Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cef8d8e1-26f9-4f5b-a428-0989b643436b.roa
File:                     cef8d8e1-26f9-4f5b-a428-0989b643436b.roa (raw, json)
Hash identifier:          ocTVaDVDE1YOt7S9vYRUcMTmyrhqa50+hmq2uotZwg0=
Subject key identifier:   E7:94:8A:72:FA:51:FD:33:02:56:C9:5E:B7:60:2A:13:E1:F2:81:65
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4F04D38FB204C7857816D8BA4D872F0F0283BA36
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cef8d8e1-26f9-4f5b-a428-0989b643436b.roa
Signing time:             Tue 19 May 2026 01:21:16 +0000
ROA not before:           Tue 19 May 2026 01:21:16 +0000
ROA not after:            Mon 17 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        52.144.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 14 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:04:d3:8f:b2:04:c7:85:78:16:d8:ba:4d:87:2f:0f:02:83:ba:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 19 01:21:16 2026 GMT
            Not After : Aug 17 23:59:59 2026 GMT
        Subject: serialNumber=faccefaa67a7196beca9e5063fc0ff2ba759219be78393135bf66d4deca7c743, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:bf:25:35:47:48:c8:de:8c:72:4c:21:52:70:
                    2b:87:46:95:a1:60:4a:a3:4d:9d:88:22:2b:11:2b:
                    41:d4:54:de:7f:47:04:ea:cb:cb:5f:c8:a1:00:2e:
                    db:43:6c:79:a9:4e:21:74:f6:8c:d2:b9:ba:d8:5f:
                    b4:17:2c:61:69:e1:22:00:51:ef:ae:8a:93:76:38:
                    42:f6:51:38:37:72:4e:0f:a2:cb:0d:68:07:07:07:
                    cc:96:85:63:14:5d:1c:01:64:57:94:23:2b:3e:19:
                    9e:ba:f4:5b:71:58:f9:8d:8e:69:80:26:db:c5:c8:
                    69:12:3b:5a:1d:7e:8d:c8:7f:c9:cd:c4:42:5b:38:
                    cd:56:7f:7b:9b:8b:0b:ce:39:98:fd:87:32:f9:fa:
                    b1:97:0a:fc:f9:d3:3f:e1:84:49:05:72:3e:42:f1:
                    b8:d2:d5:bf:ae:cc:85:a9:c3:26:da:10:cf:84:40:
                    9b:71:10:b3:16:44:a5:0c:99:c1:b4:c6:bf:79:ba:
                    e3:19:1d:70:d7:b5:f8:e7:6c:ee:a9:4c:26:e2:b5:
                    01:30:e7:22:6a:69:22:ff:f7:53:9e:26:16:08:c8:
                    13:ad:0f:ee:4c:8a:29:60:fe:17:84:c5:b7:70:57:
                    ac:86:ee:1e:0c:4b:dd:f3:9c:81:af:6b:76:3d:b8:
                    91:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:94:8A:72:FA:51:FD:33:02:56:C9:5E:B7:60:2A:13:E1:F2:81:65
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/cef8d8e1-26f9-4f5b-a428-0989b643436b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.144.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         8e:06:4d:60:5d:99:9c:6d:b5:66:4a:9b:04:2b:dd:0b:13:2f:
         36:5e:cd:1d:c2:19:76:3e:a5:a8:6e:36:26:04:dc:8d:19:d8:
         db:08:d3:95:4f:2d:0f:35:35:f9:d1:b9:ea:a1:7f:9b:bb:0e:
         a7:96:fc:a0:a3:39:19:27:cb:aa:d6:07:a4:cd:cf:80:48:f0:
         89:ee:7f:06:10:e8:20:da:d1:4b:9c:44:86:46:33:19:69:85:
         0c:d1:21:b2:3f:82:05:cc:a5:e5:27:6f:ab:4a:d2:35:90:c6:
         65:bb:06:9f:4a:cc:91:de:af:af:39:2d:ed:96:a7:e5:b9:6d:
         4b:f9:06:3c:63:72:29:79:6c:1f:8c:34:f1:83:a2:77:12:22:
         39:b0:3e:21:67:46:11:b1:2a:98:2b:5f:70:b6:27:61:3f:89:
         ea:a3:27:99:28:cf:14:19:45:0b:8e:85:16:33:5e:71:9f:5b:
         34:06:bb:57:55:eb:e6:9e:13:f4:3c:7a:06:1d:49:6c:34:8e:
         38:35:08:ed:5c:ae:55:20:3e:ac:91:64:ba:90:36:0e:ca:03:
         5f:bb:31:e4:39:2f:09:d5:10:9f:2e:6e:a2:1c:57:ab:b3:67:
         ed:e3:30:b2:9d:15:d5:f0:b0:3d:4e:6d:b6:c1:84:73:63:e3:
         4e:1a:e5:45
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTwTTj7IEx4V4Fti6TYcvDwKDujYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTE5MDEyMTE2WhcNMjYwODE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYWNjZWZhYTY3YTcxOTZiZWNhOWU1MDYzZmMwZmYyYmE3
NTkyMTliZTc4MzkzMTM1YmY2NmQ0ZGVjYTdjNzQzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSvyU1R0jI3oxyTCFScCuHRpWhYEqjTZ2IIisRK0HUVN5/
RwTqy8tfyKEALttDbHmpTiF09ozSubrYX7QXLGFp4SIAUe+uipN2OEL2UTg3ck4P
ossNaAcHB8yWhWMUXRwBZFeUIys+GZ669FtxWPmNjmmAJtvFyGkSO1odfo3If8nN
xEJbOM1Wf3ubiwvOOZj9hzL5+rGXCvz50z/hhEkFcj5C8bjS1b+uzIWpwybaEM+E
QJtxELMWRKUMmcG0xr95uuMZHXDXtfjnbO6pTCbitQEw5yJqaSL/91OeJhYIyBOt
D+5Miilg/heExbdwV6yG7h4MS93znIGva3Y9uJHdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU55SKcvpR/TMCVslet2AqE+HygWUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NlZjhkOGUxLTI2ZjktNGY1Yi1hNDI4LTA5ODliNjQzNDM2Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc0kIAwDQYJKoZIhvcNAQELBQADggEBAI4GTWBdmZxttWZKmwQr3QsTLzZe
zR3CGXY+pahuNiYE3I0Z2NsI05VPLQ81NfnRueqhf5u7DqeW/KCjORkny6rWB6TN
z4BI8InufwYQ6CDa0UucRIZGMxlphQzRIbI/ggXMpeUnb6tK0jWQxmW7Bp9KzJHe
r685Le2Wp+W5bUv5Bjxjcil5bB+MNPGDoncSIjmwPiFnRhGxKpgrX3C2J2E/ieqj
J5kozxQZRQuOhRYzXnGfWzQGu1dV6+aeE/Q8egYdSWw0jjg1CO1crlUgPqyRZLqQ
Ng7KA1+7MeQ5LwnVEJ8ubqIcV6uzZ+3jMLKdFdXwsD1ObbbBhHNj404a5UU=
-----END CERTIFICATE-----