Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/894f5841-d37d-4595-b79e-b8108bb28136.roa
File:                     894f5841-d37d-4595-b79e-b8108bb28136.roa (raw, json)
Hash identifier:          NlnJX4J27sLaUn80GT2TygDSPiZjgww9LTqKdYRasvE=
Subject key identifier:   6D:9B:F5:0F:1E:ED:8B:A1:50:45:FA:B9:E8:3C:A6:42:46:1E:1C:EC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01903B24B0643B072A714247414060F7548ECB60
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/894f5841-d37d-4595-b79e-b8108bb28136.roa
Signing time:             Tue 12 Aug 2025 00:41:14 +0000
ROA not before:           Tue 12 Aug 2025 00:41:14 +0000
ROA not after:            Tue 16 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        64.187.128.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3b:24:b0:64:3b:07:2a:71:42:47:41:40:60:f7:54:8e:cb:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 12 00:41:14 2025 GMT
            Not After : Sep 16 23:59:59 2025 GMT
        Subject: serialNumber=4c3b455b0441690b337e875b7bd653ee9526a10612c1542a1faef57ca439f2af, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:57:72:c1:ea:d4:ff:87:f4:32:b9:6b:df:db:
                    85:2f:3b:30:ba:5c:7c:fd:7c:8f:b6:7d:fd:77:a2:
                    ab:33:e8:71:4b:cf:f4:96:95:fe:79:d7:66:fe:d0:
                    bc:59:da:67:c8:bd:8e:db:73:1f:c2:3a:32:bd:85:
                    91:c6:40:26:99:8c:c4:9a:1e:32:e8:20:94:55:c3:
                    d9:42:f3:de:39:63:56:c3:b0:3b:32:ae:51:ed:95:
                    f5:e3:93:0e:9a:a5:2c:57:93:7d:ab:d1:77:ad:23:
                    3e:54:d5:f2:38:17:ed:6a:ed:d9:84:bd:03:21:84:
                    17:65:0c:e0:f9:56:5e:72:cc:84:db:27:d6:2c:c5:
                    fe:91:7d:71:de:5d:da:e5:ef:84:b6:ac:76:ad:c6:
                    6a:b5:10:ae:87:b8:72:d5:78:61:d4:9f:65:86:40:
                    17:92:c8:e6:6c:a8:60:75:28:83:7a:46:47:68:fb:
                    b3:89:e2:7a:ea:9b:50:27:78:0e:f3:a4:dd:35:b4:
                    ea:58:96:cb:a3:32:33:61:ae:25:a9:50:ef:4c:2f:
                    49:98:8e:55:ce:d2:b6:79:63:27:51:bc:03:11:8e:
                    a2:9e:19:2a:31:4a:5c:29:66:2a:6b:81:0b:fd:94:
                    0d:ed:5a:5d:f4:11:20:0e:32:8b:da:6e:30:99:28:
                    2a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:9B:F5:0F:1E:ED:8B:A1:50:45:FA:B9:E8:3C:A6:42:46:1E:1C:EC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/894f5841-d37d-4595-b79e-b8108bb28136.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.187.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         93:4b:47:8d:80:17:d5:5e:cb:cf:fa:73:a5:ac:73:98:5d:7e:
         b9:92:77:8c:af:92:3b:ec:81:04:3d:84:d8:82:1a:82:25:ba:
         7a:ce:1c:4d:c3:80:fe:7c:51:a8:b2:fe:ec:56:1e:e1:c6:74:
         2a:5d:49:93:15:11:15:c8:05:1c:68:ab:cc:23:5d:b7:ee:8b:
         6f:68:eb:90:39:10:ab:b8:2e:aa:96:4c:08:8d:05:1d:bf:17:
         42:d8:04:a5:a3:10:66:b9:10:f3:db:d9:b7:dd:cb:bf:cf:b1:
         c5:b7:ab:56:f5:12:2f:67:60:1c:f8:32:41:c2:ae:c0:b7:7d:
         64:19:3a:64:d7:6e:25:55:86:9f:6c:3d:8d:7e:ec:32:3d:24:
         94:d6:d4:82:93:8a:b3:74:b0:59:c3:bc:ce:7c:49:2c:41:42:
         19:a6:0b:e1:25:01:f2:b6:6c:63:04:aa:7b:f9:c6:ec:61:6c:
         fe:bc:da:a5:6a:13:33:41:ff:02:8d:6e:d0:47:7e:f6:40:1c:
         1b:20:8d:eb:82:de:8e:dc:1d:1b:11:10:d3:04:e7:e8:fc:94:
         89:10:43:76:98:da:b6:5e:bc:13:45:c1:37:fd:ef:19:61:ee:
         7f:bc:21:43:9c:75:72:4b:39:d4:a6:a6:37:ba:b0:2c:32:14:
         96:00:4f:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAZA7JLBkOwcqcUJHQUBg91SOy2AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODEyMDA0MTE0WhcNMjUwOTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YzNiNDU1YjA0NDE2OTBiMzM3ZTg3NWI3YmQ2NTNlZTk1
MjZhMTA2MTJjMTU0MmExZmFlZjU3Y2E0MzlmMmFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoV3LB6tT/h/QyuWvf24UvOzC6XHz9fI+2ff13oqsz6HFL
z/SWlf5512b+0LxZ2mfIvY7bcx/COjK9hZHGQCaZjMSaHjLoIJRVw9lC8945Y1bD
sDsyrlHtlfXjkw6apSxXk32r0XetIz5U1fI4F+1q7dmEvQMhhBdlDOD5Vl5yzITb
J9Ysxf6RfXHeXdrl74S2rHatxmq1EK6HuHLVeGHUn2WGQBeSyOZsqGB1KIN6Rkdo
+7OJ4nrqm1AneA7zpN01tOpYlsujMjNhriWpUO9ML0mYjlXO0rZ5YydRvAMRjqKe
GSoxSlwpZiprgQv9lA3tWl30ESAOMovabjCZKCqrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbZv1Dx7ti6FQRfq56DymQkYeHOwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5NGY1ODQxLWQzN2QtNDU5NS1iNzllLWI4MTA4YmIyODEzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARAu4AwDQYJKoZIhvcNAQELBQADggEBAJNLR42AF9Vey8/6c6Wsc5hdfrmS
d4yvkjvsgQQ9hNiCGoIlunrOHE3DgP58Uaiy/uxWHuHGdCpdSZMVERXIBRxoq8wj
Xbfui29o65A5EKu4LqqWTAiNBR2/F0LYBKWjEGa5EPPb2bfdy7/PscW3q1b1Ei9n
YBz4MkHCrsC3fWQZOmTXbiVVhp9sPY1+7DI9JJTW1IKTirN0sFnDvM58SSxBQhmm
C+ElAfK2bGMEqnv5xuxhbP682qVqEzNB/wKNbtBHfvZAHBsgjeuC3o7cHRsRENME
5+j8lIkQQ3aY2rZevBNFwTf97xlh7n+8IUOcdXJLOdSmpje6sCwyFJYAT1k=
-----END CERTIFICATE-----