Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fe191473-02d8-4d24-90fb-35fe52305882.roa
File:                     fe191473-02d8-4d24-90fb-35fe52305882.roa (raw, json)
Hash identifier:          DtR42Z2M37psyUELaglhqFSasQm6R3GoGr9eNCX3iOE=
Subject key identifier:   AF:91:B2:3E:49:2B:FC:70:7F:95:69:EC:84:A1:9C:00:4F:34:8D:02
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       05544220CAD8668DD3E798745B6793189F21439E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fe191473-02d8-4d24-90fb-35fe52305882.roa
Signing time:             Tue 17 Feb 2026 00:40:10 +0000
ROA not before:           Tue 17 Feb 2026 00:40:10 +0000
ROA not after:            Mon 18 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        15.220.32.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:54:42:20:ca:d8:66:8d:d3:e7:98:74:5b:67:93:18:9f:21:43:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 17 00:40:10 2026 GMT
            Not After : May 18 23:59:59 2026 GMT
        Subject: serialNumber=ec992d341e3999db9d7e75c07ba952b7a1439bbd35111b705467d1f0e41c7cce, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:81:88:d0:29:5f:88:9b:eb:0a:a8:e4:75:c2:
                    5a:3f:2b:e6:ba:5b:b5:f7:a7:47:a5:a1:14:db:8a:
                    d8:5b:db:f4:48:71:0f:39:a7:88:b4:fb:66:fd:84:
                    77:a1:b1:64:4e:0c:db:25:74:49:41:19:5a:06:0e:
                    95:ad:10:f1:ec:fd:8f:37:fb:c1:82:e8:3d:70:43:
                    88:f5:c9:81:9a:2b:e5:93:95:c9:bb:d4:02:0a:70:
                    63:e6:ff:03:10:81:07:d2:b6:87:8b:09:8e:47:d6:
                    d6:c7:7e:c9:20:57:f2:b7:b7:89:d1:58:30:62:55:
                    e3:f2:d6:1e:bb:91:11:62:b1:78:ce:d5:8a:08:7f:
                    45:98:b2:92:43:ff:ba:af:4e:ae:dd:16:91:6e:de:
                    9f:32:5c:42:5b:41:7a:5f:63:22:ca:90:50:10:e3:
                    bb:19:c1:ac:84:3a:6f:04:73:cb:a1:d5:63:bd:5b:
                    47:da:5d:64:25:5e:05:d8:ba:10:02:9f:37:c5:bf:
                    77:f4:f7:4c:fa:7b:07:62:0b:31:71:96:3a:7b:b1:
                    66:3f:b0:47:e3:1a:40:f1:9a:69:ad:bc:94:ea:3e:
                    35:3b:7b:78:33:5e:d2:f1:70:eb:fb:40:08:45:9c:
                    f2:49:89:cf:b5:2f:8a:0e:a6:96:a3:34:50:57:54:
                    9d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:91:B2:3E:49:2B:FC:70:7F:95:69:EC:84:A1:9C:00:4F:34:8D:02
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fe191473-02d8-4d24-90fb-35fe52305882.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.220.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a3:df:d3:c8:01:77:0b:15:d4:fe:98:04:da:d0:63:3c:e3:6b:
         20:4d:f7:fd:7d:ef:e5:92:9a:38:38:f1:7f:80:18:37:e4:df:
         7a:e7:0c:02:ec:6f:d9:57:6b:8b:8e:b6:68:e5:e0:dd:20:6a:
         1b:96:fb:8f:65:65:72:09:22:7f:14:ba:be:8f:b0:f0:a5:f4:
         2d:74:06:9b:f3:0d:79:a0:9f:6e:17:60:e4:5c:6c:1f:07:9b:
         5a:27:34:b0:e4:4f:b4:da:38:31:5b:ee:da:42:9e:1b:99:28:
         8d:2d:bd:d6:13:eb:09:fc:07:7a:62:df:0d:c1:c5:c1:96:1c:
         8f:0c:92:6c:95:4f:c3:7b:26:2b:1f:bb:86:1b:52:15:92:29:
         5c:7d:ae:d9:e6:0c:27:a3:ac:2d:49:ae:9c:bb:78:65:d8:0c:
         43:75:1a:14:84:d5:27:9b:fb:02:f9:48:9a:9d:f4:8f:38:68:
         34:40:66:00:eb:b7:9a:78:fc:78:76:4d:a4:98:8d:38:a8:11:
         c1:f0:8d:40:b7:36:df:78:a8:d5:47:9c:c5:0f:8c:8b:f2:ea:
         d1:c7:07:cd:6b:6a:18:d1:60:65:d7:10:63:04:c7:62:22:6b:
         a0:a0:89:f3:58:61:de:43:16:c7:a5:6c:fc:88:b0:e7:a6:e7:
         63:ae:38:3f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBVRCIMrYZo3T55h0W2eTGJ8hQ54wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjE3MDA0MDEwWhcNMjYwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzk5MmQzNDFlMzk5OWRiOWQ3ZTc1YzA3YmE5NTJiN2Ex
NDM5YmJkMzUxMTFiNzA1NDY3ZDFmMGU0MWM3Y2NlMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEgYjQKV+Im+sKqOR1wlo/K+a6W7X3p0eloRTbithb2/RI
cQ85p4i0+2b9hHehsWRODNsldElBGVoGDpWtEPHs/Y83+8GC6D1wQ4j1yYGaK+WT
lcm71AIKcGPm/wMQgQfStoeLCY5H1tbHfskgV/K3t4nRWDBiVePy1h67kRFisXjO
1YoIf0WYspJD/7qvTq7dFpFu3p8yXEJbQXpfYyLKkFAQ47sZwayEOm8Ec8uh1WO9
W0faXWQlXgXYuhACnzfFv3f090z6ewdiCzFxljp7sWY/sEfjGkDxmmmtvJTqPjU7
e3gzXtLxcOv7QAhFnPJJic+1L4oOppajNFBXVJ3tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUr5GyPkkr/HB/lWnshKGcAE80jQIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZlMTkxNDczLTAyZDgtNGQyNC05MGZiLTM1ZmU1MjMwNTg4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMP3CAwDQYJKoZIhvcNAQELBQADggEBAKPf08gBdwsV1P6YBNrQYzzjayBN
9/197+WSmjg48X+AGDfk33rnDALsb9lXa4uOtmjl4N0gahuW+49lZXIJIn8Uur6P
sPCl9C10BpvzDXmgn24XYORcbB8Hm1onNLDkT7TaODFb7tpCnhuZKI0tvdYT6wn8
B3pi3w3BxcGWHI8MkmyVT8N7Jisfu4YbUhWSKVx9rtnmDCejrC1Jrpy7eGXYDEN1
GhSE1Seb+wL5SJqd9I84aDRAZgDrt5p4/Hh2TaSYjTioEcHwjUC3Nt94qNVHnMUP
jIvy6tHHB81rahjRYGXXEGMEx2Iia6CgifNYYd5DFselbPyIsOem52OuOD8=
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:55:34 2026 by rpki-client