Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/caf8452d-bc01-45b7-a1a6-dd04100ef8d6.roa
File:                     caf8452d-bc01-45b7-a1a6-dd04100ef8d6.roa (raw, json)
Hash identifier:          2tkvf+CO703CsKBpV9rBPotXArKssEaz6uuqLb1dJ2A=
Subject key identifier:   66:3D:0E:B3:A4:CF:D7:E2:A8:0B:43:84:CD:9A:69:1F:EC:1C:87:8F
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6862F4B93278034429BFA0BC3DA73124DADA80B3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/caf8452d-bc01-45b7-a1a6-dd04100ef8d6.roa
Signing time:             Tue 17 Feb 2026 00:30:11 +0000
ROA not before:           Tue 17 Feb 2026 00:30:11 +0000
ROA not after:            Mon 18 May 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        54.160.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 28 Feb 2026 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:62:f4:b9:32:78:03:44:29:bf:a0:bc:3d:a7:31:24:da:da:80:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 17 00:30:11 2026 GMT
            Not After : May 18 23:59:59 2026 GMT
        Subject: serialNumber=3da8d026f9d07cbefd8f9ae8ecc4c2b6ff1a385d21f05c489bf5b9927dd3775f, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5a:e8:4e:d0:8d:10:0d:ae:f8:c0:67:36:1b:
                    03:9c:9e:39:e6:d1:98:91:31:1c:6b:7b:27:ca:d0:
                    23:06:e9:28:97:d6:70:ce:7e:0f:82:05:f6:18:5d:
                    f2:1f:34:1d:3a:33:f0:7e:3a:93:a3:9f:05:6c:6e:
                    65:92:b4:b9:fe:bc:e8:75:a0:56:5f:9f:2e:25:31:
                    20:3e:63:56:eb:38:20:31:7e:f0:50:ae:84:f8:f4:
                    2b:8d:95:dd:a3:d3:17:0e:7e:c3:e4:05:81:30:90:
                    3a:68:42:5a:ed:1c:40:3d:f6:65:8b:63:5d:44:d1:
                    f7:f5:79:02:d8:0f:7f:ee:f1:54:d1:ea:7d:46:fd:
                    00:be:09:1f:ab:e1:2a:26:58:73:b2:9f:39:3b:ce:
                    1d:28:59:65:38:9f:d7:b0:d5:f4:88:44:07:3d:77:
                    c6:07:6c:5f:a9:86:a3:85:46:4c:be:6d:dc:c5:7d:
                    50:3e:6c:a6:d8:89:70:3c:5a:7f:f5:8e:af:35:8b:
                    e0:4f:67:ff:be:f8:48:d9:6d:28:0c:8b:bd:0d:ac:
                    3f:33:d2:2b:0f:39:91:b6:49:4c:e4:92:5e:a9:d6:
                    05:3f:ce:4f:2b:0c:f9:e8:c3:43:2a:26:b4:9f:79:
                    5b:f1:ec:82:af:93:4c:08:26:49:ad:81:45:06:72:
                    fe:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:3D:0E:B3:A4:CF:D7:E2:A8:0B:43:84:CD:9A:69:1F:EC:1C:87:8F
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/caf8452d-bc01-45b7-a1a6-dd04100ef8d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.160.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         00:be:f0:71:eb:d9:3f:5a:36:19:e1:72:21:4b:e5:03:bf:77:
         88:2d:33:27:3c:b5:08:e0:ca:7b:41:5d:f8:0b:35:79:d2:dc:
         96:93:f6:d8:33:9e:6e:3d:f8:e6:c5:54:04:ca:d7:3b:49:95:
         08:eb:51:0f:a0:6d:a3:6e:3e:91:2d:10:61:3e:7a:d0:22:ef:
         47:aa:1f:0f:b3:46:d6:3d:17:fa:3f:13:1a:40:4e:8b:fd:74:
         5c:13:91:dc:ae:81:91:04:97:34:ca:b8:dd:c6:9b:5e:fc:fd:
         70:25:2d:ef:93:7a:35:5c:ed:08:ff:5b:f0:1d:17:41:be:d8:
         3a:57:43:6f:e3:e7:29:fd:f7:1b:d0:ca:be:0d:46:ab:5a:5c:
         80:15:55:e4:18:42:82:bf:de:12:3c:9f:d7:48:aa:4f:73:f1:
         d7:f7:1e:44:cc:54:96:25:a2:8b:3e:52:71:4c:46:ef:d8:9d:
         10:b2:67:dd:26:5d:63:5f:3b:70:70:6e:97:e8:76:ce:69:9e:
         19:c2:56:b1:81:01:95:a9:f6:61:2e:40:91:ff:87:b1:ba:c6:
         04:1a:19:98:32:4b:36:d3:2b:93:91:43:61:c6:76:c1:1d:62:
         a3:f8:68:45:24:7e:e5:9a:c0:78:a8:7a:d7:58:14:8a:75:9e:
         72:ab:dd:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaGL0uTJ4A0Qpv6C8PacxJNragLMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwMjE3MDAzMDExWhcNMjYwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZGE4ZDAyNmY5ZDA3Y2JlZmQ4ZjlhZThlY2M0YzJiNmZm
MWEzODVkMjFmMDVjNDg5YmY1Yjk5MjdkZDM3NzVmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBWuhO0I0QDa74wGc2GwOcnjnm0ZiRMRxreyfK0CMG6SiX
1nDOfg+CBfYYXfIfNB06M/B+OpOjnwVsbmWStLn+vOh1oFZfny4lMSA+Y1brOCAx
fvBQroT49CuNld2j0xcOfsPkBYEwkDpoQlrtHEA99mWLY11E0ff1eQLYD3/u8VTR
6n1G/QC+CR+r4SomWHOynzk7zh0oWWU4n9ew1fSIRAc9d8YHbF+phqOFRky+bdzF
fVA+bKbYiXA8Wn/1jq81i+BPZ/+++EjZbSgMi70NrD8z0isPOZG2SUzkkl6p1gU/
zk8rDPnow0MqJrSfeVvx7IKvk0wIJkmtgUUGcv7JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZj0Os6TP1+KoC0OEzZppH+wch48wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NhZjg0NTJkLWJjMDEtNDViNy1hMWE2LWRkMDQxMDBlZjhkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc2oIAwDQYJKoZIhvcNAQELBQADggEBAAC+8HHr2T9aNhnhciFL5QO/d4gt
Myc8tQjgyntBXfgLNXnS3JaT9tgznm49+ObFVATK1ztJlQjrUQ+gbaNuPpEtEGE+
etAi70eqHw+zRtY9F/o/ExpATov9dFwTkdyugZEElzTKuN3Gm178/XAlLe+TejVc
7Qj/W/AdF0G+2DpXQ2/j5yn99xvQyr4NRqtaXIAVVeQYQoK/3hI8n9dIqk9z8df3
HkTMVJYloos+UnFMRu/YnRCyZ90mXWNfO3Bwbpfods5pnhnCVrGBAZWp9mEuQJH/
h7G6xgQaGZgySzbTK5ORQ2HGdsEdYqP4aEUkfuWawHioetdYFIp1nnKr3Xs=
-----END CERTIFICATE-----