Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7b7179f-6a8b-4412-abd7-2b97144eb1bb.roa
File:                     a7b7179f-6a8b-4412-abd7-2b97144eb1bb.roa (raw, json)
Hash identifier:          MGGLsU2r77zSOQH3TzzahW/M8W8H0PXVtEGVRpKIMY8=
Subject key identifier:   7F:7B:4D:A4:61:41:C9:29:1A:B9:81:1F:DA:7D:E4:FB:64:05:03:8B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2D08162283B3D37B00AF9F48C92A27A6DBD3BB65
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7b7179f-6a8b-4412-abd7-2b97144eb1bb.roa
Signing time:             Tue 19 Aug 2025 00:41:06 +0000
ROA not before:           Tue 19 Aug 2025 00:41:06 +0000
ROA not after:            Tue 23 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.144.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:08:16:22:83:b3:d3:7b:00:af:9f:48:c9:2a:27:a6:db:d3:bb:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 19 00:41:06 2025 GMT
            Not After : Sep 23 23:59:59 2025 GMT
        Subject: serialNumber=808be4cd9ae62441ba8cca7ac9a45ec0e9288d93a06418b3d0cd4cee2b4026db, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:a1:b3:4d:83:88:9e:61:1b:80:fc:63:71:40:
                    ab:bc:c7:14:fd:81:6a:29:cc:9f:4e:a1:0c:92:3e:
                    90:87:62:a1:ea:a5:20:cd:29:e6:e1:39:34:87:80:
                    f1:6b:13:bd:77:91:69:da:c5:0a:05:3b:99:a7:3e:
                    4c:5a:8d:74:9e:20:93:d9:b7:c7:29:4b:cc:25:26:
                    e6:70:15:e8:56:e9:e0:73:ce:9c:85:cb:96:06:1b:
                    46:19:dd:aa:3c:b2:58:8e:17:5d:97:77:79:7d:ac:
                    de:15:95:92:40:61:a4:2e:9f:8e:1e:6f:9e:56:7f:
                    3e:89:fa:a6:70:2d:95:3d:8e:81:c1:e9:3a:ba:8d:
                    13:c4:cf:71:aa:30:e8:59:31:99:4d:c1:2b:68:c1:
                    3a:82:69:6b:e9:c6:10:8e:88:06:49:8a:fd:e8:37:
                    57:64:26:3b:56:5e:9d:f4:5b:51:e8:b5:f8:2f:57:
                    d6:82:e7:f7:96:c7:03:2e:82:9c:89:62:68:70:f6:
                    e7:c5:09:bd:b8:5a:f9:b7:30:e2:7b:17:60:05:ed:
                    ae:26:7a:81:64:40:d5:a9:d7:a2:c5:52:18:57:95:
                    b3:56:da:60:c9:f7:56:d9:fd:fa:2f:bf:f3:62:eb:
                    4c:17:00:1a:73:34:ef:d9:01:d7:40:21:11:7c:8b:
                    ad:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:7B:4D:A4:61:41:C9:29:1A:B9:81:1F:DA:7D:E4:FB:64:05:03:8B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7b7179f-6a8b-4412-abd7-2b97144eb1bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         d2:ad:43:63:32:37:2a:29:63:12:96:da:c9:de:e5:82:e2:08:
         a9:30:51:2f:21:ab:1f:0d:8b:c0:5a:34:56:25:c6:49:23:c5:
         1d:9e:5a:7d:4f:27:a8:f0:e8:e9:c7:cb:e4:62:10:cf:a4:8a:
         47:2e:e1:d4:48:42:91:6e:80:d8:a5:83:7c:c9:6f:9c:c2:0a:
         9a:02:43:bb:4c:39:3f:90:ec:f6:8b:14:b4:3d:32:43:57:41:
         ab:cc:eb:ad:1a:be:b7:9a:76:46:2e:ce:a3:c6:92:30:3f:17:
         8d:f1:cb:6f:08:cc:fc:e1:1d:29:3d:a8:c6:cd:13:3f:8d:2f:
         2a:1f:e5:91:19:43:45:e7:97:64:89:68:f7:43:2d:8c:ad:98:
         36:4a:bf:cb:80:62:01:b9:64:ef:ff:26:00:05:48:5c:f6:b1:
         2f:14:b4:a3:86:a8:19:64:9e:df:e1:b6:b8:00:62:c3:c7:1b:
         b8:44:45:de:23:35:e0:40:21:8c:bb:53:e1:4d:c7:f1:3c:07:
         02:a8:0e:1e:07:d2:ea:a2:67:ac:33:02:14:b1:39:a5:8f:b6:
         b3:f5:8e:43:d3:12:c7:2d:18:5b:c9:47:f4:a3:17:66:5e:d5:
         67:72:df:b1:a6:c0:a0:77:fc:d8:43:8a:44:64:f2:4b:5e:fe:
         02:96:eb:5e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULQgWIoOz03sAr59IySonptvTu2UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODE5MDA0MTA2WhcNMjUwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDhiZTRjZDlhZTYyNDQxYmE4Y2NhN2FjOWE0NWVjMGU5
Mjg4ZDkzYTA2NDE4YjNkMGNkNGNlZTJiNDAyNmRiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQobNNg4ieYRuA/GNxQKu8xxT9gWopzJ9OoQySPpCHYqHq
pSDNKebhOTSHgPFrE713kWnaxQoFO5mnPkxajXSeIJPZt8cpS8wlJuZwFehW6eBz
zpyFy5YGG0YZ3ao8sliOF12Xd3l9rN4VlZJAYaQun44eb55Wfz6J+qZwLZU9joHB
6Tq6jRPEz3GqMOhZMZlNwStowTqCaWvpxhCOiAZJiv3oN1dkJjtWXp30W1Hotfgv
V9aC5/eWxwMugpyJYmhw9ufFCb24Wvm3MOJ7F2AF7a4meoFkQNWp16LFUhhXlbNW
2mDJ91bZ/fovv/Ni60wXABpzNO/ZAddAIRF8i617AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUf3tNpGFBySkauYEf2n3k+2QFA4swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3YjcxNzlmLTZhOGItNDQxMi1hYmQ3LTJiOTcxNDRlYjFiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl5AwDQYJKoZIhvcNAQELBQADggEBANKtQ2MyNyopYxKW2sne5YLiCKkw
US8hqx8Ni8BaNFYlxkkjxR2eWn1PJ6jw6OnHy+RiEM+kikcu4dRIQpFugNilg3zJ
b5zCCpoCQ7tMOT+Q7PaLFLQ9MkNXQavM660avreadkYuzqPGkjA/F43xy28IzPzh
HSk9qMbNEz+NLyof5ZEZQ0Xnl2SJaPdDLYytmDZKv8uAYgG5ZO//JgAFSFz2sS8U
tKOGqBlknt/htrgAYsPHG7hERd4jNeBAIYy7U+FNx/E8BwKoDh4H0uqiZ6wzAhSx
OaWPtrP1jkPTEsctGFvJR/SjF2Ze1Wdy37GmwKB3/NhDikRk8kte/gKW614=
-----END CERTIFICATE-----