Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4a21000-3e1d-4970-8585-41d9313167de.roa
File:                     d4a21000-3e1d-4970-8585-41d9313167de.roa (raw, json)
Hash identifier:          ZvTb21uegw05ZdITJWyNOK1scO5GGFdbSBorb9wy/R0=
Subject key identifier:   41:08:DF:FD:AB:DA:57:E3:09:99:63:3E:85:BE:17:8E:40:CC:CC:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       485A3AB6B47FDD47B15DB009DFCC3D3D68FD5ABC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4a21000-3e1d-4970-8585-41d9313167de.roa
Signing time:             Tue 10 Feb 2026 01:00:51 +0000
ROA not before:           Tue 10 Feb 2026 01:00:51 +0000
ROA not after:            Mon 11 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 27 Feb 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:5a:3a:b6:b4:7f:dd:47:b1:5d:b0:09:df:cc:3d:3d:68:fd:5a:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 10 01:00:51 2026 GMT
            Not After : May 11 23:59:59 2026 GMT
        Subject: serialNumber=81e53fd0d1013dc469f89ff6531048fc7556e8d6b4a15a2f35c1f405cbccd598, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:52:e9:43:b8:cb:84:d6:3e:8c:ef:dd:34:5c:
                    ef:e4:8f:9e:07:62:42:bd:f4:b2:a4:cb:1a:a0:a5:
                    0f:14:80:89:fc:0b:c8:47:51:9e:a4:12:f5:cb:d3:
                    b7:56:25:6e:0d:13:65:27:ac:ec:46:ee:ea:0f:46:
                    d0:40:cd:d6:e2:2f:8b:ca:01:1b:03:90:a5:98:f2:
                    29:16:93:7c:f1:39:1d:f6:ba:4d:2e:a3:ae:4c:0d:
                    e5:d0:eb:48:b1:31:f7:91:2b:6a:16:64:ed:9d:18:
                    73:f3:8f:c7:c5:6b:5c:2c:d2:ce:19:eb:75:86:ae:
                    15:aa:da:4d:6f:bc:6f:ca:4c:16:f9:a1:e1:fc:10:
                    c8:b1:15:58:1c:25:31:49:a5:72:df:46:ab:ad:18:
                    aa:63:6b:5a:1e:11:d1:e7:d1:c2:12:b0:55:aa:aa:
                    39:a2:4c:25:af:73:ab:0c:a4:52:47:be:18:2c:a8:
                    59:09:78:4c:d6:49:d3:82:4c:4d:ff:5e:f3:7d:92:
                    19:6a:76:31:91:b0:b1:f6:68:44:55:38:f9:d9:48:
                    fa:2b:ab:89:bc:6e:0b:df:12:96:01:70:83:18:24:
                    62:92:0f:b5:b1:77:b5:a6:46:7d:88:18:2d:68:23:
                    20:e1:62:2b:ce:3a:c5:c9:f2:13:2b:ce:1b:bd:73:
                    20:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:08:DF:FD:AB:DA:57:E3:09:99:63:3E:85:BE:17:8E:40:CC:CC:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4a21000-3e1d-4970-8585-41d9313167de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:c5:18:34:9b:1c:46:71:4b:45:89:d3:df:a6:23:23:c4:34:
         3e:74:77:22:ce:de:f0:30:8f:e8:f5:93:22:75:bf:55:a2:b6:
         e7:a8:01:f2:e8:65:dc:0f:6d:ea:5e:eb:55:f3:ed:77:f8:ba:
         bd:fd:99:b6:12:be:72:e4:b1:6d:9d:c1:44:17:21:eb:a3:49:
         8c:93:7b:31:33:c3:bf:49:90:32:5d:df:d5:dd:c3:38:80:eb:
         63:1e:40:2e:23:ba:b5:6a:12:53:25:71:b7:80:37:2d:13:d6:
         d0:48:44:3c:68:7c:85:da:fe:58:d5:a4:4b:fa:e1:75:d5:6c:
         fc:9d:0c:ea:a4:ac:0a:17:67:95:ac:2f:35:6b:a7:f1:4c:69:
         25:2a:8a:58:28:dd:97:cf:34:d5:68:f4:0d:20:c0:3f:1b:74:
         9a:dd:be:f0:d9:c3:9e:95:a1:db:ba:5e:54:4b:3a:40:8a:1a:
         09:df:ff:be:e4:3a:40:0d:81:98:78:6b:d2:ae:75:19:f6:cb:
         03:83:c9:f4:35:e6:87:77:b2:ab:34:29:92:95:1b:0a:a1:3e:
         3b:10:a5:b7:66:28:9d:00:5d:1b:f8:a0:1e:54:20:79:fa:cf:
         18:63:91:2a:d8:b5:f4:02:f2:d4:88:9c:31:25:33:2f:52:e1:
         bc:5a:90:1c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSFo6trR/3UexXbAJ38w9PWj9WrwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwMjEwMDEwMDUxWhcNMjYwNTExMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MWU1M2ZkMGQxMDEzZGM0NjlmODlmZjY1MzEwNDhmYzc1
NTZlOGQ2YjRhMTVhMmYzNWMxZjQwNWNiY2NkNTk4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwUulDuMuE1j6M7900XO/kj54HYkK99LKkyxqgpQ8UgIn8
C8hHUZ6kEvXL07dWJW4NE2UnrOxG7uoPRtBAzdbiL4vKARsDkKWY8ikWk3zxOR32
uk0uo65MDeXQ60ixMfeRK2oWZO2dGHPzj8fFa1ws0s4Z63WGrhWq2k1vvG/KTBb5
oeH8EMixFVgcJTFJpXLfRqutGKpja1oeEdHn0cISsFWqqjmiTCWvc6sMpFJHvhgs
qFkJeEzWSdOCTE3/XvN9khlqdjGRsLH2aERVOPnZSPorq4m8bgvfEpYBcIMYJGKS
D7Wxd7WmRn2IGC1oIyDhYivOOsXJ8hMrzhu9cyADAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQQjf/avaV+MJmWM+hb4XjkDMzN8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0YTIxMDAwLTNlMWQtNDk3MC04NTg1LTQxZDkzMTMxNjdkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTYwwDQYJKoZIhvcNAQELBQADggEBAJLFGDSbHEZxS0WJ09+mIyPEND50
dyLO3vAwj+j1kyJ1v1WitueoAfLoZdwPbepe61Xz7Xf4ur39mbYSvnLksW2dwUQX
IeujSYyTezEzw79JkDJd39XdwziA62MeQC4jurVqElMlcbeANy0T1tBIRDxofIXa
/ljVpEv64XXVbPydDOqkrAoXZ5WsLzVrp/FMaSUqilgo3ZfPNNVo9A0gwD8bdJrd
vvDZw56Vodu6XlRLOkCKGgnf/77kOkANgZh4a9KudRn2ywODyfQ15od3sqs0KZKV
GwqhPjsQpbdmKJ0AXRv4oB5UIHn6zxhjkSrYtfQC8tSInDElMy9S4bxakBw=
-----END CERTIFICATE-----