Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/631a84b2-035c-4487-93c7-341becaaa133.roa
File:                     631a84b2-035c-4487-93c7-341becaaa133.roa (raw, json)
Hash identifier:          MRFY12IYnsdcH4vSb8kf6Yn8aVyBHJyo2myZtcAyMKg=
Subject key identifier:   33:E0:1A:C7:E0:F9:11:ED:38:CF:25:71:43:C2:FF:62:18:AE:AB:50
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       21702A33AC7E0FE01709B9F85DDA3A28C6144E93
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/631a84b2-035c-4487-93c7-341becaaa133.roa
Signing time:             Tue 24 Feb 2026 03:50:43 +0000
ROA not before:           Tue 24 Feb 2026 03:50:43 +0000
ROA not after:            Mon 25 May 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        18.68.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 28 Feb 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:70:2a:33:ac:7e:0f:e0:17:09:b9:f8:5d:da:3a:28:c6:14:4e:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 24 03:50:43 2026 GMT
            Not After : May 25 23:59:59 2026 GMT
        Subject: serialNumber=0e1860c04db3c732e43da03bbafe7762a7292310e8276b7847dc0ccd6a50f91a, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:37:b3:f0:26:be:b1:77:96:e2:e9:ff:a7:f6:
                    fb:7f:af:b4:4b:d1:91:9d:fc:f5:e7:0f:99:70:0c:
                    67:60:ff:3b:1e:78:e7:f1:ba:e7:89:ea:4f:f9:2f:
                    dc:83:69:d4:80:e6:23:4b:74:5a:99:df:db:e3:15:
                    78:5a:b6:c3:34:3b:d1:89:51:2b:5c:43:08:04:a7:
                    d9:55:2c:5d:27:4a:86:bf:2a:8e:81:eb:63:62:f8:
                    0b:3c:e6:7c:ca:73:9b:e9:5f:9f:3b:d2:f3:db:38:
                    46:cc:c6:43:ad:89:fb:45:99:87:f6:3f:4f:c6:c8:
                    cb:9a:b0:9f:36:0b:b6:6e:08:75:04:0e:89:df:1d:
                    ca:9e:9c:ec:03:b9:10:e5:e0:69:a5:e9:ca:17:85:
                    a4:cc:d0:e4:21:7d:c9:c8:84:a8:6e:99:11:38:93:
                    76:fa:dd:10:c2:43:b2:ae:fc:25:eb:7b:a3:75:23:
                    21:f3:bf:80:0a:35:a6:bb:8f:11:27:f2:27:09:17:
                    d8:3e:4d:2e:44:36:fd:1d:36:e0:cd:3a:87:7b:f8:
                    8a:cf:2a:bf:c2:7b:1a:e3:44:91:da:98:d2:9d:86:
                    ed:94:f5:60:8c:6b:36:46:c3:35:e6:0f:71:28:73:
                    64:0f:fc:8e:05:94:13:0f:ab:aa:d4:7d:c5:79:54:
                    0e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:E0:1A:C7:E0:F9:11:ED:38:CF:25:71:43:C2:FF:62:18:AE:AB:50
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/631a84b2-035c-4487-93c7-341becaaa133.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.68.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:12:87:0f:1c:5c:7d:92:9b:41:bf:b7:e7:b2:da:e4:82:51:
         6b:80:b7:02:a2:06:75:71:65:bf:ac:d3:a2:10:f2:c1:5b:89:
         45:70:4f:81:29:c1:0d:d7:11:57:3e:fe:ab:0c:cf:0c:b6:74:
         43:8f:d2:5c:5a:52:22:c2:2e:f5:40:bf:6b:77:e7:ec:39:27:
         fe:f8:3b:6a:7a:09:8e:6d:61:e3:f7:93:16:e0:77:7f:15:81:
         a7:38:76:8a:0f:fc:2e:b5:33:cd:4d:82:eb:7b:69:ba:02:fb:
         30:ef:6d:65:c9:e3:f9:f8:77:a6:54:a7:45:67:43:ca:ff:4d:
         f9:96:87:c3:64:46:fd:c9:92:c2:06:ee:fe:1e:0d:e0:ed:19:
         12:29:38:a9:95:77:27:c2:8f:7b:a7:b3:56:ec:0c:44:cc:1f:
         85:79:ec:fc:a1:80:30:93:72:d6:28:43:1a:69:e7:f1:18:e2:
         0d:76:94:fc:ac:d7:a5:6b:0f:ac:c1:97:ac:2f:3f:09:16:6b:
         c1:bb:30:66:93:11:f3:13:d0:19:ab:a9:1c:c4:83:6e:0c:d1:
         2a:0d:6f:52:0a:c7:a6:fb:ae:aa:45:9a:4d:ac:b7:14:f3:2c:
         67:7e:57:4a:83:20:d9:fc:0d:2a:4d:22:9b:ec:ee:26:84:f0:
         69:4d:a5:de
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIXAqM6x+D+AXCbn4Xdo6KMYUTpMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjI0MDM1MDQzWhcNMjYwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZTE4NjBjMDRkYjNjNzMyZTQzZGEwM2JiYWZlNzc2MmE3
MjkyMzEwZTgyNzZiNzg0N2RjMGNjZDZhNTBmOTFhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXN7PwJr6xd5bi6f+n9vt/r7RL0ZGd/PXnD5lwDGdg/zse
eOfxuueJ6k/5L9yDadSA5iNLdFqZ39vjFXhatsM0O9GJUStcQwgEp9lVLF0nSoa/
Ko6B62Ni+As85nzKc5vpX5870vPbOEbMxkOtiftFmYf2P0/GyMuasJ82C7ZuCHUE
DonfHcqenOwDuRDl4Gml6coXhaTM0OQhfcnIhKhumRE4k3b63RDCQ7Ku/CXre6N1
IyHzv4AKNaa7jxEn8icJF9g+TS5ENv0dNuDNOod7+IrPKr/CexrjRJHamNKdhu2U
9WCMazZGwzXmD3Eoc2QP/I4FlBMPq6rUfcV5VA7/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUM+Aax+D5Ee04zyVxQ8L/Yhiuq1AwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzYzMWE4NGIyLTAzNWMtNDQ4Ny05M2M3LTM0MWJlY2FhYTEzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASROUwDQYJKoZIhvcNAQELBQADggEBABMShw8cXH2Sm0G/t+ey2uSCUWuA
twKiBnVxZb+s06IQ8sFbiUVwT4EpwQ3XEVc+/qsMzwy2dEOP0lxaUiLCLvVAv2t3
5+w5J/74O2p6CY5tYeP3kxbgd38Vgac4dooP/C61M81Ngut7aboC+zDvbWXJ4/n4
d6ZUp0VnQ8r/TfmWh8NkRv3JksIG7v4eDeDtGRIpOKmVdyfCj3uns1bsDETMH4V5
7PyhgDCTctYoQxpp5/EY4g12lPys16VrD6zBl6wvPwkWa8G7MGaTEfMT0BmrqRzE
g24M0SoNb1IKx6b7rqpFmk2stxTzLGd+V0qDINn8DSpNIpvs7iaE8GlNpd4=
-----END CERTIFICATE-----