Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa
File:                     593de0b1-b07b-4d5a-8e80-eec3224dc436.roa (raw, json)
Hash identifier:          uH2ho1BpASdJQyOnOxFO7BKNdz8byGn4jvu6jqOTuIE=
Subject key identifier:   4E:A2:1A:53:54:2F:17:6E:19:46:98:F3:D2:AE:EE:A5:22:98:42:C4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1731CEBC027E7A3E1F9EF2FB3C2E7A1616FAE32B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa
Signing time:             Fri 08 May 2026 00:30:44 +0000
ROA not before:           Fri 08 May 2026 00:30:44 +0000
ROA not after:            Thu 06 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 14 May 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:31:ce:bc:02:7e:7a:3e:1f:9e:f2:fb:3c:2e:7a:16:16:fa:e3:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May  8 00:30:44 2026 GMT
            Not After : Aug  6 23:59:59 2026 GMT
        Subject: serialNumber=bcd574a9371d99fc72dda7ff199fc1ebb9a593b534120719fdd50261c45d4684, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6c:1b:a7:e3:e0:6d:bb:c6:3e:7b:a4:76:72:
                    1e:db:f5:9f:60:90:52:e6:48:02:ed:c3:5f:df:40:
                    16:40:d4:dd:16:0b:17:ff:13:d6:ed:17:83:c9:ee:
                    4d:6b:87:66:55:73:3b:4e:cf:bc:01:a8:32:55:3e:
                    5b:0e:c8:0c:e8:d4:ae:8d:69:25:73:3a:62:de:ec:
                    8a:8a:ef:9c:ad:08:ae:fc:a3:79:d0:da:11:8d:b5:
                    30:e4:2b:59:d5:09:dd:a9:4d:6e:f0:af:50:db:26:
                    0b:ec:b7:e3:44:e5:01:17:68:3d:7b:34:f7:92:a4:
                    60:57:36:a1:cd:48:fd:8b:8f:93:c0:9b:fb:14:de:
                    a1:62:0b:13:23:5d:46:c9:d0:89:07:43:c8:5f:5e:
                    0d:c2:87:f9:09:96:55:0d:4a:16:86:ce:30:da:36:
                    d6:02:52:ab:f3:33:a9:37:a9:8a:28:f3:c5:83:52:
                    2a:6b:73:f2:a3:b7:fd:9d:f3:d8:d7:43:7d:f9:f8:
                    bc:52:5c:94:71:06:d7:00:2d:ff:a1:4a:78:43:f1:
                    15:0c:fb:53:83:f0:07:d8:33:e8:8a:a1:5c:fe:a1:
                    db:35:05:63:7f:d8:cb:37:1e:6e:b4:34:0a:36:fa:
                    d1:f1:ff:55:3d:c2:0c:61:b7:f7:45:3e:83:03:76:
                    ac:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:A2:1A:53:54:2F:17:6E:19:46:98:F3:D2:AE:EE:A5:22:98:42:C4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:f8:b7:de:ca:ce:17:4f:05:6f:85:d0:e0:20:c3:ad:69:71:
         f1:a5:49:7d:4e:78:f4:1a:e3:da:77:5f:25:89:c3:97:e9:b2:
         9f:e1:e8:fc:83:f7:9c:a4:d1:ca:f4:60:f8:dd:75:9d:a8:9a:
         7d:f0:40:67:36:41:b6:5b:09:c6:88:09:e4:56:c3:0a:2b:2c:
         24:4e:34:e1:4e:22:4f:8f:93:78:45:94:2c:9b:4a:88:64:60:
         a0:cc:24:90:94:e8:bd:7e:e1:07:c8:c6:10:a6:03:27:d3:16:
         72:85:a1:78:49:c0:ad:d2:20:31:16:83:cd:30:98:07:70:b2:
         b1:13:53:fd:fc:f4:e6:a2:72:ad:2a:d6:ab:20:41:e8:5c:6f:
         83:74:f2:10:93:5d:f1:eb:ff:fe:41:5a:96:5d:ec:fc:30:43:
         21:6e:c7:a5:2a:f4:b1:2d:4f:dd:c9:cb:72:a2:17:9f:05:83:
         37:85:ff:45:0c:65:0d:61:22:27:e2:37:ff:96:ac:62:3a:66:
         97:51:63:84:a6:4b:b4:24:27:bb:86:64:22:43:86:1b:fc:86:
         cd:46:87:dc:0d:15:52:06:4a:d2:75:8b:27:f6:03:67:82:1f:
         61:a7:f5:6b:80:5a:d2:5a:b2:e2:d0:6f:dc:9d:7d:27:19:7f:
         a6:cc:cc:21
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFzHOvAJ+ej4fnvL7PC56Fhb64yswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwNTA4MDAzMDQ0WhcNMjYwODA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiY2Q1NzRhOTM3MWQ5OWZjNzJkZGE3ZmYxOTlmYzFlYmI5
YTU5M2I1MzQxMjA3MTlmZGQ1MDI2MWM0NWQ0Njg0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDabBun4+Btu8Y+e6R2ch7b9Z9gkFLmSALtw1/fQBZA1N0W
Cxf/E9btF4PJ7k1rh2ZVcztOz7wBqDJVPlsOyAzo1K6NaSVzOmLe7IqK75ytCK78
o3nQ2hGNtTDkK1nVCd2pTW7wr1DbJgvst+NE5QEXaD17NPeSpGBXNqHNSP2Lj5PA
m/sU3qFiCxMjXUbJ0IkHQ8hfXg3Ch/kJllUNShaGzjDaNtYCUqvzM6k3qYoo88WD
Uiprc/Kjt/2d89jXQ335+LxSXJRxBtcALf+hSnhD8RUM+1OD8AfYM+iKoVz+ods1
BWN/2Ms3Hm60NAo2+tHx/1U9wgxht/dFPoMDdqyJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTqIaU1QvF24ZRpjz0q7upSKYQsQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5M2RlMGIxLWIwN2ItNGQ1YS04ZTgwLWVlYzMyMjRkYzQzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAByOIAwDQYJKoZIhvcNAQELBQADggEBAFz4t97KzhdPBW+F0OAgw61pcfGl
SX1OePQa49p3XyWJw5fpsp/h6PyD95yk0cr0YPjddZ2omn3wQGc2QbZbCcaICeRW
wworLCRONOFOIk+Pk3hFlCybSohkYKDMJJCU6L1+4QfIxhCmAyfTFnKFoXhJwK3S
IDEWg80wmAdwsrETU/389Oaicq0q1qsgQehcb4N08hCTXfHr//5BWpZd7PwwQyFu
x6Uq9LEtT93Jy3KiF58FgzeF/0UMZQ1hIifiN/+WrGI6ZpdRY4SmS7QkJ7uGZCJD
hhv8hs1Gh9wNFVIGStJ1iyf2A2eCH2Gn9WuAWtJasuLQb9ydfScZf6bMzCE=
-----END CERTIFICATE-----