Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b076e11c-5f2a-4cd7-b4e8-793e7c3ab274.roa
File:                     b076e11c-5f2a-4cd7-b4e8-793e7c3ab274.roa (raw, json)
Hash identifier:          ZaXjOSR8Vc9obirZlx5MM8IMZI94ZuAFNNm4VMhGz9Y=
Subject key identifier:   00:25:6D:6B:83:58:CF:E0:A4:FB:0D:FB:1C:80:70:FD:D9:93:E2:FD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5665055A8D55C5233E36BDC63C9958AF84BD94C6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b076e11c-5f2a-4cd7-b4e8-793e7c3ab274.roa
Signing time:             Wed 16 Jul 2025 00:01:27 +0000
ROA not before:           Wed 16 Jul 2025 00:01:27 +0000
ROA not after:            Wed 20 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        157.152.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:65:05:5a:8d:55:c5:23:3e:36:bd:c6:3c:99:58:af:84:bd:94:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 16 00:01:27 2025 GMT
            Not After : Aug 20 23:59:59 2025 GMT
        Subject: serialNumber=909dbd13bf5d71e61f0675aaeaf4545efc8a645dd529c69fcf1c560168f66353, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:af:b7:e4:b1:d8:61:10:c3:ed:ee:0c:e4:e7:
                    cf:5d:8f:cf:c3:36:cb:df:79:ac:9f:57:20:10:25:
                    41:b3:3f:a4:ba:34:92:6e:23:b6:75:40:4a:54:76:
                    5b:be:f8:3e:b5:39:d5:8a:ec:9c:1d:73:45:26:d0:
                    56:d4:ea:b5:ad:d9:b6:14:a6:c7:36:b8:a5:8b:fd:
                    d0:5c:47:c8:42:c7:23:2a:05:fa:94:52:4b:cf:3b:
                    f4:92:d0:07:2b:04:22:11:82:1d:06:74:44:f6:33:
                    53:01:de:db:a1:59:0f:70:d9:e8:0e:ea:4d:9a:87:
                    35:b5:90:22:15:4b:fd:c0:8f:a3:c2:4e:de:82:24:
                    8e:ab:b1:05:44:20:4e:75:86:88:a6:75:58:61:75:
                    38:ba:f4:06:a0:e4:af:18:c5:8b:b2:b7:dd:3d:cf:
                    33:d1:5b:8d:d5:68:dd:ae:1f:95:f4:e0:96:0b:e4:
                    2c:7d:de:eb:98:46:1a:ea:1c:a2:fd:07:26:7a:ec:
                    58:54:af:ed:03:bd:e0:9a:0c:4d:f7:ae:10:8e:73:
                    dc:da:40:a5:d0:47:2c:30:a9:c5:81:da:3a:13:72:
                    e7:5a:81:1a:71:27:33:31:74:d6:c1:63:0d:fe:b2:
                    0c:40:a8:3a:04:9e:28:0c:88:b3:82:3a:38:62:21:
                    db:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:25:6D:6B:83:58:CF:E0:A4:FB:0D:FB:1C:80:70:FD:D9:93:E2:FD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b076e11c-5f2a-4cd7-b4e8-793e7c3ab274.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.152.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         23:58:57:27:5a:1e:d5:01:c2:ca:5d:7f:2f:8f:51:0f:09:55:
         c9:5e:9d:12:07:c0:2e:f3:5c:ef:cc:49:9d:5a:69:a6:78:be:
         85:da:18:1b:92:13:93:b1:63:05:d3:1d:10:2d:d4:6e:03:0e:
         9d:1b:b2:3a:72:02:d1:48:ef:8d:77:1d:7f:99:c5:e8:20:2d:
         67:9e:ff:b2:01:8a:9e:14:bb:0f:98:52:a3:f2:fd:0d:63:50:
         aa:d6:19:0a:1e:bf:e5:e0:5f:ef:b6:c5:f8:47:80:82:3d:b8:
         6e:83:04:8d:77:54:c5:51:d5:64:98:9e:7c:44:43:b5:6a:3d:
         47:42:c1:57:5b:b0:c6:09:f6:a4:2a:55:75:a9:cc:af:1b:80:
         8b:ff:e7:68:41:8f:80:95:fa:33:b6:b5:91:96:5d:72:29:dd:
         ef:32:e7:8f:4d:40:3b:2d:63:0e:e9:49:2d:7c:85:b7:c5:29:
         44:e5:ca:8e:9c:0c:81:c2:ef:0c:7d:4c:39:cb:7f:ac:59:97:
         63:cf:26:02:3b:07:d9:85:25:8c:fa:cf:77:d3:ac:95:51:c1:
         27:13:3f:35:57:60:21:43:63:28:d2:39:71:ce:37:fe:f3:15:
         d4:2d:b3:bc:2e:da:16:61:60:37:a8:39:ca:94:0d:43:e5:ff:
         fc:b8:88:98
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVmUFWo1VxSM+Nr3GPJlYr4S9lMYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzE2MDAwMTI3WhcNMjUwODIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDlkYmQxM2JmNWQ3MWU2MWYwNjc1YWFlYWY0NTQ1ZWZj
OGE2NDVkZDUyOWM2OWZjZjFjNTYwMTY4ZjY2MzUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqr7fksdhhEMPt7gzk589dj8/DNsvfeayfVyAQJUGzP6S6
NJJuI7Z1QEpUdlu++D61OdWK7Jwdc0Um0FbU6rWt2bYUpsc2uKWL/dBcR8hCxyMq
BfqUUkvPO/SS0AcrBCIRgh0GdET2M1MB3tuhWQ9w2egO6k2ahzW1kCIVS/3Aj6PC
Tt6CJI6rsQVEIE51hoimdVhhdTi69Aag5K8YxYuyt909zzPRW43VaN2uH5X04JYL
5Cx93uuYRhrqHKL9ByZ67FhUr+0DveCaDE33rhCOc9zaQKXQRywwqcWB2joTcuda
gRpxJzMxdNbBYw3+sgxAqDoEnigMiLOCOjhiIdvRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUACVta4NYz+Ck+w37HIBw/dmT4v0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IwNzZlMTFjLTVmMmEtNGNkNy1iNGU4LTc5M2U3YzNhYjI3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCdmDANBgkqhkiG9w0BAQsFAAOCAQEAI1hXJ1oe1QHCyl1/L49RDwlVyV6d
EgfALvNc78xJnVpppni+hdoYG5ITk7FjBdMdEC3UbgMOnRuyOnIC0UjvjXcdf5nF
6CAtZ57/sgGKnhS7D5hSo/L9DWNQqtYZCh6/5eBf77bF+EeAgj24boMEjXdUxVHV
ZJiefERDtWo9R0LBV1uwxgn2pCpVdanMrxuAi//naEGPgJX6M7a1kZZdcind7zLn
j01AOy1jDulJLXyFt8UpROXKjpwMgcLvDH1MOct/rFmXY88mAjsH2YUljPrPd9Os
lVHBJxM/NVdgIUNjKNI5cc43/vMV1C2zvC7aFmFgN6g5ypQNQ+X//LiImA==
-----END CERTIFICATE-----
Generated at Mon Aug 4 22:25:18 2025 by rpki-client