Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98aa5ac4-1895-4aa6-9175-1ee3bda2890d.roa
File:                     98aa5ac4-1895-4aa6-9175-1ee3bda2890d.roa (raw, json)
Hash identifier:          tXL00FjLBpIsGEhsUsx4xktqin+zlJc56Hlqfki31Fg=
Subject key identifier:   42:89:07:A3:B2:5A:01:8D:45:09:6F:12:DA:89:74:DC:35:2E:EB:CE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6A540AAAB8090FDD88C101A4F440420AFBC62D9C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98aa5ac4-1895-4aa6-9175-1ee3bda2890d.roa
Signing time:             Sat 19 Jul 2025 00:31:51 +0000
ROA not before:           Sat 19 Jul 2025 00:31:51 +0000
ROA not after:            Sat 23 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 10 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:54:0a:aa:b8:09:0f:dd:88:c1:01:a4:f4:40:42:0a:fb:c6:2d:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 19 00:31:51 2025 GMT
            Not After : Aug 23 23:59:59 2025 GMT
        Subject: serialNumber=1c3b5820a4e9583719ed37223cf5dfe5fbc052fc0d14dd0359218dbaf3fcc858, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:cf:94:34:12:97:29:d2:c9:9c:dd:0a:49:75:
                    58:d8:ff:23:41:c8:94:9b:7f:e6:b1:51:5a:e5:3d:
                    60:80:c3:5a:0f:a9:c1:d5:33:11:d1:70:6d:8b:72:
                    1a:2f:e4:87:44:df:9d:10:14:74:17:4f:00:bd:58:
                    c8:e5:e8:b8:0e:d2:81:08:15:5f:31:34:94:d3:c2:
                    57:2a:f3:b2:91:b7:98:b5:ff:04:f2:99:7c:bd:9e:
                    69:fc:20:3d:64:b8:7b:56:c2:ee:6a:0e:9c:4e:6a:
                    88:3a:0c:f1:9f:5d:8a:7b:67:9a:1b:b4:58:47:08:
                    66:d1:ff:9d:55:a2:18:d4:76:7d:8d:99:58:a1:65:
                    cc:10:0f:b1:a7:c6:f8:9a:17:de:46:86:ec:55:1f:
                    63:a5:7a:5e:ac:e8:73:c6:1d:08:24:1a:2e:e2:b9:
                    03:66:46:90:4f:39:4e:c8:de:47:7c:27:a3:69:2b:
                    c2:29:83:07:ac:e5:43:b9:3c:01:c7:42:76:e9:35:
                    11:45:4f:8e:b3:a4:3f:17:fe:2d:13:20:f3:f3:f4:
                    78:26:b2:cf:f1:80:64:ce:94:f2:f4:98:30:79:9c:
                    0a:b8:00:53:d2:0a:ea:ae:63:b6:a2:94:46:9b:c3:
                    34:a6:13:6e:93:49:27:99:9c:2b:a1:a6:2e:e4:5e:
                    20:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:89:07:A3:B2:5A:01:8D:45:09:6F:12:DA:89:74:DC:35:2E:EB:CE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98aa5ac4-1895-4aa6-9175-1ee3bda2890d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:c2:70:92:a2:84:e5:db:53:84:61:d0:6e:86:c9:15:ef:bc:
         90:fa:cf:34:56:b6:92:41:2b:17:ef:df:d4:38:67:01:40:ec:
         aa:7c:39:d9:60:e8:ea:df:48:bc:9e:4a:4e:f0:f3:da:76:ff:
         aa:fd:46:56:3f:11:90:55:d2:e8:89:fa:b0:53:5a:02:11:90:
         82:28:cd:db:4b:d7:a5:68:4c:09:10:83:ae:b4:d5:7d:85:7e:
         81:c8:1c:a5:d4:f1:f9:b2:8f:10:71:68:51:61:ac:c5:76:b5:
         76:f7:e4:d3:78:f1:33:58:2d:fe:a7:59:0a:e9:fe:62:8f:9a:
         fe:13:84:48:30:5b:4a:44:78:ae:18:36:67:9b:d5:4f:73:9f:
         e2:32:b5:b3:d8:60:2a:03:8d:d8:c3:2b:8e:37:5e:d4:88:62:
         cd:ec:9e:81:7b:95:14:91:5c:e9:eb:23:04:a4:06:a5:d7:21:
         68:6c:db:2a:7e:e7:76:8e:70:a7:ae:4a:5e:73:11:2a:c8:7b:
         b6:d9:9b:d2:22:3f:4c:1e:c4:80:fa:3a:92:5d:62:78:17:07:
         5b:98:a6:ae:a6:19:ac:f5:d2:95:c8:59:38:87:50:46:b9:48:
         73:cc:04:67:f8:a0:c8:1c:1d:4b:13:2d:43:ab:e6:ea:63:94:
         19:1c:83:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUalQKqrgJD92IwQGk9EBCCvvGLZwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzE5MDAzMTUxWhcNMjUwODIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYzNiNTgyMGE0ZTk1ODM3MTllZDM3MjIzY2Y1ZGZlNWZi
YzA1MmZjMGQxNGRkMDM1OTIxOGRiYWYzZmNjODU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtz5Q0Epcp0smc3QpJdVjY/yNByJSbf+axUVrlPWCAw1oP
qcHVMxHRcG2Lchov5IdE350QFHQXTwC9WMjl6LgO0oEIFV8xNJTTwlcq87KRt5i1
/wTymXy9nmn8ID1kuHtWwu5qDpxOaog6DPGfXYp7Z5obtFhHCGbR/51VohjUdn2N
mVihZcwQD7GnxviaF95GhuxVH2Olel6s6HPGHQgkGi7iuQNmRpBPOU7I3kd8J6Np
K8Ipgwes5UO5PAHHQnbpNRFFT46zpD8X/i0TIPPz9Hgmss/xgGTOlPL0mDB5nAq4
AFPSCuquY7ailEabwzSmE26TSSeZnCuhpi7kXiANAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQokHo7JaAY1FCW8S2ol03DUu684wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4YWE1YWM0LTE4OTUtNGFhNi05MTc1LTFlZTNiZGEyODkwZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/HQwDQYJKoZIhvcNAQELBQADggEBAJfCcJKihOXbU4Rh0G6GyRXvvJD6
zzRWtpJBKxfv39Q4ZwFA7Kp8Odlg6OrfSLyeSk7w89p2/6r9RlY/EZBV0uiJ+rBT
WgIRkIIozdtL16VoTAkQg6601X2FfoHIHKXU8fmyjxBxaFFhrMV2tXb35NN48TNY
Lf6nWQrp/mKPmv4ThEgwW0pEeK4YNmeb1U9zn+IytbPYYCoDjdjDK443XtSIYs3s
noF7lRSRXOnrIwSkBqXXIWhs2yp+53aOcKeuSl5zESrIe7bZm9IiP0wexID6OpJd
YngXB1uYpq6mGaz10pXIWTiHUEa5SHPMBGf4oMgcHUsTLUOr5upjlBkcg64=
-----END CERTIFICATE-----