Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b882886f-d8f9-4f8d-9e55-da68a8d482ed.roa
File:                     b882886f-d8f9-4f8d-9e55-da68a8d482ed.roa (raw, json)
Hash identifier:          qhDE0+jtfd3ay580PNQ+IlVBSnzQjAubUVGpQminaDc=
Subject key identifier:   63:66:49:7C:41:73:E5:87:DB:F1:66:A8:96:5C:60:88:E7:2D:06:82
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       39855BC1C97CFDB8E05697E628E59BC76912D24F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b882886f-d8f9-4f8d-9e55-da68a8d482ed.roa
Signing time:             Mon 11 Aug 2025 15:21:05 +0000
ROA not before:           Mon 11 Aug 2025 15:21:05 +0000
ROA not after:            Mon 15 Sep 2025 23:59:59 +0000
asID:                     21664
IP address blocks:        168.185.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 25 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:85:5b:c1:c9:7c:fd:b8:e0:56:97:e6:28:e5:9b:c7:69:12:d2:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 11 15:21:05 2025 GMT
            Not After : Sep 15 23:59:59 2025 GMT
        Subject: serialNumber=dcbad60c4948b40cd3af83d66f2684d488532affd29fd256ef0517c729027c29, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:73:82:43:bb:56:da:8a:bf:ba:c7:e4:c4:01:
                    d2:dc:4d:77:fa:ce:4a:0c:3e:cb:55:71:4b:43:82:
                    86:a2:a7:61:84:43:a1:35:93:cc:ff:93:56:68:f2:
                    73:af:a1:4b:18:50:24:ae:cf:c0:97:df:77:5b:86:
                    0a:8f:74:5f:2c:9d:2b:ba:63:fd:9c:e1:83:9d:6f:
                    a6:83:18:58:74:56:3d:7c:1e:79:6a:d5:01:13:1e:
                    84:9b:fb:01:00:f8:ec:c1:d8:fa:7b:74:31:94:f4:
                    ce:4f:c5:b7:f7:85:d6:a4:07:d7:55:0f:36:34:cc:
                    49:9c:24:89:ed:7a:f4:10:8b:5c:15:48:e5:88:3e:
                    99:d8:8a:69:3c:1f:c1:b5:fa:28:1d:d2:cf:f4:c3:
                    8d:03:87:20:25:83:24:65:7b:88:51:a9:9f:bf:1b:
                    9a:2d:03:04:8c:e2:16:db:86:3e:c1:b9:59:7b:e2:
                    26:2a:df:bd:0f:09:46:aa:d1:bc:eb:5d:79:1d:c0:
                    fd:68:9b:c8:bf:ed:fa:b1:ee:07:a7:69:31:c0:68:
                    84:82:c1:69:9b:00:79:d6:31:97:7c:4e:59:ff:39:
                    8f:cb:1b:9d:76:c0:5b:42:92:25:46:93:c5:9a:8f:
                    a1:66:1b:bf:f4:3b:a4:3e:74:3f:49:43:6d:fe:3a:
                    0e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:66:49:7C:41:73:E5:87:DB:F1:66:A8:96:5C:60:88:E7:2D:06:82
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b882886f-d8f9-4f8d-9e55-da68a8d482ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.185.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:5d:19:d1:9a:5f:19:cb:d3:8c:3d:23:1e:b4:fe:96:2d:c8:
         61:4c:d9:43:c9:b9:ce:bb:e8:25:d2:77:4d:ac:3e:53:56:be:
         9d:31:40:26:b1:d0:9b:9a:df:4f:36:19:ca:8a:ab:ca:0e:90:
         b7:84:25:0a:cc:bd:07:6d:83:73:f0:1a:2c:35:86:32:57:f2:
         91:1d:7b:ae:27:7f:46:ad:ed:47:8a:5d:8e:0b:9f:a4:c9:51:
         35:60:04:be:10:85:35:87:94:0e:02:7b:0d:e3:8f:05:fa:8c:
         c7:41:30:d4:09:22:e3:e7:34:b8:7f:1b:32:6e:a9:93:d0:0c:
         0b:4a:05:1d:93:de:70:a9:13:a9:39:54:45:f9:4e:ac:75:3b:
         c0:cd:bf:3e:8a:f1:72:b8:f4:12:ec:19:86:b5:36:9d:e5:a4:
         44:53:d5:f0:d1:63:76:2f:2e:57:0f:7e:ce:d4:1e:f4:da:84:
         91:a8:58:59:5f:47:d9:66:fb:e2:d9:71:29:6f:92:1a:dc:85:
         37:b3:68:1d:d3:fd:36:e2:13:e2:e2:77:7d:3c:4c:02:ef:b3:
         0a:1f:c8:a2:91:b5:56:5b:25:1a:00:7f:29:14:a4:b1:b9:d3:
         85:25:c3:7f:e8:28:66:bb:99:a4:b7:2f:8e:be:0b:96:40:b4:
         a2:fe:fa:30
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOYVbwcl8/bjgVpfmKOWbx2kS0k8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODExMTUyMTA1WhcNMjUwOTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkY2JhZDYwYzQ5NDhiNDBjZDNhZjgzZDY2ZjI2ODRkNDg4
NTMyYWZmZDI5ZmQyNTZlZjA1MTdjNzI5MDI3YzI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBc4JDu1bair+6x+TEAdLcTXf6zkoMPstVcUtDgoaip2GE
Q6E1k8z/k1Zo8nOvoUsYUCSuz8CX33dbhgqPdF8snSu6Y/2c4YOdb6aDGFh0Vj18
Hnlq1QETHoSb+wEA+OzB2Pp7dDGU9M5Pxbf3hdakB9dVDzY0zEmcJIntevQQi1wV
SOWIPpnYimk8H8G1+igd0s/0w40DhyAlgyRle4hRqZ+/G5otAwSM4hbbhj7BuVl7
4iYq370PCUaq0bzrXXkdwP1om8i/7fqx7genaTHAaISCwWmbAHnWMZd8Tln/OY/L
G512wFtCkiVGk8Waj6FmG7/0O6Q+dD9JQ23+Og5LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY2ZJfEFz5Yfb8WaollxgiOctBoIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I4ODI4ODZmLWQ4ZjktNGY4ZC05ZTU1LWRhNjhhOGQ0ODJlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKouQQwDQYJKoZIhvcNAQELBQADggEBABxdGdGaXxnL04w9Ix60/pYtyGFM
2UPJuc676CXSd02sPlNWvp0xQCax0Jua3082GcqKq8oOkLeEJQrMvQdtg3PwGiw1
hjJX8pEde64nf0at7UeKXY4Ln6TJUTVgBL4QhTWHlA4Cew3jjwX6jMdBMNQJIuPn
NLh/GzJuqZPQDAtKBR2T3nCpE6k5VEX5Tqx1O8DNvz6K8XK49BLsGYa1Np3lpERT
1fDRY3YvLlcPfs7UHvTahJGoWFlfR9lm++LZcSlvkhrchTezaB3T/TbiE+Lid308
TALvswofyKKRtVZbJRoAfykUpLG504Ulw3/oKGa7maS3L46+C5ZAtKL++jA=
-----END CERTIFICATE-----