Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66c32367-8469-414b-b22c-ee4a9a320966.roa
File:                     66c32367-8469-414b-b22c-ee4a9a320966.roa (raw, json)
Hash identifier:          revfhSk7rgoWfPjEF2CBz5KloCboUPIbNAZ6as6iJ+k=
Subject key identifier:   33:27:86:11:26:6E:DD:F2:A0:9F:24:EE:29:1E:93:17:D2:80:92:3B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       523710E8D8FB77FFECE258CFDBA2D05A6FECD962
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66c32367-8469-414b-b22c-ee4a9a320966.roa
Signing time:             Tue 17 Jun 2025 00:10:25 +0000
ROA not before:           Tue 17 Jun 2025 00:10:25 +0000
ROA not after:            Tue 22 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        167.65.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:37:10:e8:d8:fb:77:ff:ec:e2:58:cf:db:a2:d0:5a:6f:ec:d9:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 17 00:10:25 2025 GMT
            Not After : Jul 22 23:59:59 2025 GMT
        Subject: serialNumber=9e981494791a1ebe3c32c92b2bfd09fcdb503b37de71a9fd0af17b76d35e9692, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:7e:02:da:6d:35:51:bc:25:47:db:93:01:fa:
                    4a:e9:05:c8:95:e9:74:33:20:db:be:1b:6a:01:16:
                    ea:fa:ca:63:70:c3:c0:94:f8:1c:04:bb:3b:e3:e8:
                    39:03:b8:b9:cb:d0:90:93:fa:91:4c:4a:45:0f:87:
                    2c:43:c4:74:98:f4:2c:80:b5:9a:0a:cf:0e:ef:e8:
                    21:5f:ee:62:62:31:c8:6c:38:86:22:ef:25:fd:ab:
                    72:83:5a:dc:85:40:62:44:bc:bb:4c:01:2c:6e:b4:
                    2b:83:c8:24:02:1c:d4:05:d4:a3:2a:a5:4c:a5:1f:
                    6d:d7:54:de:32:82:65:fa:e3:1d:11:6f:26:c7:d0:
                    36:3e:da:47:37:fd:15:04:de:4b:57:97:ac:54:6c:
                    b1:d3:91:f2:62:ff:c2:9f:9e:f3:aa:37:29:bc:f5:
                    4d:b6:dc:19:19:d9:98:24:6a:24:20:45:1c:7d:58:
                    72:02:74:c2:79:c2:4f:da:c1:90:f1:d0:c2:c4:0f:
                    6d:a1:95:ff:c3:a1:32:36:ca:a9:0a:70:89:b4:7b:
                    2d:f7:e9:45:67:33:61:cc:66:7d:47:f0:db:19:26:
                    f4:62:8c:97:f3:1e:8d:68:4f:33:4f:a2:ef:1d:c2:
                    3a:65:c6:39:66:ba:70:2f:35:58:bb:e3:b2:ce:d6:
                    03:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:27:86:11:26:6E:DD:F2:A0:9F:24:EE:29:1E:93:17:D2:80:92:3B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66c32367-8469-414b-b22c-ee4a9a320966.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.65.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         27:af:72:73:bd:5a:65:32:16:d0:7f:e4:97:8e:8d:1a:65:71:
         e4:30:ec:26:57:77:3b:a4:f2:88:ab:e1:8a:3b:e9:0e:40:81:
         a3:03:e9:b0:7e:fe:bb:a4:bf:83:73:62:72:4d:e9:c5:02:16:
         2d:74:81:0d:4e:a2:0b:82:c8:b6:ac:cd:fd:07:53:0e:ec:37:
         49:17:d4:56:f5:d9:82:10:74:15:16:ff:18:4d:f7:98:85:52:
         ed:84:87:d6:48:0f:9e:3f:e6:87:b7:09:fd:9d:ac:e8:78:ab:
         bd:cc:9d:80:74:e5:11:58:77:d7:6b:05:90:55:09:a4:54:a6:
         cd:44:70:2c:7d:96:d3:30:19:be:a9:41:66:24:29:9e:14:a2:
         2c:de:e0:d4:0b:79:d5:6d:04:a0:b1:7b:ea:a9:e3:46:a1:0d:
         63:7b:33:3f:c2:0c:76:cc:dd:a5:25:d8:e5:27:57:05:ab:50:
         94:97:be:ac:7c:98:fb:e9:4b:af:74:c0:89:83:97:f9:2e:7c:
         f3:20:87:74:ce:98:57:49:4a:f6:d4:f4:4a:43:23:db:42:71:
         36:00:a7:7f:96:2c:01:87:4f:32:dd:3f:bc:92:0f:dc:21:15:
         02:ec:fa:51:9b:94:bc:b0:50:3d:9d:52:eb:51:6b:75:a4:73:
         fa:c9:47:1d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUjcQ6Nj7d//s4ljP26LQWm/s2WIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE3MDAxMDI1WhcNMjUwNzIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZTk4MTQ5NDc5MWExZWJlM2MzMmM5MmIyYmZkMDlmY2Ri
NTAzYjM3ZGU3MWE5ZmQwYWYxN2I3NmQzNWU5NjkyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCofgLabTVRvCVH25MB+krpBciV6XQzINu+G2oBFur6ymNw
w8CU+BwEuzvj6DkDuLnL0JCT+pFMSkUPhyxDxHSY9CyAtZoKzw7v6CFf7mJiMchs
OIYi7yX9q3KDWtyFQGJEvLtMASxutCuDyCQCHNQF1KMqpUylH23XVN4ygmX64x0R
bybH0DY+2kc3/RUE3ktXl6xUbLHTkfJi/8KfnvOqNym89U223BkZ2ZgkaiQgRRx9
WHICdMJ5wk/awZDx0MLED22hlf/DoTI2yqkKcIm0ey336UVnM2HMZn1H8NsZJvRi
jJfzHo1oTzNPou8dwjplxjlmunAvNVi747LO1gPBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMyeGESZu3fKgnyTuKR6TF9KAkjswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY2YzMyMzY3LTg0NjktNDE0Yi1iMjJjLWVlNGE5YTMyMDk2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCnQTANBgkqhkiG9w0BAQsFAAOCAQEAJ69yc71aZTIW0H/kl46NGmVx5DDs
Jld3O6TyiKvhijvpDkCBowPpsH7+u6S/g3Nick3pxQIWLXSBDU6iC4LItqzN/QdT
Duw3SRfUVvXZghB0FRb/GE33mIVS7YSH1kgPnj/mh7cJ/Z2s6HirvcydgHTlEVh3
12sFkFUJpFSmzURwLH2W0zAZvqlBZiQpnhSiLN7g1At51W0EoLF76qnjRqENY3sz
P8IMdszdpSXY5SdXBatQlJe+rHyY++lLr3TAiYOX+S588yCHdM6YV0lK9tT0SkMj
20JxNgCnf5YsAYdPMt0/vJIP3CEVAuz6UZuUvLBQPZ1S61FrdaRz+slHHQ==
-----END CERTIFICATE-----