Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf8c2352-31e2-451c-8d45-f20afbc2351c.roa
File:                     cf8c2352-31e2-451c-8d45-f20afbc2351c.roa (raw, json)
Hash identifier:          ZznMHalXiCFV5s9zRVTZVdUb4YRbANZZn6e9UmXH9Qg=
Subject key identifier:   A8:DE:38:EB:12:59:C7:4A:DA:82:06:EA:42:12:0A:7B:31:9D:96:CA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0D98BA886B73E250A180D17E122CB80E106FFA57
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf8c2352-31e2-451c-8d45-f20afbc2351c.roa
Signing time:             Mon 04 Aug 2025 16:00:31 +0000
ROA not before:           Mon 04 Aug 2025 16:00:31 +0000
ROA not after:            Mon 08 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        208.86.88.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:98:ba:88:6b:73:e2:50:a1:80:d1:7e:12:2c:b8:0e:10:6f:fa:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  4 16:00:31 2025 GMT
            Not After : Sep  8 23:59:59 2025 GMT
        Subject: serialNumber=51913f4b4782bfb111fa7110e780b8d95f5917bab28764796a83aa30f465931e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:39:7d:32:9c:c8:fe:8b:d4:1e:a8:82:50:fd:
                    c7:f2:d3:79:a2:ac:c7:cc:33:25:1c:a9:41:d5:80:
                    74:81:70:64:64:77:d9:93:9c:23:00:23:0e:d7:0e:
                    3c:c8:48:4c:f5:11:56:40:57:d9:c0:73:34:cf:72:
                    70:09:6c:8f:91:22:df:1c:bc:3e:d6:ed:57:b7:23:
                    b4:9c:1f:c3:f2:b8:fe:a1:47:06:ff:fd:2b:6a:f1:
                    8b:0a:75:45:a4:c7:e8:db:53:e7:c0:58:d0:67:77:
                    3c:9a:77:70:1d:fb:8f:f2:b7:66:cc:82:ee:4c:73:
                    80:f2:60:6c:fa:c0:dd:eb:ab:3d:99:31:49:f1:14:
                    d3:d4:46:f1:bb:7b:93:fc:4c:5a:e8:21:7b:fb:85:
                    d7:c6:8d:4b:4b:52:a0:11:c8:57:a1:48:8b:2f:69:
                    c0:5a:09:4d:df:dc:62:63:61:f2:7e:cd:75:83:32:
                    9c:9d:b7:ab:cb:ff:14:05:4f:51:08:f4:28:0b:97:
                    f8:f5:38:03:c7:71:fe:d7:38:18:df:f4:10:ab:41:
                    e5:70:77:5c:34:5d:88:63:0f:f7:23:b4:5c:36:4f:
                    7d:10:b2:65:32:4b:97:04:bb:08:79:6e:05:68:ac:
                    b9:38:f6:44:1c:85:1b:3b:ae:6d:eb:61:bd:e4:5c:
                    82:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:DE:38:EB:12:59:C7:4A:DA:82:06:EA:42:12:0A:7B:31:9D:96:CA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf8c2352-31e2-451c-8d45-f20afbc2351c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.86.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:26:e8:ec:96:4e:6b:bb:f9:a4:1e:4c:27:6d:6e:75:d3:c2:
         5c:b4:82:17:d6:d0:cb:02:fc:34:5f:ce:b6:38:9b:3d:8f:fe:
         8d:f4:e3:24:0c:78:4f:e3:6f:77:c2:73:6d:0f:78:e2:f4:5a:
         c1:b3:83:59:55:94:5b:d8:2b:6b:9e:fb:d2:0b:3e:93:ca:58:
         be:c4:10:f5:f1:a3:9e:8e:6b:c7:78:70:5a:ec:fb:85:a6:eb:
         ec:c8:bd:a3:b1:be:6e:a8:d9:34:9e:4b:b2:be:11:e7:da:21:
         6a:f1:5f:2d:47:57:2c:1e:fa:87:51:e5:29:20:68:a4:aa:07:
         2c:e6:c7:69:70:e7:0c:92:2d:af:a8:64:b5:79:76:5b:51:88:
         f8:bc:6c:aa:b8:aa:a2:08:40:00:8a:19:91:49:5d:8d:51:8d:
         e9:56:a6:16:e5:32:27:e0:74:33:96:92:56:12:8f:fa:a5:0e:
         90:a2:50:b0:4d:10:74:ab:b5:36:dd:41:44:d4:04:9c:ef:c2:
         a1:26:37:b1:a5:99:b5:47:89:e9:87:07:91:e7:a9:35:e0:87:
         54:17:9f:ca:ca:f6:e6:be:b9:b5:7d:1e:85:5f:bd:14:35:a4:
         e1:0c:c8:10:0e:62:b7:7d:1b:84:d6:59:e0:8d:0f:4e:c9:55:
         9c:5a:40:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDZi6iGtz4lChgNF+Eiy4DhBv+lcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODA0MTYwMDMxWhcNMjUwOTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MTkxM2Y0YjQ3ODJiZmIxMTFmYTcxMTBlNzgwYjhkOTVm
NTkxN2JhYjI4NzY0Nzk2YTgzYWEzMGY0NjU5MzFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNOX0ynMj+i9QeqIJQ/cfy03mirMfMMyUcqUHVgHSBcGRk
d9mTnCMAIw7XDjzISEz1EVZAV9nAczTPcnAJbI+RIt8cvD7W7Ve3I7ScH8PyuP6h
Rwb//Stq8YsKdUWkx+jbU+fAWNBndzyad3Ad+4/yt2bMgu5Mc4DyYGz6wN3rqz2Z
MUnxFNPURvG7e5P8TFroIXv7hdfGjUtLUqARyFehSIsvacBaCU3f3GJjYfJ+zXWD
Mpydt6vL/xQFT1EI9CgLl/j1OAPHcf7XOBjf9BCrQeVwd1w0XYhjD/cjtFw2T30Q
smUyS5cEuwh5bgVorLk49kQchRs7rm3rYb3kXIIJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqN446xJZx0raggbqQhIKezGdlsowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NmOGMyMzUyLTMxZTItNDUxYy04ZDQ1LWYyMGFmYmMyMzUxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALQVlgwDQYJKoZIhvcNAQELBQADggEBAC8m6OyWTmu7+aQeTCdtbnXTwly0
ghfW0MsC/DRfzrY4mz2P/o304yQMeE/jb3fCc20PeOL0WsGzg1lVlFvYK2ue+9IL
PpPKWL7EEPXxo56Oa8d4cFrs+4Wm6+zIvaOxvm6o2TSeS7K+EefaIWrxXy1HVywe
+odR5SkgaKSqByzmx2lw5wySLa+oZLV5dltRiPi8bKq4qqIIQACKGZFJXY1RjelW
phblMifgdDOWklYSj/qlDpCiULBNEHSrtTbdQUTUBJzvwqEmN7GlmbVHiemHB5Hn
qTXgh1QXn8rK9ua+ubV9HoVfvRQ1pOEMyBAOYrd9G4TWWeCND07JVZxaQG4=
-----END CERTIFICATE-----
Generated at Wed Aug 6 05:29:44 2025 by rpki-client