Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f9bf2bef-cff8-4737-98d7-b24a45489a28.roa
File:                     f9bf2bef-cff8-4737-98d7-b24a45489a28.roa (raw, json)
Hash identifier:          qY28rJlGKiUDjS2nGtySMgVeJsPG5MNFbjnU1YMAmus=
Subject key identifier:   C8:38:04:E4:21:15:6F:E4:35:5F:EA:4D:97:86:1F:E9:B8:C9:0D:FC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1B27A98B3CF0969A2DE8A206F438119CCDBF1AF7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f9bf2bef-cff8-4737-98d7-b24a45489a28.roa
Signing time:             Mon 28 Jul 2025 15:30:28 +0000
ROA not before:           Mon 28 Jul 2025 15:30:28 +0000
ROA not after:            Mon 01 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.157.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:27:a9:8b:3c:f0:96:9a:2d:e8:a2:06:f4:38:11:9c:cd:bf:1a:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 28 15:30:28 2025 GMT
            Not After : Sep  1 23:59:59 2025 GMT
        Subject: serialNumber=c40b1467e57390b270e6bc1bec324fda0d212ceb6747113faaa8410325a80fad, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:b6:b5:b6:e9:1d:69:83:5e:b8:2a:fa:2a:7d:
                    64:86:b6:8d:ff:e7:7f:0f:2a:9d:b3:a0:1c:ea:23:
                    ad:78:f6:6e:e6:71:98:19:83:ba:d4:fa:34:70:88:
                    0f:57:4a:81:e6:57:6c:0d:57:c9:14:a9:7a:ed:e6:
                    d1:6a:d8:76:48:2e:44:f6:50:57:43:61:e7:93:0e:
                    ea:c5:7a:a7:c8:25:b1:da:42:63:61:0c:ef:6a:f3:
                    ba:97:8c:69:09:a2:8d:ed:f9:19:26:3f:5e:2e:7a:
                    92:56:dd:74:a5:33:f9:67:eb:cc:b7:15:82:34:13:
                    3c:a7:93:5f:21:bc:68:15:e8:f5:aa:18:2a:8f:bd:
                    91:15:22:36:09:65:bb:85:c0:06:8b:65:eb:87:99:
                    e5:f4:0f:15:95:68:66:b0:aa:03:76:96:e1:d6:66:
                    cb:47:23:30:02:cb:19:1d:ee:db:ff:1b:aa:91:55:
                    20:7f:8f:cd:fa:6b:92:9f:ed:f9:dd:6c:fa:df:c5:
                    dd:10:2d:7e:0c:ec:61:6e:5d:a0:d8:9c:df:df:ae:
                    f3:e4:d3:71:de:32:1f:96:b2:ed:6f:27:f9:0c:cf:
                    98:8f:f6:1b:07:8b:3e:0d:be:d0:1a:ca:e3:3c:89:
                    9a:ec:8e:67:70:bc:96:bc:57:0d:09:0f:27:2b:a0:
                    89:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:38:04:E4:21:15:6F:E4:35:5F:EA:4D:97:86:1F:E9:B8:C9:0D:FC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f9bf2bef-cff8-4737-98d7-b24a45489a28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.157.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0a:e0:21:53:2f:2e:0a:e3:83:d2:2d:e5:f9:ea:20:10:e2:b8:
         ec:db:88:1d:25:d3:d1:f4:a4:72:69:33:63:68:88:29:fd:4d:
         45:9b:87:96:ee:16:04:34:06:52:e9:14:f6:a6:6b:7a:f3:8f:
         2d:e9:9a:2b:c0:f4:de:4f:ed:71:63:9f:0b:d8:9f:32:00:e9:
         bb:1d:dc:00:5a:c6:35:54:c2:ca:87:ca:94:6f:9b:b1:d9:dd:
         e6:3f:c2:97:a3:89:47:3c:dc:00:48:4a:00:a8:76:53:23:79:
         c6:27:c6:49:a5:46:dc:fe:6c:5b:ea:9c:c8:77:93:db:b2:c9:
         73:15:ce:6f:4a:87:ad:4e:71:0b:fe:f3:c8:4b:1e:30:37:96:
         78:2b:98:23:b1:2f:67:07:82:ca:8c:39:cc:4b:21:ae:54:14:
         3e:7a:2f:d8:72:c7:00:30:49:56:5f:ec:2d:8a:56:c5:bd:3a:
         4b:7d:57:3e:39:ba:3e:39:29:b7:5c:b8:f1:13:5f:b9:10:7d:
         2f:04:cb:4c:2e:0d:df:78:83:24:c4:ba:c3:a6:62:c9:4d:17:
         e9:a8:77:ad:00:8b:3d:8d:d6:85:21:ce:46:94:f2:44:a5:c0:
         d0:9c:b5:30:b9:15:4d:f1:f5:67:1a:30:67:c6:72:b9:2a:1a:
         46:2c:9e:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGyepizzwlpot6KIG9DgRnM2/GvcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzI4MTUzMDI4WhcNMjUwOTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNDBiMTQ2N2U1NzM5MGIyNzBlNmJjMWJlYzMyNGZkYTBk
MjEyY2ViNjc0NzExM2ZhYWE4NDEwMzI1YTgwZmFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCatrW26R1pg164KvoqfWSGto3/538PKp2zoBzqI6149m7m
cZgZg7rU+jRwiA9XSoHmV2wNV8kUqXrt5tFq2HZILkT2UFdDYeeTDurFeqfIJbHa
QmNhDO9q87qXjGkJoo3t+RkmP14uepJW3XSlM/ln68y3FYI0Ezynk18hvGgV6PWq
GCqPvZEVIjYJZbuFwAaLZeuHmeX0DxWVaGawqgN2luHWZstHIzACyxkd7tv/G6qR
VSB/j836a5Kf7fndbPrfxd0QLX4M7GFuXaDYnN/frvPk03HeMh+Wsu1vJ/kMz5iP
9hsHiz4NvtAayuM8iZrsjmdwvJa8Vw0JDycroInxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyDgE5CEVb+Q1X+pNl4Yf6bjJDfwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y5YmYyYmVmLWNmZjgtNDczNy05OGQ3LWIyNGE0NTQ4OWEyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALYnQwwDQYJKoZIhvcNAQELBQADggEBAArgIVMvLgrjg9It5fnqIBDiuOzb
iB0l09H0pHJpM2NoiCn9TUWbh5buFgQ0BlLpFPama3rzjy3pmivA9N5P7XFjnwvY
nzIA6bsd3ABaxjVUwsqHypRvm7HZ3eY/wpejiUc83ABISgCodlMjecYnxkmlRtz+
bFvqnMh3k9uyyXMVzm9Kh61OcQv+88hLHjA3lngrmCOxL2cHgsqMOcxLIa5UFD56
L9hyxwAwSVZf7C2KVsW9Okt9Vz45uj45KbdcuPETX7kQfS8Ey0wuDd94gyTEusOm
YslNF+mod60Aiz2N1oUhzkaU8kSlwNCctTC5FU3x9WcaMGfGcrkqGkYsnp4=
-----END CERTIFICATE-----
Generated at Wed Aug 6 14:07:54 2025 by rpki-client