Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b653a6ba-e264-4c79-866b-a64349cb5eeb.roa
File:                     b653a6ba-e264-4c79-866b-a64349cb5eeb.roa (raw, json)
Hash identifier:          7zCVBJZ6hScyT0jWUp3fz0fJVCe4OC/IQttyEIMTcqo=
Subject key identifier:   54:43:00:B8:3D:95:0B:00:61:C3:FF:B0:F2:14:D6:2E:76:CC:94:83
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       609E3DCB6CA8D2E94074DBD590B938E955A5102A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b653a6ba-e264-4c79-866b-a64349cb5eeb.roa
Signing time:             Sun 17 May 2026 00:00:42 +0000
ROA not before:           Sun 17 May 2026 00:00:42 +0000
ROA not after:            Sat 15 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        56.23.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 18 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:9e:3d:cb:6c:a8:d2:e9:40:74:db:d5:90:b9:38:e9:55:a5:10:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 17 00:00:42 2026 GMT
            Not After : Aug 15 23:59:59 2026 GMT
        Subject: serialNumber=3caff179581365441f00e45cd86c14efa0221391f08890aee5dd03c6ed204622, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3d:be:62:28:ee:bf:f3:cf:14:e1:a1:ea:68:
                    3e:43:e3:ef:40:4e:eb:39:d2:7e:dc:2a:b8:98:13:
                    5d:73:50:1a:a2:a5:14:85:2f:e0:b1:6d:4a:12:a7:
                    19:c0:f8:d4:9e:c2:c9:df:c0:64:bf:0d:f0:6c:f1:
                    e4:45:4e:e2:1e:8a:fb:7a:04:4f:c6:b3:10:b9:af:
                    15:19:29:54:9f:78:c9:5f:2b:f7:39:a8:e4:d5:38:
                    cf:92:9c:60:ec:04:dc:e6:a7:d2:c1:66:d7:ab:0d:
                    dd:b9:71:ba:b2:1c:57:23:e5:d8:ff:44:9d:da:fb:
                    6a:e7:8b:48:b2:93:41:49:49:2a:e7:62:e1:e3:12:
                    6f:2b:ac:0f:cd:b8:67:42:f2:82:48:39:c4:19:89:
                    85:20:76:82:d9:bc:8d:67:92:37:bc:ac:f5:71:e3:
                    b6:a1:bf:a4:ae:22:21:33:b5:27:f8:01:4e:ef:36:
                    26:52:91:ad:7f:54:62:b0:31:70:9c:35:3d:95:d2:
                    c8:0b:06:ba:8b:00:31:60:a5:30:b9:16:73:fd:8f:
                    29:63:20:0d:a5:e4:6e:d7:dc:60:4c:8f:d2:10:2d:
                    20:e5:ef:dc:8a:e7:f7:f2:d8:e2:01:31:76:fe:26:
                    5e:59:ff:91:17:12:28:fd:c1:3d:91:4f:8e:0e:08:
                    4a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:43:00:B8:3D:95:0B:00:61:C3:FF:B0:F2:14:D6:2E:76:CC:94:83
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b653a6ba-e264-4c79-866b-a64349cb5eeb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.23.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9b:6e:e2:5b:93:74:21:9d:de:76:32:e0:e7:af:27:58:c1:9b:
         5f:ce:53:ad:91:37:63:05:30:54:22:17:29:36:ac:0b:e1:c7:
         66:6d:db:f8:7d:c6:4c:cc:4c:9e:4e:27:d7:98:49:4c:89:24:
         2a:01:ba:95:50:26:22:ed:b4:6b:63:eb:29:51:39:b6:59:a5:
         5e:27:dc:90:f5:eb:98:74:70:a8:e3:06:f3:45:0b:91:1f:10:
         1e:0a:03:ee:26:60:f5:c1:84:32:5b:61:04:4c:66:f9:53:83:
         5a:b3:55:72:70:6e:8c:95:6d:7a:2a:59:51:34:cc:a1:ca:11:
         62:0e:ff:c3:dc:98:57:8e:b5:a9:c8:dc:50:74:db:bd:e8:41:
         0a:ca:ce:3f:49:9d:eb:c5:f3:96:5f:c0:20:51:14:3c:9c:df:
         b6:16:fe:7b:cb:69:73:6e:30:c1:f7:e9:d2:37:06:cc:f9:c4:
         3d:0d:8c:95:6d:52:5c:3e:72:98:be:fe:22:48:c6:03:7e:38:
         be:2f:00:90:61:74:04:b3:7b:a4:bc:5f:46:6e:2e:3c:52:b5:
         ac:1c:a4:70:9b:4f:a7:a2:63:e0:23:40:5e:d9:49:8e:1d:98:
         d1:64:3b:f6:33:e2:d6:72:b8:20:0e:fb:26:d4:0c:fb:2f:cd:
         78:8f:94:20
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYJ49y2yo0ulAdNvVkLk46VWlECowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwNTE3MDAwMDQyWhcNMjYwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzY2FmZjE3OTU4MTM2NTQ0MWYwMGU0NWNkODZjMTRlZmEw
MjIxMzkxZjA4ODkwYWVlNWRkMDNjNmVkMjA0NjIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoPb5iKO6/888U4aHqaD5D4+9ATus50n7cKriYE11zUBqi
pRSFL+CxbUoSpxnA+NSewsnfwGS/DfBs8eRFTuIeivt6BE/GsxC5rxUZKVSfeMlf
K/c5qOTVOM+SnGDsBNzmp9LBZterDd25cbqyHFcj5dj/RJ3a+2rni0iyk0FJSSrn
YuHjEm8rrA/NuGdC8oJIOcQZiYUgdoLZvI1nkje8rPVx47ahv6SuIiEztSf4AU7v
NiZSka1/VGKwMXCcNT2V0sgLBrqLADFgpTC5FnP9jyljIA2l5G7X3GBMj9IQLSDl
79yK5/fy2OIBMXb+Jl5Z/5EXEij9wT2RT44OCEq3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUVEMAuD2VCwBhw/+w8hTWLnbMlIMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I2NTNhNmJhLWUyNjQtNGM3OS04NjZiLWE2NDM0OWNiNWVlYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4FzANBgkqhkiG9w0BAQsFAAOCAQEAm27iW5N0IZ3edjLg568nWMGbX85T
rZE3YwUwVCIXKTasC+HHZm3b+H3GTMxMnk4n15hJTIkkKgG6lVAmIu20a2PrKVE5
tlmlXifckPXrmHRwqOMG80ULkR8QHgoD7iZg9cGEMlthBExm+VODWrNVcnBujJVt
eipZUTTMocoRYg7/w9yYV461qcjcUHTbvehBCsrOP0md68Xzll/AIFEUPJzfthb+
e8tpc24wwffp0jcGzPnEPQ2MlW1SXD5ymL7+IkjGA344vi8AkGF0BLN7pLxfRm4u
PFK1rBykcJtPp6Jj4CNAXtlJjh2Y0WQ79jPi1nK4IA77JtQM+y/NeI+UIA==
-----END CERTIFICATE-----