Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa263b29-04bf-4248-9100-8a58567a24ba.roa
File:                     aa263b29-04bf-4248-9100-8a58567a24ba.roa (raw, json)
Hash identifier:          /pOXi9RLlyJVSL1pOIQntDwPd68Fzo54AeK2JFxmGd8=
Subject key identifier:   98:EC:8A:B1:5E:E6:FA:06:DA:5E:73:92:21:6C:09:28:70:51:70:EC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       39047FC60E78EC3BFF7A8493713BEC5D7B34AB0B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa263b29-04bf-4248-9100-8a58567a24ba.roa
Signing time:             Mon 16 Jun 2025 15:31:15 +0000
ROA not before:           Mon 16 Jun 2025 15:31:15 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.226.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 19 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:04:7f:c6:0e:78:ec:3b:ff:7a:84:93:71:3b:ec:5d:7b:34:ab:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 16 15:31:15 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=d4c307f16c78908d1f8f84d378d717623587d6968b9bc844725986a89a8bc23b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ec:80:91:c8:78:8e:9d:7d:c7:ab:32:13:d4:
                    3f:56:ce:b1:8d:d2:a7:14:00:5b:19:a3:ed:60:7e:
                    3c:bd:c7:f5:9c:35:64:dd:5a:97:78:0c:ec:cb:7e:
                    4d:4f:ac:c4:b1:ac:60:08:e2:02:c6:3a:6a:c2:c7:
                    13:5d:7b:00:04:43:7c:af:9f:63:29:5c:c4:8e:68:
                    96:1e:f2:ff:34:ec:1a:11:73:9d:4f:2c:63:d3:c3:
                    46:ef:64:34:10:e8:1a:01:24:35:d7:0f:d9:e2:a7:
                    2a:a6:77:6a:91:30:35:42:9d:ee:eb:20:5c:f1:7a:
                    97:7f:02:a3:5f:72:52:35:2d:47:7d:4f:0b:84:62:
                    94:70:66:13:2e:3d:ad:a0:5b:2d:47:8c:bf:d0:84:
                    77:48:6f:c1:32:17:85:72:ac:35:48:96:f5:85:59:
                    39:c5:fd:16:c8:57:e2:6b:cd:37:ef:24:fe:28:c1:
                    d9:30:c2:58:63:10:74:9c:a5:41:67:c2:73:27:cf:
                    aa:53:3b:82:7b:18:13:67:8e:87:6d:c2:cc:76:62:
                    3c:8c:41:30:10:34:14:dc:51:5f:d1:67:f4:2c:a7:
                    a4:04:ce:1b:71:2e:35:6b:19:84:da:05:d2:1a:d8:
                    4a:ab:1a:73:25:d9:d4:e3:38:4c:41:1f:28:3d:cd:
                    4b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:EC:8A:B1:5E:E6:FA:06:DA:5E:73:92:21:6C:09:28:70:51:70:EC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa263b29-04bf-4248-9100-8a58567a24ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.226.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:74:a4:f4:1b:a5:70:58:b3:5a:62:bb:56:c4:9d:d9:c5:4e:
         7e:44:a4:be:0c:81:79:ff:53:b5:af:da:a5:d6:88:28:b5:89:
         54:33:87:8a:b2:da:c7:f9:7f:b1:1a:15:b6:d5:c3:cc:52:b8:
         88:c0:66:a8:41:a7:40:b2:d4:f7:9d:49:8e:68:d3:4f:1d:b3:
         2e:b2:f2:6a:98:69:e8:53:20:c8:e0:e6:e3:cd:b3:87:cd:65:
         bd:2e:59:98:60:bb:17:6b:a4:86:83:47:22:54:e3:72:b9:90:
         bb:02:a8:bb:b3:1a:20:63:62:3f:be:05:33:fa:7f:14:ba:a6:
         94:36:26:b1:ce:cb:40:1c:fa:82:2a:34:be:ef:e1:58:b3:ad:
         bf:68:6a:57:17:85:98:bf:d6:af:59:0e:c4:a4:d3:8a:5e:1d:
         26:3c:b7:44:95:b9:73:02:a1:ee:a6:84:d1:c2:cc:b6:96:ef:
         62:77:50:8e:9f:20:45:4f:51:7d:7e:7d:f4:2f:39:33:86:b3:
         8a:83:fd:51:c2:1a:96:6b:50:21:0d:21:2e:39:7b:1e:af:a4:
         46:af:fe:cd:6e:06:73:10:36:ac:29:34:43:1a:24:12:da:73:
         a6:57:34:94:53:49:f7:46:21:d7:dc:85:30:5d:81:6d:5c:9a:
         74:e7:33:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOQR/xg547Dv/eoSTcTvsXXs0qwswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE2MTUzMTE1WhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNGMzMDdmMTZjNzg5MDhkMWY4Zjg0ZDM3OGQ3MTc2MjM1
ODdkNjk2OGI5YmM4NDQ3MjU5ODZhODlhOGJjMjNiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC27ICRyHiOnX3HqzIT1D9WzrGN0qcUAFsZo+1gfjy9x/Wc
NWTdWpd4DOzLfk1PrMSxrGAI4gLGOmrCxxNdewAEQ3yvn2MpXMSOaJYe8v807BoR
c51PLGPTw0bvZDQQ6BoBJDXXD9nipyqmd2qRMDVCne7rIFzxepd/AqNfclI1LUd9
TwuEYpRwZhMuPa2gWy1HjL/QhHdIb8EyF4VyrDVIlvWFWTnF/RbIV+JrzTfvJP4o
wdkwwlhjEHScpUFnwnMnz6pTO4J7GBNnjodtwsx2YjyMQTAQNBTcUV/RZ/Qsp6QE
zhtxLjVrGYTaBdIa2EqrGnMl2dTjOExBHyg9zUv5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmOyKsV7m+gbaXnOSIWwJKHBRcOwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FhMjYzYjI5LTA0YmYtNDI0OC05MTAwLThhNTg1NjdhMjRiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA4v8wDQYJKoZIhvcNAQELBQADggEBAFV0pPQbpXBYs1piu1bEndnFTn5E
pL4MgXn/U7Wv2qXWiCi1iVQzh4qy2sf5f7EaFbbVw8xSuIjAZqhBp0Cy1PedSY5o
008dsy6y8mqYaehTIMjg5uPNs4fNZb0uWZhguxdrpIaDRyJU43K5kLsCqLuzGiBj
Yj++BTP6fxS6ppQ2JrHOy0Ac+oIqNL7v4Vizrb9oalcXhZi/1q9ZDsSk04peHSY8
t0SVuXMCoe6mhNHCzLaW72J3UI6fIEVPUX1+ffQvOTOGs4qD/VHCGpZrUCENIS45
ex6vpEav/s1uBnMQNqwpNEMaJBLac6ZXNJRTSfdGIdfchTBdgW1cmnTnM2w=
-----END CERTIFICATE-----