Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd34ece0-f157-47fb-bb96-b193c7e8966c.roa
File:                     bd34ece0-f157-47fb-bb96-b193c7e8966c.roa (raw, json)
Hash identifier:          i4mXUQkAnDSBk35Du+bK3PcdPijIUOwe0fGMm/kiCPQ=
Subject key identifier:   86:D3:7D:B7:B7:C0:35:81:41:C7:B5:19:F6:21:3C:EC:4E:3E:99:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       46443E88CA5719289A5BBA48A71AB95BFBD05DAB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd34ece0-f157-47fb-bb96-b193c7e8966c.roa
Signing time:             Mon 11 May 2026 00:30:48 +0000
ROA not before:           Mon 11 May 2026 00:30:48 +0000
ROA not after:            Sun 09 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        23.91.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 14 May 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:44:3e:88:ca:57:19:28:9a:5b:ba:48:a7:1a:b9:5b:fb:d0:5d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 11 00:30:48 2026 GMT
            Not After : Aug  9 23:59:59 2026 GMT
        Subject: serialNumber=69993242605f3829a36638ab989d53ca6ac89062b2187d55887877ffbbf8ca12, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:50:71:be:9d:c1:c5:17:dc:0f:b1:2d:b8:53:
                    74:90:61:e3:3d:47:f7:8f:da:1e:f8:a5:94:72:b7:
                    72:ad:2a:27:89:c5:e9:5b:27:99:0c:ac:bc:3b:21:
                    69:ab:24:0e:cc:b0:41:21:80:28:ab:37:68:21:a2:
                    11:48:46:8d:25:0f:d1:97:76:99:2d:7b:9c:bd:05:
                    b7:e0:92:23:cb:ea:fa:da:de:d8:dd:4c:22:27:65:
                    f6:80:44:61:fd:34:a4:b9:84:b1:b5:65:3d:7c:b0:
                    3b:7c:25:de:0d:0d:80:a2:16:18:b3:c8:e2:f7:1a:
                    af:a7:af:17:d8:61:0a:32:92:db:60:a6:c8:f4:9f:
                    88:7d:4a:66:3e:07:1d:ba:91:b7:a4:24:06:da:18:
                    d2:d2:3d:f6:b5:45:2a:fc:8a:15:3d:89:94:0e:09:
                    42:fc:37:e8:33:41:81:25:0f:81:4d:82:0b:33:de:
                    20:4d:ad:4c:10:95:be:ba:c1:94:0b:08:54:37:66:
                    5a:0f:81:df:92:dc:77:f3:b6:54:cd:cc:0f:b2:51:
                    b6:a2:e6:0f:d2:2c:cd:a5:a3:6a:25:50:23:de:b9:
                    d6:f3:9f:1d:74:a4:86:54:f1:65:6d:dd:f3:ad:38:
                    12:49:02:9e:c8:4c:60:22:12:0e:a2:6b:05:66:c1:
                    fd:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D3:7D:B7:B7:C0:35:81:41:C7:B5:19:F6:21:3C:EC:4E:3E:99:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bd34ece0-f157-47fb-bb96-b193c7e8966c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.91.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:14:e6:0a:5c:34:5e:72:dc:41:9a:eb:77:1e:bb:c5:3f:5a:
         4e:de:64:ac:59:79:53:a3:4d:10:00:3e:dd:7a:c3:25:ec:b9:
         9a:f1:5b:96:28:83:88:96:ed:7c:75:44:45:d8:ba:0d:3e:e3:
         5f:10:78:90:5d:ca:23:6b:fd:d3:a8:ca:f3:f0:4b:99:5e:fe:
         c9:a4:1e:a8:3b:fa:3e:cd:93:56:d4:67:79:55:64:27:dd:fb:
         36:c5:8f:d9:7c:e0:61:d8:2f:b3:34:9f:fe:80:87:6e:6e:f5:
         55:f1:a0:2d:3a:9e:53:dd:70:87:cf:ec:0b:93:2c:52:a2:68:
         fc:9b:af:cb:a9:ab:47:57:9e:b9:59:16:51:8b:bf:f8:75:c9:
         88:21:32:28:e3:9d:b8:0e:cd:24:bd:5c:2c:fa:11:91:7f:cb:
         34:22:33:c9:04:e2:b6:19:10:75:00:ff:fb:12:78:03:16:09:
         5a:74:b3:75:22:59:c8:cc:fd:03:e5:1b:02:00:d4:90:79:68:
         e9:f2:b4:ff:c8:a6:55:10:40:56:11:d3:b0:e1:f8:c2:83:62:
         4f:52:fd:19:b7:7c:6f:65:6e:b4:59:46:28:b6:13:df:af:65:
         50:1d:a3:33:3e:07:2b:59:ed:a8:7b:16:94:34:7c:e0:03:3a:
         84:ea:77:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURkQ+iMpXGSiaW7pIpxq5W/vQXaswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwNTExMDAzMDQ4WhcNMjYwODA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTk5MzI0MjYwNWYzODI5YTM2NjM4YWI5ODlkNTNjYTZh
Yzg5MDYyYjIxODdkNTU4ODc4NzdmZmJiZjhjYTEyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRUHG+ncHFF9wPsS24U3SQYeM9R/eP2h74pZRyt3KtKieJ
xelbJ5kMrLw7IWmrJA7MsEEhgCirN2ghohFIRo0lD9GXdpkte5y9BbfgkiPL6vra
3tjdTCInZfaARGH9NKS5hLG1ZT18sDt8Jd4NDYCiFhizyOL3Gq+nrxfYYQoykttg
psj0n4h9SmY+Bx26kbekJAbaGNLSPfa1RSr8ihU9iZQOCUL8N+gzQYElD4FNggsz
3iBNrUwQlb66wZQLCFQ3ZloPgd+S3HfztlTNzA+yUbai5g/SLM2lo2olUCPeudbz
nx10pIZU8WVt3fOtOBJJAp7ITGAiEg6iawVmwf03AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhtN9t7fANYFBx7UZ9iE87E4+meYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JkMzRlY2UwLWYxNTctNDdmYi1iYjk2LWIxOTNjN2U4OTY2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAXWwMwDQYJKoZIhvcNAQELBQADggEBACYU5gpcNF5y3EGa63ceu8U/Wk7e
ZKxZeVOjTRAAPt16wyXsuZrxW5Yog4iW7Xx1REXYug0+418QeJBdyiNr/dOoyvPw
S5le/smkHqg7+j7Nk1bUZ3lVZCfd+zbFj9l84GHYL7M0n/6Ah25u9VXxoC06nlPd
cIfP7AuTLFKiaPybr8upq0dXnrlZFlGLv/h1yYghMijjnbgOzSS9XCz6EZF/yzQi
M8kE4rYZEHUA//sSeAMWCVp0s3UiWcjM/QPlGwIA1JB5aOnytP/IplUQQFYR07Dh
+MKDYk9S/Rm3fG9lbrRZRii2E9+vZVAdozM+BytZ7ah7FpQ0fOADOoTqd0A=
-----END CERTIFICATE-----