Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d3cf071-15a1-4b52-be8f-53bd4a79df40.roa
File:                     1d3cf071-15a1-4b52-be8f-53bd4a79df40.roa (raw, json)
Hash identifier:          j1X1tJWEUg8B8g0tZRVWBtICjV4L+HjkSyGLtLyKohY=
Subject key identifier:   46:22:DF:3E:A3:7D:A1:7A:9E:82:CC:55:81:84:84:ED:F9:1F:C3:EC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4C8447E3D2BD15A13AEAD293DD86E1B69C09CFCF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d3cf071-15a1-4b52-be8f-53bd4a79df40.roa
Signing time:             Mon 04 Aug 2025 17:31:44 +0000
ROA not before:           Mon 04 Aug 2025 17:31:44 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.172.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:84:47:e3:d2:bd:15:a1:3a:ea:d2:93:dd:86:e1:b6:9c:09:cf:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  4 17:31:44 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=45f60cea77bd0930a2ed8f2db5e6017587ab8e885ac02c3876650e5595fd2734, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:06:5e:a8:3f:58:43:45:32:72:e8:e7:a9:e4:
                    fc:0d:9f:e0:41:e3:b8:6a:e1:21:e7:64:26:93:65:
                    3d:36:88:2b:da:98:cf:e9:ff:7d:a1:07:bf:27:ea:
                    da:d5:a8:9e:ac:d7:26:4f:74:78:c7:c0:f8:60:fc:
                    3c:85:ee:ab:f3:a6:7f:ad:66:c1:9a:a0:a3:9c:be:
                    8f:ab:29:08:8b:99:f6:a5:70:eb:04:ef:db:64:fb:
                    82:73:6f:cf:43:d4:c8:0f:04:44:c8:3c:ee:3b:8f:
                    3e:f5:cd:40:43:f5:9b:13:b6:af:21:97:ac:38:66:
                    b8:ed:df:cf:c2:99:6b:5d:d9:d1:13:e0:06:ae:41:
                    f5:cb:47:f9:67:35:9e:88:f3:c4:5e:ea:82:cc:90:
                    cb:df:1d:15:ed:11:ab:71:46:9c:d0:05:32:2c:82:
                    95:3b:7d:53:1e:3a:17:bf:aa:9f:f8:98:9b:46:5a:
                    05:be:e2:23:1c:78:0a:44:2f:6f:45:fd:8b:c3:87:
                    a7:f5:65:19:da:1e:f2:38:1b:a0:73:19:53:18:c8:
                    e3:fe:1c:31:cc:76:7a:c0:b7:e7:1d:df:20:43:de:
                    68:ff:c4:8b:09:8e:ef:e7:05:0c:75:ad:d4:02:04:
                    bc:df:ba:11:7f:29:0f:41:a2:dc:db:1e:6e:25:66:
                    fd:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:22:DF:3E:A3:7D:A1:7A:9E:82:CC:55:81:84:84:ED:F9:1F:C3:EC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d3cf071-15a1-4b52-be8f-53bd4a79df40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.172.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b3:26:a7:dd:63:5b:26:70:a7:97:50:39:1e:82:ff:64:8d:04:
         22:2c:80:93:a7:ca:3e:b2:0b:c1:b4:38:9d:89:ee:51:b6:2c:
         71:70:e0:82:c7:20:30:d1:73:3a:a9:b4:52:91:9b:1a:da:c8:
         b3:c4:be:9c:c0:67:cf:b3:b9:a2:36:ae:83:f6:16:0d:81:8f:
         dd:69:8e:a2:9c:2d:57:07:05:cd:a8:ef:95:4c:cd:58:7c:44:
         37:de:fe:1d:df:8b:bb:16:e7:40:06:96:5c:63:d6:d5:01:a9:
         fa:14:c3:f7:cb:76:fa:98:23:73:18:ec:be:d6:6a:7e:d6:0c:
         90:b1:2b:f7:d5:0f:2c:78:07:c1:49:88:77:65:9d:04:83:12:
         f1:7b:e2:a8:57:2a:12:34:8c:89:91:c9:bd:f3:98:32:0a:f0:
         36:e2:03:69:81:8d:91:c7:6f:a6:44:2f:0f:48:69:94:e5:ed:
         1a:40:c0:0e:f1:c4:e2:f0:70:ec:4c:2d:b6:e2:19:34:eb:7a:
         a4:b7:07:9e:dc:a3:4a:b9:a0:3b:b6:c8:7d:3e:d7:e9:d7:ab:
         27:65:40:21:f0:ac:09:e6:a4:cc:de:36:bf:e1:f4:4c:e3:9b:
         ab:13:89:79:45:48:93:b8:be:61:cd:48:b0:91:3f:7b:27:ec:
         a0:a9:c7:f0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTIRH49K9FaE66tKT3YbhtpwJz88wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODA0MTczMTQ0WhcNMjUwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NWY2MGNlYTc3YmQwOTMwYTJlZDhmMmRiNWU2MDE3NTg3
YWI4ZTg4NWFjMDJjMzg3NjY1MGU1NTk1ZmQyNzM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDiBl6oP1hDRTJy6Oep5PwNn+BB47hq4SHnZCaTZT02iCva
mM/p/32hB78n6trVqJ6s1yZPdHjHwPhg/DyF7qvzpn+tZsGaoKOcvo+rKQiLmfal
cOsE79tk+4Jzb89D1MgPBETIPO47jz71zUBD9ZsTtq8hl6w4Zrjt38/CmWtd2dET
4AauQfXLR/lnNZ6I88Re6oLMkMvfHRXtEatxRpzQBTIsgpU7fVMeOhe/qp/4mJtG
WgW+4iMceApEL29F/YvDh6f1ZRnaHvI4G6BzGVMYyOP+HDHMdnrAt+cd3yBD3mj/
xIsJju/nBQx1rdQCBLzfuhF/KQ9BotzbHm4lZv1nAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURiLfPqN9oXqegsxVgYSE7fkfw+wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFkM2NmMDcxLTE1YTEtNGI1Mi1iZThmLTUzYmQ0YTc5ZGY0MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAorDANBgkqhkiG9w0BAQsFAAOCAQEAsyan3WNbJnCnl1A5HoL/ZI0EIiyA
k6fKPrILwbQ4nYnuUbYscXDggscgMNFzOqm0UpGbGtrIs8S+nMBnz7O5ojaug/YW
DYGP3WmOopwtVwcFzajvlUzNWHxEN97+Hd+LuxbnQAaWXGPW1QGp+hTD98t2+pgj
cxjsvtZqftYMkLEr99UPLHgHwUmId2WdBIMS8XviqFcqEjSMiZHJvfOYMgrwNuID
aYGNkcdvpkQvD0hplOXtGkDADvHE4vBw7EwttuIZNOt6pLcHntyjSrmgO7bIfT7X
6derJ2VAIfCsCeakzN42v+H0TOObqxOJeUVIk7i+Yc1IsJE/eyfsoKnH8A==
-----END CERTIFICATE-----
Generated at Wed Aug 6 11:24:37 2025 by rpki-client