Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16b9c377-f80d-4d7f-a43b-5ff789630497.roa
File:                     16b9c377-f80d-4d7f-a43b-5ff789630497.roa (raw, json)
Hash identifier:          Pz/9Gm+oT953XQcRjIsxchU4Jl44ABrfZjoHMooXEFo=
Subject key identifier:   2A:65:64:E3:D7:1D:F4:A2:36:89:F2:DD:7A:CE:83:C8:2B:AD:26:E7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       60AA4DED4CFE9A88B6D9AA2EBAB658B0E067B3E4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16b9c377-f80d-4d7f-a43b-5ff789630497.roa
Signing time:             Sat 26 Jul 2025 00:00:49 +0000
ROA not before:           Sat 26 Jul 2025 00:00:49 +0000
ROA not after:            Sat 30 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        24.145.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:aa:4d:ed:4c:fe:9a:88:b6:d9:aa:2e:ba:b6:58:b0:e0:67:b3:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 26 00:00:49 2025 GMT
            Not After : Aug 30 23:59:59 2025 GMT
        Subject: serialNumber=3856e1a69cd8080addde025c4ae11970dc0cf69582e784b56c242727c2af53ee, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0e:59:59:3e:b4:fe:ab:38:9f:95:d9:6b:7b:
                    df:35:be:33:57:19:a9:16:0e:d8:2a:26:f2:b1:ff:
                    8f:70:c2:d6:e4:71:18:99:52:6d:67:05:2a:e9:27:
                    40:63:e5:b6:b8:c7:6f:3f:86:62:3c:de:3e:32:c4:
                    d0:8c:52:dd:6e:8b:ed:b7:6f:96:af:ff:d7:04:28:
                    59:74:13:a7:68:66:49:6c:6d:50:3a:05:1a:17:34:
                    02:0c:d8:7c:fa:46:8f:80:84:7d:66:7b:a8:90:14:
                    a9:57:d9:b9:e4:b6:fd:53:4f:c8:f4:c1:3f:29:67:
                    a6:cd:21:8b:c6:ad:5a:f3:0a:87:bf:11:d1:8c:2c:
                    29:c4:d1:77:0c:05:2d:3a:07:b0:83:9d:e4:93:e4:
                    da:cc:5c:06:3e:fb:51:be:c2:41:20:73:05:4b:52:
                    b2:99:bb:53:fb:6d:33:aa:70:70:81:6d:16:3f:56:
                    ef:80:fa:21:37:e0:bf:db:4a:fd:9c:08:f7:3c:d7:
                    bc:d6:dd:32:fe:14:5a:f1:8f:25:8d:0c:03:ff:d8:
                    c2:c1:bc:a5:be:c5:39:4f:38:69:32:4d:48:dc:24:
                    67:be:23:81:88:ca:c3:82:75:fd:09:22:e8:81:51:
                    a9:ca:4d:68:f8:34:5a:9c:fb:43:a2:6b:d7:92:a0:
                    06:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:65:64:E3:D7:1D:F4:A2:36:89:F2:DD:7A:CE:83:C8:2B:AD:26:E7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16b9c377-f80d-4d7f-a43b-5ff789630497.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  24.145.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         37:63:76:eb:bc:c9:e3:49:c8:37:4f:db:8c:02:9d:4a:e0:d4:
         f3:55:8c:b1:50:8e:8a:11:12:b2:66:92:92:98:fe:48:a9:1d:
         32:d6:36:0e:57:a1:a5:9b:b0:9b:d0:eb:94:9e:b6:c9:8e:e1:
         2d:7f:82:07:cb:03:82:22:9c:8c:00:c4:f3:d1:e6:23:d7:93:
         ff:f8:b6:9f:87:fd:b9:6c:f0:5f:93:25:bd:1c:9b:0e:58:66:
         c6:66:5d:7f:8d:e7:b8:a7:0b:3f:88:ee:40:8d:75:74:a5:49:
         03:73:a8:fe:63:78:d1:60:a8:c9:39:dd:0c:2a:83:11:c1:d7:
         61:55:37:dc:7f:dc:c9:15:bc:d6:c0:0f:d1:cc:26:a8:85:5f:
         54:13:b5:d7:59:40:52:8d:19:3f:3a:23:b8:0f:d2:0b:c8:93:
         52:6d:96:5c:73:6b:dd:63:9e:34:c2:d4:bb:ef:39:17:ce:f2:
         03:c7:11:80:96:a9:ec:be:06:da:fc:cf:62:45:2e:48:c1:e2:
         70:fe:e0:36:ae:88:9f:66:43:82:ab:58:d0:bb:3b:e9:fe:12:
         b4:5f:e0:58:29:54:1e:96:f4:ad:52:cb:ca:11:e9:ea:c6:fe:
         fa:3c:b2:d7:f6:22:13:08:27:0c:33:a5:f4:b5:53:25:91:eb:
         9f:4a:f1:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYKpN7Uz+moi22aouurZYsOBns+QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzI2MDAwMDQ5WhcNMjUwODMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzODU2ZTFhNjljZDgwODBhZGRkZTAyNWM0YWUxMTk3MGRj
MGNmNjk1ODJlNzg0YjU2YzI0MjcyN2MyYWY1M2VlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwDllZPrT+qzifldlre981vjNXGakWDtgqJvKx/49wwtbk
cRiZUm1nBSrpJ0Bj5ba4x28/hmI83j4yxNCMUt1ui+23b5av/9cEKFl0E6doZkls
bVA6BRoXNAIM2Hz6Ro+AhH1me6iQFKlX2bnktv1TT8j0wT8pZ6bNIYvGrVrzCoe/
EdGMLCnE0XcMBS06B7CDneST5NrMXAY++1G+wkEgcwVLUrKZu1P7bTOqcHCBbRY/
Vu+A+iE34L/bSv2cCPc817zW3TL+FFrxjyWNDAP/2MLBvKW+xTlPOGkyTUjcJGe+
I4GIysOCdf0JIuiBUanKTWj4NFqc+0Oia9eSoAYBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKmVk49cd9KI2ifLdes6DyCutJucwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE2YjljMzc3LWY4MGQtNGQ3Zi1hNDNiLTVmZjc4OTYzMDQ5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcYkYAwDQYJKoZIhvcNAQELBQADggEBADdjduu8yeNJyDdP24wCnUrg1PNV
jLFQjooRErJmkpKY/kipHTLWNg5XoaWbsJvQ65SetsmO4S1/ggfLA4IinIwAxPPR
5iPXk//4tp+H/bls8F+TJb0cmw5YZsZmXX+N57inCz+I7kCNdXSlSQNzqP5jeNFg
qMk53QwqgxHB12FVN9x/3MkVvNbAD9HMJqiFX1QTtddZQFKNGT86I7gP0gvIk1Jt
llxza91jnjTC1LvvORfO8gPHEYCWqey+Btr8z2JFLkjB4nD+4DauiJ9mQ4KrWNC7
O+n+ErRf4FgpVB6W9K1Sy8oR6erG/vo8stf2IhMIJwwzpfS1UyWR659K8UY=
-----END CERTIFICATE-----
Generated at Wed Aug 6 11:25:12 2025 by rpki-client