Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/677fcf5a-1ec1-4cd4-8096-ae6b040a7d5a.roa
File:                     677fcf5a-1ec1-4cd4-8096-ae6b040a7d5a.roa (raw, json)
Hash identifier:          HFO45YCp2EmNYdwUx7aXXgoADT+RUHjR43ri2shUFqI=
Subject key identifier:   54:34:50:3A:7E:C5:BA:77:89:17:EB:B0:5E:0C:81:45:39:95:81:41
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       047542F6A679966537EAB57E9901863E889B31E4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/677fcf5a-1ec1-4cd4-8096-ae6b040a7d5a.roa
Signing time:             Tue 22 Jul 2025 00:11:33 +0000
ROA not before:           Tue 22 Jul 2025 00:11:33 +0000
ROA not after:            Tue 26 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        143.221.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:75:42:f6:a6:79:96:65:37:ea:b5:7e:99:01:86:3e:88:9b:31:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 22 00:11:33 2025 GMT
            Not After : Aug 26 23:59:59 2025 GMT
        Subject: serialNumber=9f81d80f27b9b39f6618427f59c4ad25b3238d569463f10de1a643bfbbf68647, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:80:68:c4:9e:57:86:9b:b6:96:38:52:7a:f3:
                    79:da:0a:78:c2:ac:c8:c3:ab:a5:ee:75:66:c0:ff:
                    d6:08:21:8b:f5:49:3c:cc:ea:f2:cc:62:a4:86:4b:
                    98:20:8e:ce:35:cd:5d:d8:28:aa:7b:5c:ca:e9:30:
                    e4:3d:14:54:0b:dc:9f:cc:b9:e2:9c:ef:37:3c:d0:
                    84:97:d9:d6:0c:38:6c:1e:72:7e:16:68:39:b9:9f:
                    11:9f:ba:5e:e1:6d:6e:ce:7e:38:5d:9f:8c:dc:7b:
                    a5:dd:f4:04:b0:7b:31:5e:1a:d4:4f:b4:e2:ad:56:
                    71:12:5d:e6:c2:b4:c7:e6:a8:f3:20:1f:de:a4:4e:
                    94:39:9d:86:76:3b:14:b0:7c:45:8e:f9:49:a6:ad:
                    2c:73:ae:0a:ae:bb:aa:96:c5:39:16:a0:f9:a1:dd:
                    29:f7:d3:e1:42:e6:47:57:b7:d7:91:21:0c:8c:69:
                    31:04:d9:69:dd:a5:e0:a1:79:6d:85:dc:fc:1c:10:
                    b3:90:b9:8f:de:ca:bf:34:b4:f7:4c:45:38:2f:f0:
                    82:cb:3f:57:42:d6:25:35:4e:aa:84:1e:37:b2:ad:
                    dc:60:4b:94:4c:07:c0:27:fb:15:f9:99:47:12:7e:
                    8a:67:2a:94:33:39:c7:61:6b:36:37:9f:c4:29:a3:
                    4b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:34:50:3A:7E:C5:BA:77:89:17:EB:B0:5E:0C:81:45:39:95:81:41
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/677fcf5a-1ec1-4cd4-8096-ae6b040a7d5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.221.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         12:cb:8a:01:be:be:a6:a2:8b:8e:14:8b:c1:82:13:cd:85:5b:
         32:7b:d7:7f:df:2c:08:b3:60:c8:70:c2:0c:5a:bf:34:03:9f:
         4d:27:79:3f:cd:b3:56:e9:3d:e4:de:25:bc:d9:2d:03:f3:74:
         76:38:2d:10:93:d5:27:d7:33:17:73:d1:e4:54:b4:8c:01:62:
         5f:5b:47:c5:14:0f:41:c4:4a:d9:69:81:81:b6:17:b4:11:b8:
         0f:88:ce:18:80:8b:f6:5d:d9:59:61:e3:4d:df:bf:56:8c:17:
         f3:24:b7:b6:63:9d:a9:c7:93:a3:e6:86:50:cc:2b:fc:6c:90:
         be:f5:b8:4d:15:cc:7a:9a:e4:ff:81:c4:e3:c3:af:91:fc:df:
         72:19:dd:51:7e:58:dd:c0:8f:c3:6a:95:42:3b:06:d4:e5:2c:
         26:29:48:7e:0f:58:2a:f8:ef:8c:bc:ef:54:a3:63:62:a8:d2:
         f2:b2:97:d7:d1:82:b0:f6:c4:3a:a4:f5:5d:ed:a1:24:4d:a6:
         ec:c1:89:5e:34:5c:8b:ef:16:39:4e:c4:7a:d1:f4:d3:ae:5f:
         06:52:ca:bd:7c:ad:e8:87:ff:04:b1:b2:53:06:41:1e:e7:7e:
         5e:4c:6e:5d:f2:20:e5:01:b4:82:42:12:bf:1c:7a:75:37:17:
         bd:2a:28:f4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBHVC9qZ5lmU36rV+mQGGPoibMeQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzIyMDAxMTMzWhcNMjUwODI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZjgxZDgwZjI3YjliMzlmNjYxODQyN2Y1OWM0YWQyNWIz
MjM4ZDU2OTQ2M2YxMGRlMWE2NDNiZmJiZjY4NjQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0gGjEnleGm7aWOFJ683naCnjCrMjDq6XudWbA/9YIIYv1
STzM6vLMYqSGS5ggjs41zV3YKKp7XMrpMOQ9FFQL3J/MueKc7zc80ISX2dYMOGwe
cn4WaDm5nxGful7hbW7Ofjhdn4zce6Xd9ASwezFeGtRPtOKtVnESXebCtMfmqPMg
H96kTpQ5nYZ2OxSwfEWO+UmmrSxzrgquu6qWxTkWoPmh3Sn30+FC5kdXt9eRIQyM
aTEE2WndpeCheW2F3PwcELOQuY/eyr80tPdMRTgv8ILLP1dC1iU1TqqEHjeyrdxg
S5RMB8An+xX5mUcSfopnKpQzOcdhazY3n8Qpo0v1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUVDRQOn7FuneJF+uwXgyBRTmVgUEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY3N2ZjZjVhLTFlYzEtNGNkNC04MDk2LWFlNmIwNDBhN2Q1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCP3TANBgkqhkiG9w0BAQsFAAOCAQEAEsuKAb6+pqKLjhSLwYITzYVbMnvX
f98sCLNgyHDCDFq/NAOfTSd5P82zVuk95N4lvNktA/N0djgtEJPVJ9czF3PR5FS0
jAFiX1tHxRQPQcRK2WmBgbYXtBG4D4jOGICL9l3ZWWHjTd+/VowX8yS3tmOdqceT
o+aGUMwr/GyQvvW4TRXMeprk/4HE48OvkfzfchndUX5Y3cCPw2qVQjsG1OUsJilI
fg9YKvjvjLzvVKNjYqjS8rKX19GCsPbEOqT1Xe2hJE2m7MGJXjRci+8WOU7EetH0
065fBlLKvXyt6If/BLGyUwZBHud+XkxuXfIg5QG0gkISvxx6dTcXvSoo9A==
-----END CERTIFICATE-----