Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/356faa82-a0da-4902-ac5d-0346855caaf1.roa
File:                     356faa82-a0da-4902-ac5d-0346855caaf1.roa (raw, json)
Hash identifier:          o3CIIrcnFCtG1GRjwClZUOSNe8YNttx8NRZMZWIK5KU=
Subject key identifier:   59:C4:A1:DD:7C:64:7D:55:5E:52:61:90:98:96:02:DA:78:F5:0B:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5601DB06E0C2898491C79ED0493DC7E1758AF853
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/356faa82-a0da-4902-ac5d-0346855caaf1.roa
Signing time:             Mon 04 Aug 2025 15:21:54 +0000
ROA not before:           Mon 04 Aug 2025 15:21:54 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.60.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:01:db:06:e0:c2:89:84:91:c7:9e:d0:49:3d:c7:e1:75:8a:f8:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  4 15:21:54 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=73e4863d85616a72cdf2a2f4447dec893e1140a59d963842ff7caf99772eac04, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b7:bf:df:1a:bc:e4:e9:51:fb:02:9c:63:f4:
                    c6:9d:7f:eb:99:9d:56:56:62:de:95:37:1b:02:3b:
                    6a:07:e0:b5:b5:4e:51:ea:bf:57:47:82:da:b6:10:
                    d4:32:fb:30:d7:3e:fb:2d:4e:bd:52:1d:33:8e:dc:
                    aa:57:60:ae:c4:86:0a:b5:bf:56:d2:ad:e5:cf:96:
                    3d:31:52:b5:39:f6:7f:cb:da:31:54:ef:2c:79:fa:
                    99:77:81:2c:e7:7a:7c:61:35:cd:98:27:a2:e9:f8:
                    d2:e5:56:5d:7c:a8:52:d6:f3:7d:3a:63:db:52:5c:
                    98:62:90:ac:8a:10:2f:91:a4:b5:40:22:b8:bf:fd:
                    d6:ba:96:c3:50:d8:65:e9:94:fb:7f:ea:5d:4b:67:
                    61:c7:94:55:0d:b0:4c:b4:64:22:53:34:16:81:ed:
                    12:2d:a6:23:42:e2:53:b0:0f:fd:f6:42:39:64:6d:
                    98:41:83:da:a0:7d:31:f9:a4:aa:0b:1f:ba:3c:47:
                    3b:9c:80:e9:c9:58:81:4d:ea:3b:06:1d:81:7c:de:
                    10:6d:4f:b9:42:72:53:4a:b3:d3:9d:4d:b1:42:2b:
                    44:99:d7:5e:37:e4:91:2e:5d:25:b0:86:c1:31:32:
                    28:99:07:95:b7:4a:82:09:07:df:1e:46:35:8b:1a:
                    a1:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:C4:A1:DD:7C:64:7D:55:5E:52:61:90:98:96:02:DA:78:F5:0B:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/356faa82-a0da-4902-ac5d-0346855caaf1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.60.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         0e:84:68:bf:69:da:24:e7:da:06:24:12:6c:0f:fb:b0:bc:0d:
         a1:05:b4:09:7c:45:ca:7c:a2:73:01:3e:b3:b0:7e:af:c6:ec:
         b7:4e:12:f8:9a:99:95:88:d8:7a:a3:69:89:cc:b2:47:31:54:
         62:c9:48:fd:e9:c4:16:a7:7e:e3:9c:c5:6b:d5:21:b9:45:41:
         cc:6c:54:e4:24:27:68:13:f7:28:0e:af:bc:2c:21:b6:ca:60:
         e9:72:ea:b6:77:79:be:a9:24:2a:9b:65:4e:45:c3:f1:a9:15:
         1c:eb:c8:ca:e2:12:5c:29:9d:60:0a:33:45:9a:d1:d9:d4:89:
         3a:01:c2:eb:3d:f9:b7:13:eb:bf:e7:05:d1:a3:95:00:14:05:
         8e:26:f8:cc:f7:e0:05:5d:38:56:e6:76:c0:c4:85:73:8a:05:
         2b:6d:bf:b5:36:28:81:88:a1:08:ef:60:7a:0d:68:a4:14:2f:
         d7:36:cc:b4:8d:d8:61:87:80:58:95:93:36:2e:20:c7:5e:a1:
         d9:a9:21:c1:fd:4c:67:b4:d8:2a:bc:6b:46:b2:db:ec:72:98:
         56:c5:74:22:d2:c6:ea:3c:4b:ed:06:1f:d0:20:2c:ab:f0:63:
         59:9a:38:8c:85:15:f5:21:99:6b:76:33:e1:7d:df:4d:74:50:
         8c:c4:35:ef
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVgHbBuDCiYSRx57QST3H4XWK+FMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODA0MTUyMTU0WhcNMjUwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3M2U0ODYzZDg1NjE2YTcyY2RmMmEyZjQ0NDdkZWM4OTNl
MTE0MGE1OWQ5NjM4NDJmZjdjYWY5OTc3MmVhYzA0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8t7/fGrzk6VH7Apxj9Madf+uZnVZWYt6VNxsCO2oH4LW1
TlHqv1dHgtq2ENQy+zDXPvstTr1SHTOO3KpXYK7Ehgq1v1bSreXPlj0xUrU59n/L
2jFU7yx5+pl3gSznenxhNc2YJ6Lp+NLlVl18qFLW8306Y9tSXJhikKyKEC+RpLVA
Iri//da6lsNQ2GXplPt/6l1LZ2HHlFUNsEy0ZCJTNBaB7RItpiNC4lOwD/32Qjlk
bZhBg9qgfTH5pKoLH7o8RzucgOnJWIFN6jsGHYF83hBtT7lCclNKs9OdTbFCK0SZ
11435JEuXSWwhsExMiiZB5W3SoIJB98eRjWLGqG9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUWcSh3XxkfVVeUmGQmJYC2nj1CzgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM1NmZhYTgyLWEwZGEtNDkwMi1hYzVkLTAzNDY4NTVjYWFmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwENPDANBgkqhkiG9w0BAQsFAAOCAQEADoRov2naJOfaBiQSbA/7sLwNoQW0
CXxFynyicwE+s7B+r8bst04S+JqZlYjYeqNpicyyRzFUYslI/enEFqd+45zFa9Uh
uUVBzGxU5CQnaBP3KA6vvCwhtspg6XLqtnd5vqkkKptlTkXD8akVHOvIyuISXCmd
YAozRZrR2dSJOgHC6z35txPrv+cF0aOVABQFjib4zPfgBV04VuZ2wMSFc4oFK22/
tTYogYihCO9geg1opBQv1zbMtI3YYYeAWJWTNi4gx16h2akhwf1MZ7TYKrxrRrLb
7HKYVsV0ItLG6jxL7QYf0CAsq/BjWZo4jIUV9SGZa3Yz4X3fTXRQjMQ17w==
-----END CERTIFICATE-----
Generated at Wed Aug 6 14:12:34 2025 by rpki-client