Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbc2b1a5-5365-48b4-affd-3867c265d11a.roa
File:                     bbc2b1a5-5365-48b4-affd-3867c265d11a.roa (raw, json)
Hash identifier:          zA7jOr0vxBrmsd60XiJxkw3Ly1luGhKYlRACDpnimUg=
Subject key identifier:   87:A8:0E:7C:86:8A:B5:2B:D3:82:FF:A9:56:97:74:07:A3:15:D8:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       44069820F55E3BB77023FF586C0C9EED964C4C27
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbc2b1a5-5365-48b4-affd-3867c265d11a.roa
Signing time:             Mon 28 Jul 2025 15:40:26 +0000
ROA not before:           Mon 28 Jul 2025 15:40:26 +0000
ROA not after:            Mon 01 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        89.254.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 10 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:06:98:20:f5:5e:3b:b7:70:23:ff:58:6c:0c:9e:ed:96:4c:4c:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 28 15:40:26 2025 GMT
            Not After : Sep  1 23:59:59 2025 GMT
        Subject: serialNumber=561dc9c35f70779f9c1cfc3a7397b81b145c9dc3b1f8f322238e7315e1ab5b54, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e2:d5:ac:a2:b7:35:4a:4f:07:c5:3a:35:94:
                    29:8b:44:46:54:ec:82:b8:f1:c6:26:02:ca:24:fb:
                    f2:5f:00:85:04:f1:d1:ec:0c:9f:7d:04:eb:b7:80:
                    12:75:4f:9c:96:a1:df:15:7b:48:05:0e:3b:62:df:
                    6c:21:cc:0c:a8:82:27:10:52:8d:f8:3c:f1:7a:7d:
                    27:4a:84:35:52:a8:b8:aa:b8:1f:cb:b7:1f:7b:7c:
                    b4:40:bb:f1:ce:5e:1e:15:36:23:b5:85:02:87:41:
                    55:e1:40:e3:65:b2:f1:eb:75:a7:cd:52:84:67:ad:
                    3f:20:44:db:16:7a:3d:17:f3:f8:4c:49:cc:fb:a4:
                    db:05:3b:17:0f:73:25:77:c3:6c:c8:cc:d0:cf:18:
                    3f:b4:2f:18:66:dc:44:d1:a0:c5:07:79:a8:1d:83:
                    06:c1:7d:99:66:1a:46:92:35:b6:f2:ae:c8:1c:1b:
                    39:40:40:f7:c3:ef:e7:1d:70:47:f7:8c:f5:63:f4:
                    00:1a:89:5e:4a:72:ef:93:52:eb:58:80:7f:0e:dc:
                    38:f1:11:09:6d:ae:22:4d:7a:0e:c6:7f:f9:69:bb:
                    2f:f4:ed:0d:b9:be:be:52:f1:ea:20:39:af:e9:8f:
                    97:f7:f4:cc:5d:d1:a9:37:1d:87:d3:9c:ca:bb:73:
                    31:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:A8:0E:7C:86:8A:B5:2B:D3:82:FF:A9:56:97:74:07:A3:15:D8:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbc2b1a5-5365-48b4-affd-3867c265d11a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.254.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         79:45:e6:17:f1:0c:31:e8:0e:18:95:b1:76:95:f2:11:32:b1:
         09:6b:7b:68:3c:05:84:ec:4c:d7:bd:95:e9:0b:2c:43:c6:a0:
         a5:9d:39:84:72:c9:5d:6f:34:43:ef:d7:13:29:da:86:ab:e8:
         04:db:16:74:84:7b:e4:92:6f:33:56:8d:fa:ab:92:1b:c2:8d:
         d2:7d:2f:23:08:ce:07:96:86:88:aa:42:9b:bc:36:e6:0a:6a:
         a1:3f:fd:e3:ec:38:33:97:da:55:b5:c6:8b:80:5b:ab:66:e7:
         2f:d9:96:e0:4a:d9:03:00:91:c8:c9:45:14:cb:24:7f:8a:d0:
         b1:b8:8a:60:df:0b:1d:32:46:d2:ca:e1:13:b7:13:1b:d6:27:
         11:cc:6e:db:21:e5:44:08:38:b0:02:73:fd:88:c2:bf:d2:0f:
         23:4d:9b:0b:19:95:af:8d:85:2b:ed:d5:9b:01:99:c2:16:25:
         bf:92:f2:0e:a4:bb:a4:5f:17:71:53:a5:c4:3b:3d:80:9e:03:
         63:9a:eb:c9:0c:75:4e:a0:61:ff:78:2f:e7:c4:4b:f4:9b:38:
         74:0a:93:cb:61:bb:a6:66:27:6f:f3:96:a0:eb:fd:0f:d2:bf:
         eb:b5:b0:26:03:49:fa:de:9e:52:0f:2e:6a:b0:e1:2e:20:65:
         3a:8e:b2:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURAaYIPVeO7dwI/9YbAye7ZZMTCcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzI4MTU0MDI2WhcNMjUwOTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NjFkYzljMzVmNzA3NzlmOWMxY2ZjM2E3Mzk3YjgxYjE0
NWM5ZGMzYjFmOGYzMjIyMzhlNzMxNWUxYWI1YjU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDR4tWsorc1Sk8HxTo1lCmLREZU7IK48cYmAsok+/JfAIUE
8dHsDJ99BOu3gBJ1T5yWod8Ve0gFDjti32whzAyogicQUo34PPF6fSdKhDVSqLiq
uB/Ltx97fLRAu/HOXh4VNiO1hQKHQVXhQONlsvHrdafNUoRnrT8gRNsWej0X8/hM
Scz7pNsFOxcPcyV3w2zIzNDPGD+0Lxhm3ETRoMUHeagdgwbBfZlmGkaSNbbyrsgc
GzlAQPfD7+cdcEf3jPVj9AAaiV5Kcu+TUutYgH8O3DjxEQltriJNeg7Gf/lpuy/0
7Q25vr5S8eogOa/pj5f39Mxd0ak3HYfTnMq7czENAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUh6gOfIaKtSvTgv+pVpd0B6MV2FgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiYzJiMWE1LTUzNjUtNDhiNC1hZmZkLTM4NjdjMjY1ZDExYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANZ/ggwDQYJKoZIhvcNAQELBQADggEBAHlF5hfxDDHoDhiVsXaV8hEysQlr
e2g8BYTsTNe9lekLLEPGoKWdOYRyyV1vNEPv1xMp2oar6ATbFnSEe+SSbzNWjfqr
khvCjdJ9LyMIzgeWhoiqQpu8NuYKaqE//ePsODOX2lW1xouAW6tm5y/ZluBK2QMA
kcjJRRTLJH+K0LG4imDfCx0yRtLK4RO3ExvWJxHMbtsh5UQIOLACc/2Iwr/SDyNN
mwsZla+NhSvt1ZsBmcIWJb+S8g6ku6RfF3FTpcQ7PYCeA2Oa68kMdU6gYf94L+fE
S/SbOHQKk8thu6ZmJ2/zlqDr/Q/Sv+u1sCYDSfrenlIPLmqw4S4gZTqOsus=
-----END CERTIFICATE-----
Generated at Fri Aug 8 20:57:36 2025 by rpki-client