                    2d:bd:e1:85:83:6a:dd:39:36:27:e2:ff:63:25:86:
                    7a:ac:7d:5a:5d:00:0a:85:a6:81:91:40:1a:14:4c:
                    f4:1e:a4:37:10:72:67:fc:d4:9c:d2:42:06:ad:5b:
                    f2:b5:5c:0d:91:56:0d:17:79:84:80:64:0d:e3:57:
                    07:54:13:80:bb:3e:51:68:eb:bc:73:00:a4:71:84:
                    7a:73:eb:59:db:67:b3:83:14:eb:ea:20:1b:ca:99:
                    f2:0b:ff:50:d8:59:f2:1c:8d:91:12:50:90:0d:e6:
                    7a:41:89:0c:34:01:68:23:d3:35:da:d5:0d:72:65:
                    8f:df:8e:b0:c4:f9:63:06:4c:bf:4d:c4:81:43:4c:
                    9b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:F7:AE:62:0E:F9:6B:3B:55:8C:84:2D:F4:CF:72:57:D1:63:B6:E7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fcdc548d-2687-47e2-bad3-e444c64df64b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.162.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2a:91:b9:0a:91:0e:75:cb:01:06:71:ff:52:ac:09:d7:d0:33:
         eb:dd:a1:1a:12:54:ba:85:f5:c3:87:83:eb:2c:71:be:60:20:
         e1:80:10:0d:af:57:d9:15:19:0c:50:25:6c:4c:c7:0d:b0:99:
         b4:68:b4:dd:18:e5:ac:95:04:65:9c:81:6f:c4:99:83:b5:d1:
         78:b6:ae:bd:dd:72:9c:4b:1b:91:e3:aa:42:f0:73:33:ec:a4:
         4c:08:36:d8:87:6c:a4:0c:98:ce:55:c6:73:35:f6:e0:2e:b8:
         6e:5c:fb:af:9c:03:39:89:3f:ff:ab:c9:c3:55:cb:f9:3a:1a:
         36:8b:1f:d0:f3:35:e9:b8:73:df:88:26:e7:d4:9e:22:13:12:
         c5:dd:db:81:4c:97:f0:14:8a:70:aa:43:5e:db:34:c4:91:6f:
         e4:09:64:a9:76:74:ba:fa:45:19:62:1d:e0:0b:79:ae:a4:5a:
         4b:34:cd:4f:31:ff:7f:b2:b5:a7:cb:32:18:16:f4:5d:2c:1e:
         44:ca:5e:27:27:f7:10:3d:1b:95:7c:42:08:00:d2:79:d4:1b:
         8c:b1:f7:79:26:d4:69:5c:d9:8b:1b:1b:51:37:d4:f1:f5:72:
         71:f4:04:fb:db:5d:61:a1:a3:59:23:05:6d:c2:3a:eb:20:f0:
         65:12:7b:c1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUU8vIhygKPRKAWK+7cOzR3/aHlnYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI2MDExMDU2WhcNMjYwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTk1OGI5NDk4M2JkZDI2ZjIzYjUyZjFkNDQ0ZWYzNzA0
ZTEzNjE3NDY3Y2QzYTU4OTFkZGY4YWI3MGE2YTQzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgIt78c8N2NfkCzOf+kwyiqUfGCiqm+VV70sWv9tagnhBP
CsZvnwKsfgLKqNci6o6MeVPwwnM0uTdNp7NHdriHyQizcda63KeSWSbt10NKSuJk
t4+zhh/jD0N1eVNF9DdzsKpJ+YVtb71ETunm+OsVIyYvjeOg9S294YWDat05Nifi
/2MlhnqsfVpdAAqFpoGRQBoUTPQepDcQcmf81JzSQgatW/K1XA2RVg0XeYSAZA3j
VwdUE4C7PlFo67xzAKRxhHpz61nbZ7ODFOvqIBvKmfIL/1DYWfIcjZESUJAN5npB
iQw0AWgj0zXa1Q1yZY/fjrDE+WMGTL9NxIFDTJupAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8veuYg75aztVjIQt9M9yV9FjtucwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZjZGM1NDhkLTI2ODctNDdlMi1iYWQzLWU0NDRjNjRkZjY0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCUojANBgkqhkiG9w0BAQsFAAOCAQEAKpG5CpEOdcsBBnH/UqwJ19Az692h
GhJUuoX1w4eD6yxxvmAg4YAQDa9X2RUZDFAlbEzHDbCZtGi03RjlrJUEZZyBb8SZ
g7XReLauvd1ynEsbkeOqQvBzM+ykTAg22IdspAyYzlXGczX24C64blz7r5wDOYk/
/6vJw1XL+ToaNosf0PM16bhz34gm59SeIhMSxd3bgUyX8BSKcKpDXts0xJFv5Alk
qXZ0uvpFGWId4At5rqRaSzTNTzH/f7K1p8syGBb0XSweRMpeJyf3ED0blXxCCADS
edQbjLH3eSbUaVzZixsbUTfU8fVycfQE+9tdYaGjWSMFbcI66yDwZRJ7wQ==
-----END CERTIFICATE-----