Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/659599fd-5231-4a14-b642-c43b71289efa.roa
File:                     659599fd-5231-4a14-b642-c43b71289efa.roa (raw, json)
Hash identifier:          EH52t7GyBxM1IOYD7bB4F8ZlOVvL2f/SlzoqDMUoJ7U=
Subject key identifier:   B1:EA:71:A0:D6:5D:38:B6:C6:88:72:1F:A0:14:01:F7:87:01:B5:CE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       101C68A39A3A199614056508506B7C2E2E8C4A5A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/659599fd-5231-4a14-b642-c43b71289efa.roa
Signing time:             Fri 15 May 2026 01:01:18 +0000
ROA not before:           Fri 15 May 2026 01:01:18 +0000
ROA not after:            Thu 13 Aug 2026 23:59:59 +0000
asID:                     14618
IP address blocks:        107.22.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 14 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:1c:68:a3:9a:3a:19:96:14:05:65:08:50:6b:7c:2e:2e:8c:4a:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 15 01:01:18 2026 GMT
            Not After : Aug 13 23:59:59 2026 GMT
        Subject: serialNumber=b3a952110b44fe9b3e579fd2a66f4e5468141bb2ce2fd6680013e2dc40f9ec17, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:83:d5:32:4e:4e:16:06:86:65:74:0d:8d:c0:
                    24:40:fc:f9:71:b9:bc:ff:8c:fa:88:98:2d:11:21:
                    f5:31:01:80:b6:0d:7d:87:d3:65:51:38:06:38:c4:
                    ad:65:91:86:6a:75:63:f5:25:fa:86:c7:21:76:c5:
                    78:35:0d:9b:28:1d:2a:a9:dd:51:16:bb:02:b8:b3:
                    16:9e:a8:51:2e:0a:ef:be:e9:ae:e5:70:a7:a1:f2:
                    3c:4d:eb:f9:51:ed:2e:e1:27:e5:d1:b0:b4:91:c3:
                    c7:28:41:34:ca:81:e8:ee:f2:47:7a:69:a1:00:f6:
                    e7:8b:52:e6:ec:a4:97:a8:1d:a6:ab:37:7f:4f:54:
                    1e:b9:64:7e:fe:81:de:de:9a:91:67:eb:dd:f7:93:
                    6a:d8:08:f7:7c:1b:4b:bd:e6:49:ef:b3:92:9f:ef:
                    81:88:a7:97:6d:74:f8:99:11:0b:1e:a0:1d:7e:0a:
                    5c:26:7b:73:eb:dc:03:75:7a:74:53:5f:92:b2:c8:
                    6d:05:07:be:8a:92:0c:9c:17:00:7c:e8:27:19:7f:
                    49:a7:0a:8d:b6:7b:fc:b5:86:64:10:b5:55:1d:7a:
                    b4:3e:2e:b2:f7:45:c3:d3:02:da:2c:fa:fe:51:ee:
                    8a:ef:88:d9:b5:94:0d:28:ab:71:91:bd:75:7a:32:
                    55:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:EA:71:A0:D6:5D:38:B6:C6:88:72:1F:A0:14:01:F7:87:01:B5:CE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/659599fd-5231-4a14-b642-c43b71289efa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.22.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:44:78:f9:51:4e:ff:38:6c:82:0a:99:3c:a5:9c:fd:8e:27:
         7b:79:a8:81:8f:c4:08:35:50:03:da:83:bd:18:a8:07:86:9a:
         55:58:c3:70:de:fc:cd:a0:b0:bd:f3:8c:5c:ec:ae:af:34:60:
         bb:24:3f:5c:c9:0c:09:75:36:74:cc:06:d5:cc:eb:34:2d:e8:
         66:c5:87:0a:4e:f9:f7:2e:bf:15:f1:f0:61:d6:a3:fd:13:79:
         d3:dc:3a:2f:e2:2e:f6:aa:c1:f5:f1:16:3c:7a:2f:12:62:88:
         84:85:56:65:6f:a8:f3:7b:30:6b:fb:12:4f:1c:e4:c4:4a:41:
         ab:50:8a:12:f0:43:96:b2:40:24:7e:88:28:39:f0:6c:73:0f:
         e5:a5:45:55:89:14:fb:90:43:84:5c:39:3f:84:1f:fb:67:60:
         3c:c0:6c:4a:dd:ed:b3:5a:d5:91:b0:c7:36:ed:e4:f3:7c:c9:
         02:85:3b:ed:1e:79:3b:e5:30:d9:27:fb:d9:4b:39:ea:f5:65:
         9a:0d:a6:ca:de:01:70:ca:e9:27:5b:32:1b:80:ef:7a:c1:f7:
         35:0f:5f:13:38:20:78:e1:cf:c8:9c:2d:8a:42:9f:66:db:81:
         09:58:48:42:28:f7:02:54:58:d5:d3:c2:50:7e:3e:b3:73:44:
         a6:ac:ad:33
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEBxoo5o6GZYUBWUIUGt8Li6MSlowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwNTE1MDEwMTE4WhcNMjYwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiM2E5NTIxMTBiNDRmZTliM2U1NzlmZDJhNjZmNGU1NDY4
MTQxYmIyY2UyZmQ2NjgwMDEzZTJkYzQwZjllYzE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqg9UyTk4WBoZldA2NwCRA/Plxubz/jPqImC0RIfUxAYC2
DX2H02VROAY4xK1lkYZqdWP1JfqGxyF2xXg1DZsoHSqp3VEWuwK4sxaeqFEuCu++
6a7lcKeh8jxN6/lR7S7hJ+XRsLSRw8coQTTKgeju8kd6aaEA9ueLUubspJeoHaar
N39PVB65ZH7+gd7empFn6933k2rYCPd8G0u95knvs5Kf74GIp5dtdPiZEQseoB1+
Clwme3Pr3AN1enRTX5KyyG0FB76KkgycFwB86CcZf0mnCo22e/y1hmQQtVUderQ+
LrL3RcPTAtos+v5R7orviNm1lA0oq3GRvXV6MlVrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsepxoNZdOLbGiHIfoBQB94cBtc4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1OTU5OWZkLTUyMzEtNGExNC1iNjQyLWM0M2I3MTI4OWVmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJrFpgwDQYJKoZIhvcNAQELBQADggEBADVEePlRTv84bIIKmTylnP2OJ3t5
qIGPxAg1UAPag70YqAeGmlVYw3De/M2gsL3zjFzsrq80YLskP1zJDAl1NnTMBtXM
6zQt6GbFhwpO+fcuvxXx8GHWo/0TedPcOi/iLvaqwfXxFjx6LxJiiISFVmVvqPN7
MGv7Ek8c5MRKQatQihLwQ5ayQCR+iCg58GxzD+WlRVWJFPuQQ4RcOT+EH/tnYDzA
bErd7bNa1ZGwxzbt5PN8yQKFO+0eeTvlMNkn+9lLOer1ZZoNpsreAXDK6SdbMhuA
73rB9zUPXxM4IHjhz8icLYpCn2bbgQlYSEIo9wJUWNXTwlB+PrNzRKasrTM=
-----END CERTIFICATE-----