Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94d8fc77-2869-4b60-a712-41b7854d5fd5.roa
File:                     94d8fc77-2869-4b60-a712-41b7854d5fd5.roa (raw, json)
Hash identifier:          v8udmgoMyHN+fMcdHjuInhEufS2movQgMxPUY7PSujI=
Subject key identifier:   7C:AA:98:63:81:E1:4E:7C:48:59:CB:66:2C:2E:88:9B:79:84:DC:86
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0B43E9D152AFE2B8EEBEE5B58F3366184426B60E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94d8fc77-2869-4b60-a712-41b7854d5fd5.roa
Signing time:             Tue 10 Feb 2026 00:50:06 +0000
ROA not before:           Tue 10 Feb 2026 00:50:06 +0000
ROA not after:            Mon 11 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.156.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 01 Mar 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:43:e9:d1:52:af:e2:b8:ee:be:e5:b5:8f:33:66:18:44:26:b6:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 10 00:50:06 2026 GMT
            Not After : May 11 23:59:59 2026 GMT
        Subject: serialNumber=4185ff372c4f997f52df04622456d83683c24d4402495d3ed797354a665f8bf6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e9:1d:5e:28:95:8c:36:79:f7:4d:ab:52:20:
                    44:a3:d5:db:48:06:d7:05:7c:8d:f3:78:74:db:7a:
                    d3:af:fc:16:7d:e6:f9:3b:79:92:a0:8a:b6:f1:22:
                    94:c7:5e:00:28:1c:f6:48:b5:74:00:8d:4d:c5:e3:
                    eb:84:56:70:86:f9:24:87:a6:00:59:b2:68:b8:33:
                    05:af:86:84:04:9a:38:4b:fb:6c:9c:f6:a2:82:76:
                    37:29:c2:5c:2e:50:98:81:6e:ee:10:81:a8:de:77:
                    e9:cc:49:df:3c:82:13:d5:c0:df:ed:96:1c:7e:f7:
                    28:ef:c5:35:99:ba:cc:0b:30:10:da:b5:27:ee:19:
                    95:c3:4c:3a:f6:8b:21:ac:b2:f2:35:b9:81:3c:a6:
                    3c:64:ad:dc:ad:5c:3d:ad:65:ef:62:ba:7f:8f:f8:
                    79:f6:fd:aa:a9:58:ab:1e:a4:cd:19:da:ee:16:79:
                    f9:61:6a:2a:20:ff:42:d5:b0:12:73:bb:40:50:f8:
                    73:bf:6c:e0:59:a5:b7:57:21:93:68:77:c6:17:30:
                    c3:90:b4:7f:d5:58:2a:89:0f:7a:48:5c:6d:66:27:
                    b6:03:3e:3f:6b:48:d8:41:65:dc:3c:1a:b8:d9:5a:
                    1d:38:13:ca:5d:cb:44:0c:56:80:eb:70:a0:61:7b:
                    a3:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:AA:98:63:81:E1:4E:7C:48:59:CB:66:2C:2E:88:9B:79:84:DC:86
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94d8fc77-2869-4b60-a712-41b7854d5fd5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:cf:a8:29:ff:b8:bb:41:be:9a:b7:99:8f:58:3a:af:5d:ab:
         a1:fa:ea:b2:83:20:5d:c7:f1:fa:c5:1b:43:b8:56:f8:3e:50:
         80:27:d5:eb:f1:5a:b7:56:f1:2e:04:18:ac:ca:9c:fa:df:98:
         34:ef:0a:1b:11:e5:e6:d3:6b:47:fe:04:04:e7:43:b6:60:7d:
         b8:6a:de:6e:db:3a:cc:13:fb:ff:29:9b:41:0b:aa:75:a6:fe:
         fd:de:ff:53:d7:a8:51:b0:db:14:d6:0d:87:2e:5e:1f:6a:5c:
         55:28:f8:b1:72:de:85:03:90:c3:a9:26:c5:0b:82:5c:66:e9:
         b3:bd:e7:31:ba:0f:84:90:42:49:9f:ac:a6:ee:ba:5d:29:68:
         da:df:70:da:fe:e6:4c:fa:87:ea:02:4a:b3:ec:00:87:7b:04:
         4f:c5:13:25:26:80:4e:30:50:27:c1:67:57:21:09:c6:7d:52:
         47:b9:84:1f:35:3d:93:cf:c2:5a:92:b7:d5:a7:b1:43:5a:9e:
         d0:cb:ac:29:2f:7b:b7:5c:33:79:79:95:db:e0:16:7d:0b:09:
         e5:9f:02:40:02:a3:4e:d2:b6:0e:c9:27:2b:03:6a:76:dd:6e:
         48:16:1e:ca:aa:dc:e3:51:88:6c:78:ac:eb:e2:07:63:29:ad:
         03:98:39:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC0Pp0VKv4rjuvuW1jzNmGEQmtg4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjEwMDA1MDA2WhcNMjYwNTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTg1ZmYzNzJjNGY5OTdmNTJkZjA0NjIyNDU2ZDgzNjgz
YzI0ZDQ0MDI0OTVkM2VkNzk3MzU0YTY2NWY4YmY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDP6R1eKJWMNnn3TatSIESj1dtIBtcFfI3zeHTbetOv/BZ9
5vk7eZKgirbxIpTHXgAoHPZItXQAjU3F4+uEVnCG+SSHpgBZsmi4MwWvhoQEmjhL
+2yc9qKCdjcpwlwuUJiBbu4Qgajed+nMSd88ghPVwN/tlhx+9yjvxTWZuswLMBDa
tSfuGZXDTDr2iyGssvI1uYE8pjxkrdytXD2tZe9iun+P+Hn2/aqpWKsepM0Z2u4W
eflhaiog/0LVsBJzu0BQ+HO/bOBZpbdXIZNod8YXMMOQtH/VWCqJD3pIXG1mJ7YD
Pj9rSNhBZdw8GrjZWh04E8pdy0QMVoDrcKBhe6NfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfKqYY4HhTnxIWctmLC6Im3mE3IYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk0ZDhmYzc3LTI4NjktNGI2MC1hNzEyLTQxYjc4NTRkNWZkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTZwwDQYJKoZIhvcNAQELBQADggEBAL7PqCn/uLtBvpq3mY9YOq9dq6H6
6rKDIF3H8frFG0O4Vvg+UIAn1evxWrdW8S4EGKzKnPrfmDTvChsR5ebTa0f+BATn
Q7Zgfbhq3m7bOswT+/8pm0ELqnWm/v3e/1PXqFGw2xTWDYcuXh9qXFUo+LFy3oUD
kMOpJsULglxm6bO95zG6D4SQQkmfrKbuul0paNrfcNr+5kz6h+oCSrPsAId7BE/F
EyUmgE4wUCfBZ1chCcZ9Uke5hB81PZPPwlqSt9WnsUNantDLrCkve7dcM3l5ldvg
Fn0LCeWfAkACo07Stg7JJysDanbdbkgWHsqq3ONRiGx4rOviB2MprQOYOXk=
-----END CERTIFICATE-----