Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fe5fbc0d-10db-4668-a761-29fb1eff0f6e.roa
File:                     fe5fbc0d-10db-4668-a761-29fb1eff0f6e.roa (raw, json)
Hash identifier:          STkT63ohlzLggo7exevG0TiyfBOgTr2mO3UEjO9tJaM=
Subject key identifier:   DD:A7:B9:9A:8B:3B:B5:24:3A:FA:3F:8E:30:80:D6:F5:C8:24:06:B4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3D4528CAA51F4EB6A37A9BAD7BAD8D7DDE9090AB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fe5fbc0d-10db-4668-a761-29fb1eff0f6e.roa
Signing time:             Tue 17 Feb 2026 01:00:42 +0000
ROA not before:           Tue 17 Feb 2026 01:00:42 +0000
ROA not after:            Mon 18 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        34.255.128.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 04 Mar 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:45:28:ca:a5:1f:4e:b6:a3:7a:9b:ad:7b:ad:8d:7d:de:90:90:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 17 01:00:42 2026 GMT
            Not After : May 18 23:59:59 2026 GMT
        Subject: serialNumber=5b79422081efb06f3daec6847f41c1195ac2247c8921b9aedfd9ae7ead896a5a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:15:d9:c4:06:94:92:ea:a2:46:8b:df:93:14:
                    e2:a6:b1:a3:3b:47:95:b9:b5:8d:b9:f0:09:22:0f:
                    79:af:6c:01:4f:81:2e:c8:d4:35:05:e0:f5:f2:0c:
                    33:54:80:ab:b7:35:34:f3:35:6d:27:9f:66:49:b4:
                    2e:e5:97:ac:93:7f:dc:4c:d2:a0:87:9f:26:5c:60:
                    a7:48:3a:7a:79:b2:ed:7f:ce:5d:3b:24:95:f9:8d:
                    6e:5a:ce:ca:01:bc:e1:e2:1c:99:18:1b:66:c1:5d:
                    d3:54:2a:9a:0f:91:60:bf:fe:71:06:af:ae:ff:16:
                    c3:6f:81:94:2d:ea:ae:ee:89:34:eb:3e:17:20:f7:
                    a5:e3:42:64:99:68:c5:34:f3:da:de:1b:11:f1:15:
                    73:d7:fa:8e:7c:ee:14:8e:36:74:1c:27:fa:f9:06:
                    c6:f4:9a:e2:98:0d:61:71:c5:de:c0:5d:cc:56:97:
                    77:df:9a:a4:e5:4e:44:bd:07:40:77:4c:ff:97:c1:
                    49:51:44:ca:4e:1c:30:47:3b:30:4d:88:c6:82:99:
                    cc:3e:f0:10:ae:be:65:cd:0e:0a:26:77:1b:7c:3b:
                    0f:21:3e:1f:48:62:53:b1:c8:07:fc:70:cb:ff:92:
                    b6:b8:1b:8e:aa:f0:b4:b4:70:79:09:b3:6a:43:ba:
                    ac:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:A7:B9:9A:8B:3B:B5:24:3A:FA:3F:8E:30:80:D6:F5:C8:24:06:B4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/fe5fbc0d-10db-4668-a761-29fb1eff0f6e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  34.255.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         92:95:b4:06:4d:64:d0:4b:c2:4c:0c:a4:25:7d:6a:65:cc:88:
         8f:55:77:ae:9c:6d:1a:f1:fd:63:c6:4e:e7:56:b2:8d:2c:a9:
         d4:f1:3e:5c:85:81:5a:ec:f8:e9:21:ef:4e:f7:dd:0d:cc:40:
         28:7c:da:db:0e:4d:e0:6e:3f:40:29:cd:8b:d2:98:5e:4a:c6:
         8a:82:87:59:73:8a:ed:28:43:3f:bf:11:81:29:47:aa:a9:91:
         7b:b1:e3:6d:d9:ac:3d:eb:26:b4:10:1c:3d:60:70:79:3b:9e:
         69:04:90:b7:c6:71:1c:13:48:f2:4d:ab:ac:9e:b5:aa:1d:89:
         e9:89:b7:7c:2a:34:c6:33:ab:1b:38:35:b9:23:b8:f1:c8:e6:
         96:9f:7e:92:c4:93:47:bd:42:32:5b:56:d3:55:ad:1f:77:c8:
         e2:4f:49:3f:bd:f3:36:8f:95:1a:f6:a5:e3:1a:b7:22:7e:f0:
         df:bd:47:d0:2f:27:64:96:16:4e:d0:f2:36:29:35:7d:64:08:
         9e:d8:7d:09:fa:3f:01:32:53:7e:c1:07:a2:6c:a1:93:99:cc:
         08:92:97:0f:70:3c:7f:66:f7:9e:e7:41:b6:91:77:08:ba:7c:
         d5:a7:e4:fe:9b:b8:d5:a0:df:8e:48:d2:10:b9:b1:27:12:10:
         0f:99:73:4c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPUUoyqUfTrajepute62Nfd6QkKswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjE3MDEwMDQyWhcNMjYwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Yjc5NDIyMDgxZWZiMDZmM2RhZWM2ODQ3ZjQxYzExOTVh
YzIyNDdjODkyMWI5YWVkZmQ5YWU3ZWFkODk2YTVhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEFdnEBpSS6qJGi9+TFOKmsaM7R5W5tY258AkiD3mvbAFP
gS7I1DUF4PXyDDNUgKu3NTTzNW0nn2ZJtC7ll6yTf9xM0qCHnyZcYKdIOnp5su1/
zl07JJX5jW5azsoBvOHiHJkYG2bBXdNUKpoPkWC//nEGr67/FsNvgZQt6q7uiTTr
Phcg96XjQmSZaMU089reGxHxFXPX+o587hSONnQcJ/r5Bsb0muKYDWFxxd7AXcxW
l3ffmqTlTkS9B0B3TP+XwUlRRMpOHDBHOzBNiMaCmcw+8BCuvmXNDgomdxt8Ow8h
Ph9IYlOxyAf8cMv/kra4G46q8LS0cHkJs2pDuqxxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3ae5mos7tSQ6+j+OMIDW9cgkBrQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2ZlNWZiYzBkLTEwZGItNDY2OC1hNzYxLTI5ZmIxZWZmMGY2ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYi/4AwDQYJKoZIhvcNAQELBQADggEBAJKVtAZNZNBLwkwMpCV9amXMiI9V
d66cbRrx/WPGTudWso0sqdTxPlyFgVrs+Okh70733Q3MQCh82tsOTeBuP0ApzYvS
mF5KxoqCh1lziu0oQz+/EYEpR6qpkXux423ZrD3rJrQQHD1gcHk7nmkEkLfGcRwT
SPJNq6yetaodiemJt3wqNMYzqxs4NbkjuPHI5paffpLEk0e9QjJbVtNVrR93yOJP
ST+98zaPlRr2peMatyJ+8N+9R9AvJ2SWFk7Q8jYpNX1kCJ7YfQn6PwEyU37BB6Js
oZOZzAiSlw9wPH9m957nQbaRdwi6fNWn5P6buNWg345I0hC5sScSEA+Zc0w=
-----END CERTIFICATE-----