Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/676edaf9-eefc-4d15-806d-4e0758a8314a.roa
File:                     676edaf9-eefc-4d15-806d-4e0758a8314a.roa (raw, json)
Hash identifier:          2TYybv4DHr6brO/7rkOHoR2fFPJuu/LNquAYBoYC4WY=
Subject key identifier:   30:F5:7D:34:A1:65:B8:E4:20:E3:8D:E1:FA:A1:36:D7:5B:02:4E:E8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       21F25F1E473DD3DCDAEE77859504555DDB1CFDEB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/676edaf9-eefc-4d15-806d-4e0758a8314a.roa
Signing time:             Fri 08 May 2026 02:20:07 +0000
ROA not before:           Fri 08 May 2026 02:20:07 +0000
ROA not after:            Thu 06 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.215.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 13 May 2026 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:f2:5f:1e:47:3d:d3:dc:da:ee:77:85:95:04:55:5d:db:1c:fd:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May  8 02:20:07 2026 GMT
            Not After : Aug  6 23:59:59 2026 GMT
        Subject: serialNumber=ada7e232c807e3ac6a8cac5067934d4d4e44b252254127b6c09a8fd9546241a6, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:32:92:37:16:1b:8a:94:f1:fb:9d:1c:e7:82:
                    f5:92:c4:1a:19:ed:59:54:36:9a:69:ac:f5:63:59:
                    6b:b3:1e:ac:73:a3:19:16:40:06:99:08:0b:87:c5:
                    4b:72:14:36:9b:c1:09:86:a1:25:44:e2:2b:80:28:
                    09:e4:cd:18:6a:1e:86:74:37:04:a3:47:76:2d:87:
                    76:fe:89:98:30:5f:58:d6:22:4f:ac:21:7f:66:a6:
                    42:d0:75:2d:c8:ed:24:a5:b4:db:36:99:5c:32:ac:
                    d0:74:aa:f9:82:40:21:6f:8d:19:c2:57:4f:99:ca:
                    0c:5c:78:69:c2:88:14:47:a7:f6:08:9c:47:da:3c:
                    ca:11:e2:ff:43:a4:8b:5b:18:79:4a:98:8c:80:91:
                    c1:64:e1:2f:d7:f8:35:7b:19:40:3e:3b:cb:21:89:
                    c7:42:d7:59:59:48:e9:45:42:ff:9e:89:2c:73:af:
                    69:9b:43:6d:11:23:7c:2e:8b:bd:45:b3:b8:28:38:
                    a8:a0:89:51:21:62:6b:29:3d:09:6c:33:96:e4:33:
                    b9:78:b4:83:4e:4f:44:36:c4:70:15:52:b1:a3:5a:
                    74:bb:15:2d:5b:58:af:80:a0:b3:21:48:1a:34:ec:
                    96:6d:c7:af:09:93:bc:80:ed:f2:7c:8f:62:52:17:
                    0e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:F5:7D:34:A1:65:B8:E4:20:E3:8D:E1:FA:A1:36:D7:5B:02:4E:E8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/676edaf9-eefc-4d15-806d-4e0758a8314a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.215.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         76:52:e7:06:59:18:2f:b1:0d:b4:7d:7c:4a:53:a3:98:4e:53:
         72:ab:15:08:f5:d9:a4:7d:91:e7:ca:25:28:55:5c:6e:46:ed:
         d1:a4:cd:fc:93:bc:ec:08:6c:f8:8e:93:b8:cd:e3:26:ae:59:
         65:ea:31:67:37:f0:e8:24:68:a7:fb:ca:7e:8e:16:d5:da:2a:
         3f:69:8c:b1:57:be:9a:34:77:dc:ee:f5:9e:d2:18:4c:41:12:
         b9:9a:b2:53:cc:ff:88:af:3e:95:13:95:be:d1:cd:8a:c0:bf:
         28:ba:14:c8:4b:8c:92:ac:3b:eb:cc:34:13:3e:77:aa:ae:9d:
         8d:42:1f:3c:21:c8:d9:a3:d6:8d:8c:a6:cd:07:a5:36:e1:a4:
         5d:0c:0b:22:b7:98:06:a3:ed:31:17:dc:0a:b1:ee:4f:f9:2f:
         80:36:30:89:44:a5:31:0b:ad:68:ce:fe:f9:44:5f:b0:82:f6:
         fe:38:a6:30:e0:e9:11:ec:24:74:1c:5e:cd:4e:08:9b:25:97:
         1b:03:1d:1d:0f:4f:a1:e2:81:38:28:f6:1f:73:41:22:a0:fb:
         8e:df:de:27:4a:70:84:fb:4e:f2:c9:f7:75:8a:55:9f:3c:7c:
         e8:b5:f0:54:20:3d:8d:ac:c1:7e:4b:06:7d:de:85:ab:ab:8c:
         fb:3a:6d:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIfJfHkc909za7neFlQRVXdsc/eswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjYwNTA4MDIyMDA3WhcNMjYwODA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZGE3ZTIzMmM4MDdlM2FjNmE4Y2FjNTA2NzkzNGQ0ZDRl
NDRiMjUyMjU0MTI3YjZjMDlhOGZkOTU0NjI0MWE2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+MpI3FhuKlPH7nRzngvWSxBoZ7VlUNppprPVjWWuzHqxz
oxkWQAaZCAuHxUtyFDabwQmGoSVE4iuAKAnkzRhqHoZ0NwSjR3Yth3b+iZgwX1jW
Ik+sIX9mpkLQdS3I7SSltNs2mVwyrNB0qvmCQCFvjRnCV0+ZygxceGnCiBRHp/YI
nEfaPMoR4v9DpItbGHlKmIyAkcFk4S/X+DV7GUA+O8shicdC11lZSOlFQv+eiSxz
r2mbQ20RI3wui71Fs7goOKigiVEhYmspPQlsM5bkM7l4tINOT0Q2xHAVUrGjWnS7
FS1bWK+AoLMhSBo07JZtx68Jk7yA7fJ8j2JSFw6JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMPV9NKFluOQg443h+qE211sCTugwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY3NmVkYWY5LWVlZmMtNGQxNS04MDZkLTRlMDc1OGE4MzE0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQ21wAwDQYJKoZIhvcNAQELBQADggEBAHZS5wZZGC+xDbR9fEpTo5hOU3Kr
FQj12aR9kefKJShVXG5G7dGkzfyTvOwIbPiOk7jN4yauWWXqMWc38OgkaKf7yn6O
FtXaKj9pjLFXvpo0d9zu9Z7SGExBErmaslPM/4ivPpUTlb7RzYrAvyi6FMhLjJKs
O+vMNBM+d6qunY1CHzwhyNmj1o2Mps0HpTbhpF0MCyK3mAaj7TEX3Aqx7k/5L4A2
MIlEpTELrWjO/vlEX7CC9v44pjDg6RHsJHQcXs1OCJsllxsDHR0PT6HigTgo9h9z
QSKg+47f3idKcIT7TvLJ93WKVZ88fOi18FQgPY2swX5LBn3ehaurjPs6bQM=
-----END CERTIFICATE-----
Generated at Tue May 12 22:20:27 2026 by rpki-client