Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/258e6f29-ec78-4849-a049-84a7edb4a611.roa
File:                     258e6f29-ec78-4849-a049-84a7edb4a611.roa (raw, json)
Hash identifier:          XvA/dzvXUqnySa9WNxWOYfW6s9N82VMceWOgcv+DjEA=
Subject key identifier:   ED:42:BB:4D:E2:B6:F3:14:00:C8:92:79:7A:A4:8E:73:49:EC:C2:9F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4799713041BF9A208E759ECF9A776922F0DC6B2C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/258e6f29-ec78-4849-a049-84a7edb4a611.roa
Signing time:             Tue 05 Aug 2025 00:51:24 +0000
ROA not before:           Tue 05 Aug 2025 00:51:24 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        74.190.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 08 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:99:71:30:41:bf:9a:20:8e:75:9e:cf:9a:77:69:22:f0:dc:6b:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  5 00:51:24 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=2f943a3ad2a65d249ed84e0e6574e15e30aea1aab44dabe5bc842b08eef358dc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:2e:e6:1b:8a:37:d5:92:15:26:c6:24:4f:4b:
                    2a:b4:8c:53:1b:1f:a8:18:87:8e:a9:05:0f:f3:78:
                    2a:01:9d:f8:19:00:6d:25:5f:6b:34:25:a1:17:42:
                    b8:4e:aa:bf:fa:e4:27:9b:57:19:7d:90:c6:90:30:
                    62:a6:aa:5d:d8:e6:82:bf:df:35:3d:94:68:fb:71:
                    80:dd:8b:27:a7:d4:bd:82:17:c3:8d:95:ab:d0:98:
                    d6:8a:5f:e6:d4:f6:e2:44:58:b8:39:5b:a5:02:61:
                    75:52:b0:ac:e7:e2:87:66:d8:47:f4:c5:98:c8:5c:
                    d6:59:85:68:4d:0e:b6:53:6a:16:0d:60:35:aa:4c:
                    18:58:b5:b7:d2:cd:5b:32:ee:a2:0e:93:5b:53:b9:
                    d4:86:2f:19:3c:40:50:ac:94:4b:d8:4e:82:fc:bf:
                    4c:66:72:ee:9b:fb:a2:68:e6:d2:4a:74:4e:f2:de:
                    11:cd:34:73:ad:0d:4c:e1:4b:84:cb:03:e5:7f:bd:
                    8c:1f:c9:fc:a7:2a:e2:fe:87:b5:9a:80:79:53:68:
                    81:06:61:eb:9a:ec:b3:4d:47:53:6b:5f:bf:6a:f6:
                    15:6d:c5:43:a5:81:70:38:39:33:bf:03:82:f9:5d:
                    9b:2d:8c:4a:25:ab:d7:40:25:5d:bd:9a:79:1b:26:
                    50:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:42:BB:4D:E2:B6:F3:14:00:C8:92:79:7A:A4:8E:73:49:EC:C2:9F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/258e6f29-ec78-4849-a049-84a7edb4a611.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.190.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         20:ee:a7:27:a0:46:81:06:00:69:44:fe:bd:80:7d:a6:ae:ad:
         df:5c:c5:ce:4c:c2:3c:2e:0e:66:16:7b:e6:d2:f0:93:9f:27:
         4d:07:94:0c:7f:8e:67:e0:8c:8b:33:7f:0c:48:a4:ed:f2:60:
         41:df:ef:5e:e8:cd:0d:cb:1c:b0:7b:b0:f0:8e:6f:4e:d6:e7:
         9a:1e:b0:67:1b:fb:02:86:36:26:f3:26:f5:49:ba:84:98:4f:
         b0:02:b1:96:dd:91:eb:bd:b2:1e:4c:aa:78:25:f1:91:51:8a:
         39:ca:36:14:4c:55:4f:64:a9:92:36:a1:64:ac:3d:cd:04:46:
         16:3a:cb:a9:8e:4c:59:50:e2:20:62:22:88:e0:05:a4:2b:8c:
         a0:e0:ee:ed:19:7c:3d:03:eb:55:28:56:4a:72:25:56:d5:b2:
         d4:5c:c0:b1:78:a6:4c:f1:46:9b:c8:c3:72:64:d1:c0:ec:11:
         d5:aa:68:81:04:26:c8:ad:5b:56:d4:25:63:fa:73:63:f9:1a:
         d6:c6:03:06:83:1e:b3:a6:18:75:5f:36:e1:22:48:1f:bd:14:
         32:4b:68:ca:35:3e:b1:7c:03:2a:68:b1:3d:1f:36:d3:12:83:
         62:2a:48:f0:5b:96:2f:aa:df:61:eb:53:6e:2d:18:94:6f:32:
         e0:d2:20:9d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR5lxMEG/miCOdZ7PmndpIvDcaywwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODA1MDA1MTI0WhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZjk0M2EzYWQyYTY1ZDI0OWVkODRlMGU2NTc0ZTE1ZTMw
YWVhMWFhYjQ0ZGFiZTViYzg0MmIwOGVlZjM1OGRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDlLuYbijfVkhUmxiRPSyq0jFMbH6gYh46pBQ/zeCoBnfgZ
AG0lX2s0JaEXQrhOqr/65CebVxl9kMaQMGKmql3Y5oK/3zU9lGj7cYDdiyen1L2C
F8ONlavQmNaKX+bU9uJEWLg5W6UCYXVSsKzn4odm2Ef0xZjIXNZZhWhNDrZTahYN
YDWqTBhYtbfSzVsy7qIOk1tTudSGLxk8QFCslEvYToL8v0xmcu6b+6Jo5tJKdE7y
3hHNNHOtDUzhS4TLA+V/vYwfyfynKuL+h7WagHlTaIEGYeua7LNNR1NrX79q9hVt
xUOlgXA4OTO/A4L5XZstjEolq9dAJV29mnkbJlBZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7UK7TeK28xQAyJJ5eqSOc0nswp8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI1OGU2ZjI5LWVjNzgtNDg0OS1hMDQ5LTg0YTdlZGI0YTYxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBKvjANBgkqhkiG9w0BAQsFAAOCAQEAIO6nJ6BGgQYAaUT+vYB9pq6t31zF
zkzCPC4OZhZ75tLwk58nTQeUDH+OZ+CMizN/DEik7fJgQd/vXujNDcscsHuw8I5v
Ttbnmh6wZxv7AoY2JvMm9Um6hJhPsAKxlt2R672yHkyqeCXxkVGKOco2FExVT2Sp
kjahZKw9zQRGFjrLqY5MWVDiIGIiiOAFpCuMoODu7Rl8PQPrVShWSnIlVtWy1FzA
sXimTPFGm8jDcmTRwOwR1apogQQmyK1bVtQlY/pzY/ka1sYDBoMes6YYdV824SJI
H70UMktoyjU+sXwDKmixPR820xKDYipI8FuWL6rfYetTbi0YlG8y4NIgnQ==
-----END CERTIFICATE-----
Generated at Wed Aug 6 19:36:49 2025 by rpki-client