Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d0d6a5a-16aa-4b09-a02b-98190290d009.roa
File:                     5d0d6a5a-16aa-4b09-a02b-98190290d009.roa (raw, json)
Hash identifier:          GuqqfujT4C/P3k31ZbIF0DgHrCvtyfO5ESNasEr7iXk=
Subject key identifier:   A7:CB:DC:75:D3:81:EA:AE:CB:62:A6:EC:B4:C5:5E:E6:7C:20:22:13
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       29B787F8425E013D9589796E2C188A477E393F1D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d0d6a5a-16aa-4b09-a02b-98190290d009.roa
Signing time:             Sat 02 Aug 2025 00:11:12 +0000
ROA not before:           Sat 02 Aug 2025 00:11:12 +0000
ROA not after:            Sat 06 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.22.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:b7:87:f8:42:5e:01:3d:95:89:79:6e:2c:18:8a:47:7e:39:3f:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  2 00:11:12 2025 GMT
            Not After : Sep  6 23:59:59 2025 GMT
        Subject: serialNumber=dcac5e5dfe117ff259a08949b0c8f93d581ffcb811c4a32c456abcdb7fc493d4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c4:6f:4b:2c:67:48:07:a2:2a:5e:10:73:c9:
                    02:58:dd:c4:f4:f8:5e:4d:88:5e:71:e5:35:68:71:
                    d4:66:81:ac:b7:3b:7e:d6:2b:e1:16:28:08:96:5d:
                    02:9f:1a:fa:c5:ca:37:91:e6:81:16:c6:ae:47:00:
                    27:55:ad:82:3a:ec:c6:f1:e8:6e:34:97:93:9a:a3:
                    df:a9:fb:34:af:e9:b6:7a:76:9d:cc:08:82:1b:b2:
                    f0:c6:af:f3:0e:38:9c:b3:9c:5f:0d:4f:27:ed:a4:
                    60:7a:9f:6e:86:bd:63:72:b0:f9:64:1f:34:c4:2c:
                    c6:d0:29:a1:c5:9d:21:70:bf:bd:1e:13:98:be:d3:
                    63:6e:99:29:c0:73:bf:5d:22:09:e8:3f:8a:64:d7:
                    60:53:fe:05:11:9e:c4:a3:40:51:4f:31:84:dd:72:
                    06:c2:74:1e:36:57:60:29:69:ac:47:78:db:d5:45:
                    ce:ca:b0:38:79:64:a8:1e:da:4f:6f:a5:87:fd:4d:
                    68:b9:b5:9e:e4:86:df:d3:07:3e:e6:4d:57:f4:12:
                    a1:0b:9f:57:81:e7:da:5c:83:6e:a5:91:a6:10:d2:
                    73:b2:1d:d7:0f:b9:8d:b0:b0:92:f3:b3:87:8d:de:
                    77:31:b9:5c:5c:ba:9a:ae:f2:b1:2f:10:51:3e:fe:
                    0d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:CB:DC:75:D3:81:EA:AE:CB:62:A6:EC:B4:C5:5E:E6:7C:20:22:13
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5d0d6a5a-16aa-4b09-a02b-98190290d009.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.22.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:8a:6b:d0:b2:c4:7a:9e:0b:69:f0:d0:33:47:92:c4:66:70:
         6e:1c:4e:5f:83:40:75:eb:d3:c0:1c:41:87:eb:2c:f2:fa:3c:
         22:a8:c7:70:6c:e9:96:d4:af:81:f8:d0:ed:55:2b:31:c3:5e:
         0e:73:90:70:9b:52:d5:f6:1e:7a:07:4b:c7:f3:d9:21:82:8c:
         8d:d4:ef:61:f8:f5:3a:e3:f9:49:3c:45:94:7e:e2:42:19:35:
         de:3b:b6:a2:0e:67:c8:9f:15:be:1a:d5:9b:c4:bc:80:b9:b1:
         8b:33:1c:cd:19:aa:af:8d:05:8d:90:e8:88:dd:c4:fa:d0:5c:
         e6:bc:a1:8a:3e:45:18:25:d7:d3:dd:08:1d:da:26:d3:3c:f4:
         29:75:ae:22:1c:41:7d:e9:c9:f2:c5:78:3f:a4:47:66:e9:c6:
         93:c3:07:c7:c4:8d:d6:4f:b6:43:84:f3:70:2e:fb:01:6a:d2:
         29:fa:21:03:94:b9:b3:55:4a:1f:92:fd:1a:64:8c:7a:90:a5:
         28:72:ed:42:2b:bc:72:50:c2:69:e7:ed:6c:8c:a8:9c:5b:78:
         98:99:39:c8:59:42:5e:60:90:92:02:4f:e8:3d:d1:06:04:75:
         14:ae:1e:b4:bb:73:33:90:80:26:bc:d0:18:80:66:92:45:63:
         c5:7b:04:8b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKbeH+EJeAT2ViXluLBiKR345Px0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODAyMDAxMTEyWhcNMjUwOTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkY2FjNWU1ZGZlMTE3ZmYyNTlhMDg5NDliMGM4ZjkzZDU4
MWZmY2I4MTFjNGEzMmM0NTZhYmNkYjdmYzQ5M2Q0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgxG9LLGdIB6IqXhBzyQJY3cT0+F5NiF5x5TVocdRmgay3
O37WK+EWKAiWXQKfGvrFyjeR5oEWxq5HACdVrYI67Mbx6G40l5Oao9+p+zSv6bZ6
dp3MCIIbsvDGr/MOOJyznF8NTyftpGB6n26GvWNysPlkHzTELMbQKaHFnSFwv70e
E5i+02NumSnAc79dIgnoP4pk12BT/gURnsSjQFFPMYTdcgbCdB42V2ApaaxHeNvV
Rc7KsDh5ZKge2k9vpYf9TWi5tZ7kht/TBz7mTVf0EqELn1eB59pcg26lkaYQ0nOy
HdcPuY2wsJLzs4eN3ncxuVxcupqu8rEvEFE+/g1dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUp8vcddOB6q7LYqbstMVe5nwgIhMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVkMGQ2YTVhLTE2YWEtNGIwOS1hMDJiLTk4MTkwMjkwZDAwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJrFpgwDQYJKoZIhvcNAQELBQADggEBAAmKa9CyxHqeC2nw0DNHksRmcG4c
Tl+DQHXr08AcQYfrLPL6PCKox3Bs6ZbUr4H40O1VKzHDXg5zkHCbUtX2HnoHS8fz
2SGCjI3U72H49Trj+Uk8RZR+4kIZNd47tqIOZ8ifFb4a1ZvEvIC5sYszHM0Zqq+N
BY2Q6IjdxPrQXOa8oYo+RRgl19PdCB3aJtM89Cl1riIcQX3pyfLFeD+kR2bpxpPD
B8fEjdZPtkOE83Au+wFq0in6IQOUubNVSh+S/RpkjHqQpShy7UIrvHJQwmnn7WyM
qJxbeJiZOchZQl5gkJICT+g90QYEdRSuHrS7czOQgCa80BiAZpJFY8V7BIs=
-----END CERTIFICATE-----
Generated at Wed Aug 6 11:25:14 2025 by rpki-client