Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28d33436-53d2-4ebd-bddc-4f8b317802ba.roa
File:                     28d33436-53d2-4ebd-bddc-4f8b317802ba.roa (raw, json)
Hash identifier:          JTZ5GC44+aUE/ok1O4QPfLqOsbUd/UdbzFpvj84/urs=
Subject key identifier:   A6:57:C0:5A:38:58:CF:F0:17:00:8F:7C:4F:EC:D5:BC:DC:BF:CE:3C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5D92E22907CDDEDD493767DE674DB63EFCA1FF15
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28d33436-53d2-4ebd-bddc-4f8b317802ba.roa
Signing time:             Wed 20 Aug 2025 00:10:17 +0000
ROA not before:           Wed 20 Aug 2025 00:10:17 +0000
ROA not after:            Wed 24 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.22.0.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:92:e2:29:07:cd:de:dd:49:37:67:de:67:4d:b6:3e:fc:a1:ff:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 20 00:10:17 2025 GMT
            Not After : Sep 24 23:59:59 2025 GMT
        Subject: serialNumber=dde227c82b5384e8e43ccdcc0b2cd871b4236b6157435de8accf98733335d54a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:95:76:66:9c:a3:57:d4:ec:c7:49:27:61:c6:
                    3f:27:dd:43:26:ff:a9:42:f9:c1:ac:59:99:bb:bd:
                    e0:68:af:aa:56:7d:ea:5e:25:7d:f1:2c:1f:d2:55:
                    85:16:d2:a4:80:40:a2:30:86:44:a6:20:b6:cd:de:
                    41:92:96:5c:5e:8f:8b:f9:69:d9:fa:3a:3e:ba:75:
                    2f:c3:e4:f3:49:e3:bb:73:5b:dd:66:66:34:88:cd:
                    dc:de:46:48:66:38:03:29:ea:42:70:89:e3:6f:97:
                    cb:2d:71:5a:ac:92:89:c8:56:58:f1:e9:6e:6a:a7:
                    9b:2a:c8:18:64:4d:1e:51:61:21:2f:0c:9c:37:b6:
                    5f:83:2c:22:81:1d:d3:1e:58:05:4a:f2:ec:8b:60:
                    34:6d:04:93:ba:16:dc:a7:51:1b:2a:ab:a9:4b:3f:
                    86:73:a9:44:51:45:ce:07:84:b9:97:9d:18:4b:75:
                    3b:31:d5:41:15:0f:fe:96:2f:f3:08:7c:d6:c0:e8:
                    b3:12:af:05:8e:58:74:02:62:74:3a:48:57:e5:60:
                    14:71:a5:2a:09:87:de:0a:72:4e:be:74:a2:34:e2:
                    85:0d:5a:0d:a3:d8:4f:8b:8c:f8:95:cb:8b:c8:13:
                    71:75:ca:a6:7e:e1:fa:3d:4b:6d:a5:56:17:a6:5b:
                    45:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:57:C0:5A:38:58:CF:F0:17:00:8F:7C:4F:EC:D5:BC:DC:BF:CE:3C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28d33436-53d2-4ebd-bddc-4f8b317802ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.22.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         40:17:00:1f:91:27:70:a9:5f:e9:65:5e:a3:64:c9:48:0a:55:
         7c:d7:0a:87:95:2c:9b:31:d4:3c:00:f2:d6:7e:7e:27:82:6c:
         18:2c:74:a0:0a:66:74:96:b5:41:03:f6:1c:01:95:7c:2d:77:
         83:a5:85:14:7e:92:01:aa:aa:12:78:4b:9a:a5:b1:21:5a:07:
         69:6c:d8:de:5b:b3:0e:3d:9d:e3:6a:20:ed:49:a1:88:20:0b:
         bd:3f:f4:7e:a0:e6:e0:63:3e:d8:01:5b:1d:00:8c:a0:b8:06:
         44:c4:66:e6:36:bb:d7:ad:f1:ff:85:ae:a4:a4:c2:4d:e3:65:
         bf:3c:1a:84:2d:30:80:0c:c8:48:55:3a:79:3d:35:6d:b6:4c:
         52:f5:72:d7:b4:ac:d7:12:61:b7:fb:00:4a:46:30:f0:fc:41:
         1e:b8:84:c4:35:1e:0d:18:14:d8:5b:61:06:8f:1b:d0:fd:7b:
         0a:28:87:5a:0a:4a:06:0c:ad:8f:a6:fd:46:b5:2b:71:58:e0:
         88:f0:8d:36:0b:62:b2:73:b6:33:29:06:40:89:8b:4a:85:d1:
         4a:d0:8d:be:38:9a:fe:1a:ea:7d:53:1e:b5:94:40:a4:b4:32:
         ea:03:09:35:ab:32:27:14:92:f0:42:8d:65:8b:fa:5b:51:2a:
         60:af:fb:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXZLiKQfN3t1JN2feZ022Pvyh/xUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODIwMDAxMDE3WhcNMjUwOTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZGUyMjdjODJiNTM4NGU4ZTQzY2NkY2MwYjJjZDg3MWI0
MjM2YjYxNTc0MzVkZThhY2NmOTg3MzMzMzVkNTRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9lXZmnKNX1OzHSSdhxj8n3UMm/6lC+cGsWZm7veBor6pW
fepeJX3xLB/SVYUW0qSAQKIwhkSmILbN3kGSllxej4v5adn6Oj66dS/D5PNJ47tz
W91mZjSIzdzeRkhmOAMp6kJwieNvl8stcVqskonIVljx6W5qp5sqyBhkTR5RYSEv
DJw3tl+DLCKBHdMeWAVK8uyLYDRtBJO6FtynURsqq6lLP4ZzqURRRc4HhLmXnRhL
dTsx1UEVD/6WL/MIfNbA6LMSrwWOWHQCYnQ6SFflYBRxpSoJh94Kck6+dKI04oUN
Wg2j2E+LjPiVy4vIE3F1yqZ+4fo9S22lVhemW0U/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUplfAWjhYz/AXAI98T+zVvNy/zjwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI4ZDMzNDM2LTUzZDItNGViZC1iZGRjLTRmOGIzMTc4MDJiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdFFgAwDQYJKoZIhvcNAQELBQADggEBAEAXAB+RJ3CpX+llXqNkyUgKVXzX
CoeVLJsx1DwA8tZ+fieCbBgsdKAKZnSWtUED9hwBlXwtd4OlhRR+kgGqqhJ4S5ql
sSFaB2ls2N5bsw49neNqIO1JoYggC70/9H6g5uBjPtgBWx0AjKC4BkTEZuY2u9et
8f+FrqSkwk3jZb88GoQtMIAMyEhVOnk9NW22TFL1cte0rNcSYbf7AEpGMPD8QR64
hMQ1Hg0YFNhbYQaPG9D9ewooh1oKSgYMrY+m/Ua1K3FY4IjwjTYLYrJztjMpBkCJ
i0qF0UrQjb44mv4a6n1THrWUQKS0MuoDCTWrMicUkvBCjWWL+ltRKmCv+68=
-----END CERTIFICATE-----