Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0aca7cdb-898e-4187-9140-4f8871c28fb0.roa
File:                     0aca7cdb-898e-4187-9140-4f8871c28fb0.roa (raw, json)
Hash identifier:          5mKq66SwCKMaUJ30kVpbtDdGPI0lyLUU1IjV1wnCq18=
Subject key identifier:   38:B8:0D:F4:22:EC:30:FB:ED:0E:A3:A4:A4:88:FE:71:ED:3B:23:E3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       540CE3D1C81F1B7354DDF1AFD75C11792DB7D716
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0aca7cdb-898e-4187-9140-4f8871c28fb0.roa
Signing time:             Wed 13 Aug 2025 00:40:11 +0000
ROA not before:           Wed 13 Aug 2025 00:40:11 +0000
ROA not after:            Wed 17 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        67.220.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 25 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:0c:e3:d1:c8:1f:1b:73:54:dd:f1:af:d7:5c:11:79:2d:b7:d7:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 13 00:40:11 2025 GMT
            Not After : Sep 17 23:59:59 2025 GMT
        Subject: serialNumber=d85f05d4087a7acca41bd0e4006c201e8fb2a2c3ded7097b4b9706a75c139bf5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c2:a6:ea:0e:bc:d0:40:f2:18:7c:0d:0f:fe:
                    05:ac:03:d9:0f:df:f7:63:c4:53:71:96:8f:c0:7c:
                    76:c6:54:c6:af:d7:16:ed:6b:27:21:8c:a2:1e:53:
                    98:5e:74:40:b9:97:d5:4b:e2:a4:4f:75:04:be:e6:
                    a1:f6:06:b6:b5:9c:94:90:80:e8:b5:17:bd:8b:9e:
                    6b:6a:d6:20:82:a4:ac:85:b0:89:9c:68:48:1f:d5:
                    d9:dd:97:b6:b4:9d:10:0b:65:23:89:fe:b1:18:7b:
                    97:36:0e:24:a3:dc:01:e3:01:50:c5:6b:50:1f:2d:
                    2c:2c:83:6a:96:94:8d:6a:9b:a8:8f:7a:66:78:6e:
                    8d:ff:f6:c7:fa:b9:30:0f:73:5f:19:61:02:52:32:
                    05:5b:2e:2a:ea:fc:20:e4:fb:21:8b:3c:36:ed:96:
                    30:f1:34:c7:8d:e9:fd:b2:50:d1:4d:12:e2:26:e5:
                    de:9a:d6:d2:6d:68:71:ea:36:82:10:2e:9a:a9:2b:
                    ea:59:0b:24:5b:7e:85:83:13:13:f9:1f:f2:dc:35:
                    96:dc:65:de:e7:d9:19:d0:46:48:3f:20:8f:8a:bb:
                    3d:c7:0d:5d:82:75:1e:96:63:f2:1d:9a:04:c9:a4:
                    a7:27:89:87:fa:ef:31:d9:77:e9:ff:be:85:9e:dd:
                    ff:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:B8:0D:F4:22:EC:30:FB:ED:0E:A3:A4:A4:88:FE:71:ED:3B:23:E3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0aca7cdb-898e-4187-9140-4f8871c28fb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.220.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         10:dc:87:18:69:4b:b0:8f:9d:bc:db:a0:35:8f:54:b3:d1:ff:
         a1:a2:d3:b1:43:d9:6a:c1:32:57:a7:24:b0:37:d2:e0:ae:c7:
         27:8b:19:dc:4d:72:08:49:db:43:56:2e:db:0b:99:44:91:8f:
         16:20:55:01:79:4c:5a:63:55:32:6a:1c:fc:09:e2:86:02:7b:
         df:f9:6b:24:94:fd:dd:61:2c:c7:2d:c8:a7:d7:ad:7e:64:4b:
         fd:ca:09:17:c4:0d:91:b4:df:cf:24:1c:7b:4b:d6:e3:cc:b8:
         33:83:01:c6:67:e5:cd:0e:b8:14:9e:4c:2f:9a:cd:83:3b:19:
         ab:29:77:21:88:e0:5e:ff:18:3c:9b:95:d7:cc:73:85:93:6c:
         9e:c7:a6:2f:49:24:64:e4:53:91:66:e0:d6:ea:65:49:a5:19:
         6e:32:59:45:03:bf:8f:f4:5d:3a:91:61:da:87:31:7f:57:d8:
         8b:c2:a9:96:e8:bb:52:14:04:70:3b:58:07:9e:d5:e3:ac:5e:
         7a:1a:6f:ba:24:2d:78:25:c3:c7:0b:c7:4b:06:fd:ab:01:d9:
         ff:be:46:3b:e8:5a:62:f4:22:bc:7b:e0:1f:87:89:e6:26:d8:
         3c:02:28:7a:7e:a2:a9:84:1d:32:15:51:22:b5:60:c1:05:45:
         0d:0e:78:9c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVAzj0cgfG3NU3fGv11wReS231xYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODEzMDA0MDExWhcNMjUwOTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkODVmMDVkNDA4N2E3YWNjYTQxYmQwZTQwMDZjMjAxZThm
YjJhMmMzZGVkNzA5N2I0Yjk3MDZhNzVjMTM5YmY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+wqbqDrzQQPIYfA0P/gWsA9kP3/djxFNxlo/AfHbGVMav
1xbtaychjKIeU5hedEC5l9VL4qRPdQS+5qH2Bra1nJSQgOi1F72Lnmtq1iCCpKyF
sImcaEgf1dndl7a0nRALZSOJ/rEYe5c2DiSj3AHjAVDFa1AfLSwsg2qWlI1qm6iP
emZ4bo3/9sf6uTAPc18ZYQJSMgVbLirq/CDk+yGLPDbtljDxNMeN6f2yUNFNEuIm
5d6a1tJtaHHqNoIQLpqpK+pZCyRbfoWDExP5H/LcNZbcZd7n2RnQRkg/II+Kuz3H
DV2CdR6WY/IdmgTJpKcniYf67zHZd+n/voWe3f+XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOLgN9CLsMPvtDqOkpIj+ce07I+MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBhY2E3Y2RiLTg5OGUtNDE4Ny05MTQwLTRmODg3MWMyOGZiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARD3PAwDQYJKoZIhvcNAQELBQADggEBABDchxhpS7CPnbzboDWPVLPR/6Gi
07FD2WrBMlenJLA30uCuxyeLGdxNcghJ20NWLtsLmUSRjxYgVQF5TFpjVTJqHPwJ
4oYCe9/5aySU/d1hLMctyKfXrX5kS/3KCRfEDZG0388kHHtL1uPMuDODAcZn5c0O
uBSeTC+azYM7GaspdyGI4F7/GDybldfMc4WTbJ7Hpi9JJGTkU5Fm4NbqZUmlGW4y
WUUDv4/0XTqRYdqHMX9X2IvCqZbou1IUBHA7WAee1eOsXnoab7okLXglw8cLx0sG
/asB2f++RjvoWmL0Irx74B+HieYm2DwCKHp+oqmEHTIVUSK1YMEFRQ0OeJw=
-----END CERTIFICATE-----