Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/75f1294d-03e7-415c-8881-5227f1076874.roa
File:                     75f1294d-03e7-415c-8881-5227f1076874.roa (raw, json)
Hash identifier:          MNQayVQTPJvSkyNrgVlxIygqQxacSSMaMMziygv7NiE=
Subject key identifier:   B2:D9:3E:99:06:B2:41:FA:5F:63:52:7D:B2:F3:1B:0A:E8:7D:F3:BA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       72A71A8414E6F1790200CE97C93A12AB8C285CD1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/75f1294d-03e7-415c-8881-5227f1076874.roa
Signing time:             Wed 23 Jul 2025 00:10:23 +0000
ROA not before:           Wed 23 Jul 2025 00:10:23 +0000
ROA not after:            Wed 27 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:a7:1a:84:14:e6:f1:79:02:00:ce:97:c9:3a:12:ab:8c:28:5c:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 23 00:10:23 2025 GMT
            Not After : Aug 27 23:59:59 2025 GMT
        Subject: serialNumber=8325cb7789ae4e5e88e35b66cec1aaa6465996f3e7cb3c618b98f26fa189e74c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:81:d8:1d:e2:48:80:39:0c:0b:ab:c9:f9:96:
                    3f:fe:a2:98:f0:92:53:1d:ed:1e:4b:b7:34:81:66:
                    ba:d8:56:19:74:da:d9:50:e9:39:9b:5e:fd:44:1b:
                    7f:df:10:8b:3d:b0:8b:e7:d2:a0:ba:ba:fa:26:63:
                    59:94:ec:0d:76:38:18:93:74:a9:28:9d:3d:ab:bb:
                    1a:7d:b8:e1:d2:1a:ad:a6:f4:4d:67:75:86:4f:24:
                    54:58:7d:07:c2:ca:c7:de:5b:45:02:85:78:b4:d6:
                    cc:1b:35:ee:ea:17:d5:a0:68:f5:df:5a:b0:37:bc:
                    f6:29:9a:9b:c4:12:df:d5:c3:b2:05:b6:61:03:d5:
                    27:94:7c:32:36:27:c8:26:c1:a2:b0:1a:cd:44:c0:
                    ad:27:ee:e8:34:45:74:65:23:78:60:9a:ed:c8:af:
                    71:ed:cc:28:a5:aa:5e:b8:a4:1a:ce:79:ea:b3:b9:
                    54:b8:52:01:73:e1:f2:b5:66:37:41:7f:75:a2:ff:
                    50:19:ff:27:70:e1:0d:89:f8:32:a9:be:96:8e:29:
                    52:13:96:61:79:ef:86:bd:76:fe:ca:5b:c9:e4:08:
                    23:6b:dc:7f:af:6f:fc:98:f5:86:8d:f8:bd:10:67:
                    5b:e1:cc:8c:4c:cd:a9:59:c2:1a:c0:c3:5e:00:ed:
                    2e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:D9:3E:99:06:B2:41:FA:5F:63:52:7D:B2:F3:1B:0A:E8:7D:F3:BA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/75f1294d-03e7-415c-8881-5227f1076874.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:0f:32:9f:fb:de:95:06:b9:fa:ae:43:bf:eb:05:d9:6f:71:
         ed:18:4a:4c:d2:97:76:3e:9f:5e:03:f5:73:65:76:51:d0:c3:
         11:ab:54:61:8a:17:ee:b9:17:bf:6f:d4:81:71:22:ac:64:bd:
         b9:b7:f6:52:69:be:cd:1c:30:dc:0c:11:c9:65:21:b2:2c:7e:
         00:a5:5e:08:da:f1:96:a3:2f:07:b7:ae:ac:ff:7f:73:95:88:
         88:74:85:1c:a0:c0:de:38:ee:7a:21:66:57:7f:d6:29:64:78:
         56:f0:fb:4f:2a:7e:63:8b:65:19:90:b7:6f:31:63:a4:2b:49:
         49:98:87:52:fa:e6:4e:cc:9c:ee:5f:24:d1:a2:0e:a0:d5:31:
         ad:35:25:9f:61:a3:88:c1:fa:c1:76:7e:03:10:9c:07:15:a6:
         07:85:a6:4d:62:01:6c:22:68:b5:e0:76:b1:fc:fc:4b:04:3e:
         18:8a:bf:34:2b:a2:23:bc:97:e7:32:4c:88:bc:cf:14:1e:dc:
         fe:11:50:b9:e3:51:c5:23:05:bf:58:8a:6f:3b:9f:73:b9:ba:
         89:b4:1f:d0:b2:43:6e:65:b7:60:49:3b:ff:97:7f:8f:fc:a0:
         fc:12:a6:bc:f7:e8:56:1b:b2:22:04:82:e5:c3:e4:27:ae:94:
         bc:8c:6b:53
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcqcahBTm8XkCAM6XyToSq4woXNEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzIzMDAxMDIzWhcNMjUwODI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MzI1Y2I3Nzg5YWU0ZTVlODhlMzViNjZjZWMxYWFhNjQ2
NTk5NmYzZTdjYjNjNjE4Yjk4ZjI2ZmExODllNzRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJgdgd4kiAOQwLq8n5lj/+opjwklMd7R5LtzSBZrrYVhl0
2tlQ6TmbXv1EG3/fEIs9sIvn0qC6uvomY1mU7A12OBiTdKkonT2ruxp9uOHSGq2m
9E1ndYZPJFRYfQfCysfeW0UChXi01swbNe7qF9WgaPXfWrA3vPYpmpvEEt/Vw7IF
tmED1SeUfDI2J8gmwaKwGs1EwK0n7ug0RXRlI3hgmu3Ir3HtzCilql64pBrOeeqz
uVS4UgFz4fK1ZjdBf3Wi/1AZ/ydw4Q2J+DKpvpaOKVITlmF574a9dv7KW8nkCCNr
3H+vb/yY9YaN+L0QZ1vhzIxMzalZwhrAw14A7S71AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUstk+mQayQfpfY1J9svMbCuh987owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc1ZjEyOTRkLTAzZTctNDE1Yy04ODgxLTUyMjdmMTA3Njg3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKIEpgwDQYJKoZIhvcNAQELBQADggEBAHcPMp/73pUGufquQ7/rBdlvce0Y
SkzSl3Y+n14D9XNldlHQwxGrVGGKF+65F79v1IFxIqxkvbm39lJpvs0cMNwMEcll
IbIsfgClXgja8ZajLwe3rqz/f3OViIh0hRygwN447nohZld/1ilkeFbw+08qfmOL
ZRmQt28xY6QrSUmYh1L65k7MnO5fJNGiDqDVMa01JZ9ho4jB+sF2fgMQnAcVpgeF
pk1iAWwiaLXgdrH8/EsEPhiKvzQroiO8l+cyTIi8zxQe3P4RULnjUcUjBb9Yim87
n3O5uom0H9CyQ25lt2BJO/+Xf4/8oPwSprz36FYbsiIEguXD5CeulLyMa1M=
-----END CERTIFICATE-----
Generated at Wed Aug 6 13:23:10 2025 by rpki-client