Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8d8c762-dbfd-4268-bc1b-e7fb289da015.roa
File:                     f8d8c762-dbfd-4268-bc1b-e7fb289da015.roa (raw, json)
Hash identifier:          pLtuRNE1nSxqMML1VVA2O1hWlah+RPkqetIZLhqwjBk=
Subject key identifier:   9B:52:8E:7F:4A:D3:BA:8A:D2:04:62:AA:DC:BE:8E:A3:A8:77:A7:9F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       53FF2A5BA78710BF8B7F5CC228501F080133C0B0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8d8c762-dbfd-4268-bc1b-e7fb289da015.roa
Signing time:             Tue 22 Jul 2025 00:00:19 +0000
ROA not before:           Tue 22 Jul 2025 00:00:19 +0000
ROA not after:            Tue 26 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        13.128.240.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 05 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:ff:2a:5b:a7:87:10:bf:8b:7f:5c:c2:28:50:1f:08:01:33:c0:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 22 00:00:19 2025 GMT
            Not After : Aug 26 23:59:59 2025 GMT
        Subject: serialNumber=f15aac664eeeb5828e4f00b22ff6f92f12da12614dd8271b1d46e17aed11000b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fc:40:35:a0:4e:44:81:f2:a4:ed:d0:a5:30:
                    9f:c6:b6:a4:50:b8:e4:74:cc:e6:66:c9:d2:15:45:
                    95:dd:d8:c0:80:93:16:af:3a:c3:bb:26:8f:a0:f5:
                    8c:6c:b3:bd:a2:14:f0:0a:08:89:27:a3:21:24:58:
                    05:ea:fe:ce:35:11:45:e5:c6:f8:63:b3:e0:ed:68:
                    30:f2:19:2f:70:d2:fe:17:47:83:44:9f:9b:3b:64:
                    11:88:d6:6e:49:e7:37:56:65:71:34:d9:3d:d3:fc:
                    a3:ca:01:30:cd:26:78:9f:d4:96:73:06:e8:fe:e0:
                    2a:06:38:a6:e3:d3:12:ae:d2:c1:c2:27:e2:5f:5d:
                    99:91:3f:23:1d:bc:79:39:97:df:c8:94:7b:a0:54:
                    5a:09:d5:e8:8f:59:7d:01:fc:45:0e:9d:34:e9:29:
                    ca:05:21:b8:7f:40:fb:65:a0:28:01:58:ca:e5:12:
                    a6:7f:8f:24:ca:0b:6f:a8:41:2c:c4:8c:0e:b5:c9:
                    6b:7a:be:fe:dd:77:c0:cb:77:67:87:31:ef:fb:c7:
                    08:ea:51:1f:78:79:ff:33:34:cf:d1:ef:53:23:21:
                    f7:c7:be:c5:79:f5:3c:d8:fb:d4:d0:6f:32:13:59:
                    14:0b:bc:d9:9b:e2:e9:c7:c8:92:b6:d0:5e:ea:68:
                    5e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:52:8E:7F:4A:D3:BA:8A:D2:04:62:AA:DC:BE:8E:A3:A8:77:A7:9F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8d8c762-dbfd-4268-bc1b-e7fb289da015.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.128.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9b:85:fb:75:21:0a:f5:05:26:85:c7:bf:ee:53:39:af:4b:de:
         3c:89:ef:ac:6d:03:21:6e:71:52:5f:0c:4a:4d:fc:9f:5c:33:
         01:34:4f:a4:41:65:ba:3a:24:5c:10:61:22:0b:82:25:8c:23:
         ff:d0:29:ab:75:5b:4b:c1:7d:ea:19:8a:67:ce:5b:df:77:86:
         23:fe:c2:76:9e:4d:63:6e:59:26:71:ec:65:aa:76:38:fa:96:
         b7:6f:84:68:59:c7:2b:a6:96:94:e9:b0:f7:a5:2a:f0:d5:ed:
         e5:3c:26:21:60:cb:33:6b:62:11:a5:dd:0c:15:a6:29:b9:8e:
         40:42:96:eb:1b:2c:9a:72:a6:7c:ee:ad:49:d8:75:43:1f:99:
         d5:88:23:78:ea:9e:83:73:84:87:e8:40:e9:b5:22:b3:c2:35:
         98:7d:a4:63:33:fd:1a:fc:03:10:36:8a:0f:b1:3c:36:6d:3a:
         f7:c7:b9:b2:ec:f2:36:32:43:33:24:0a:d4:2b:92:ee:f0:ed:
         70:11:26:96:71:fb:3c:fe:9c:fc:e3:38:b6:d3:19:bb:9a:03:
         30:75:66:2e:dc:af:4e:a2:72:5f:53:26:9a:c5:1b:11:31:90:
         9d:41:47:2d:c7:27:49:87:8b:fe:61:24:c7:9b:87:1b:2b:66:
         62:dd:cd:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU/8qW6eHEL+Lf1zCKFAfCAEzwLAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzIyMDAwMDE5WhcNMjUwODI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMTVhYWM2NjRlZWViNTgyOGU0ZjAwYjIyZmY2ZjkyZjEy
ZGExMjYxNGRkODI3MWIxZDQ2ZTE3YWVkMTEwMDBiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD/EA1oE5EgfKk7dClMJ/GtqRQuOR0zOZmydIVRZXd2MCA
kxavOsO7Jo+g9Yxss72iFPAKCIknoyEkWAXq/s41EUXlxvhjs+DtaDDyGS9w0v4X
R4NEn5s7ZBGI1m5J5zdWZXE02T3T/KPKATDNJnif1JZzBuj+4CoGOKbj0xKu0sHC
J+JfXZmRPyMdvHk5l9/IlHugVFoJ1eiPWX0B/EUOnTTpKcoFIbh/QPtloCgBWMrl
EqZ/jyTKC2+oQSzEjA61yWt6vv7dd8DLd2eHMe/7xwjqUR94ef8zNM/R71MjIffH
vsV59TzY+9TQbzITWRQLvNmb4unHyJK20F7qaF6dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUm1KOf0rTuorSBGKq3L6Oo6h3p58wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y4ZDhjNzYyLWRiZmQtNDI2OC1iYzFiLWU3ZmIyODlkYTAxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMNgPAwDQYJKoZIhvcNAQELBQADggEBAJuF+3UhCvUFJoXHv+5TOa9L3jyJ
76xtAyFucVJfDEpN/J9cMwE0T6RBZbo6JFwQYSILgiWMI//QKat1W0vBfeoZimfO
W993hiP+wnaeTWNuWSZx7GWqdjj6lrdvhGhZxyumlpTpsPelKvDV7eU8JiFgyzNr
YhGl3QwVpim5jkBClusbLJpypnzurUnYdUMfmdWII3jqnoNzhIfoQOm1IrPCNZh9
pGMz/Rr8AxA2ig+xPDZtOvfHubLs8jYyQzMkCtQrku7w7XARJpZx+zz+nPzjOLbT
GbuaAzB1Zi7cr06icl9TJprFGxExkJ1BRy3HJ0mHi/5hJMebhxsrZmLdzZI=
-----END CERTIFICATE-----