Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0fa348c-ce14-4ba7-824c-5d7e8e1dec52.roa
File:                     c0fa348c-ce14-4ba7-824c-5d7e8e1dec52.roa (raw, json)
Hash identifier:          GqlKVx0WVF6c2JSb9UcIw2o95rPZO4vyq9STuqH9G6U=
Subject key identifier:   78:D1:03:EA:FB:98:F8:B5:99:9C:0E:CC:42:0D:77:91:22:19:21:F3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1C9608EBF3D40B42A4215F5D4FDEBC266D2DADDD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0fa348c-ce14-4ba7-824c-5d7e8e1dec52.roa
Signing time:             Sat 16 Aug 2025 00:20:31 +0000
ROA not before:           Sat 16 Aug 2025 00:20:31 +0000
ROA not after:            Sat 20 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        44.210.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:96:08:eb:f3:d4:0b:42:a4:21:5f:5d:4f:de:bc:26:6d:2d:ad:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 16 00:20:31 2025 GMT
            Not After : Sep 20 23:59:59 2025 GMT
        Subject: serialNumber=c0db7b89a75e81233fb29b20ed4ded586beaae2aece794da75548d2980adf8b9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2f:1d:26:a1:13:ac:e7:8b:08:47:41:ce:cb:
                    f4:c2:58:bf:76:26:5c:ac:db:92:c1:b8:65:c7:9e:
                    d0:31:10:61:93:46:a7:05:9e:6f:d8:4d:ba:d3:da:
                    bf:81:ed:46:1b:3f:d3:d5:ac:ff:8d:a3:88:cd:ba:
                    76:f6:c3:0e:25:68:59:70:93:69:cf:3b:2d:e9:41:
                    83:3b:50:8b:84:ac:fe:b2:37:f6:dd:b5:ad:50:e1:
                    2f:c8:2f:be:3c:e8:e9:3a:0c:32:02:91:fa:89:d1:
                    ff:14:06:ec:83:55:ff:4a:8b:55:62:37:fe:42:02:
                    f8:32:58:9b:13:10:a1:af:21:cd:d2:fe:6a:0a:32:
                    60:4b:17:bd:94:95:1e:d2:57:05:58:c1:af:42:e1:
                    15:80:1d:ce:d0:86:e1:eb:6e:9c:23:e1:62:f2:6b:
                    1d:09:3f:a0:66:21:7e:67:20:e6:2a:5d:94:b9:ec:
                    ee:82:04:c7:c9:39:c6:e0:f4:78:48:0a:1e:7a:05:
                    3c:db:13:b9:bf:c4:a6:86:84:75:f5:91:aa:0f:bd:
                    e4:b5:f0:f8:f9:8c:39:4a:74:cf:3c:11:66:66:0a:
                    7c:b7:80:b1:ab:19:0f:ba:f6:90:93:b9:09:eb:4a:
                    51:96:4a:c8:fc:a0:07:1c:46:51:2a:2d:c0:cc:1b:
                    72:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:D1:03:EA:FB:98:F8:B5:99:9C:0E:CC:42:0D:77:91:22:19:21:F3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0fa348c-ce14-4ba7-824c-5d7e8e1dec52.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.210.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:48:63:85:42:23:33:56:02:c9:40:df:c3:a8:91:8c:3f:38:
         a8:4c:35:b0:3c:e5:03:2e:83:13:ec:11:9a:f2:cc:b9:22:14:
         c2:97:9f:6c:c0:03:82:a2:db:f9:78:98:c3:35:c5:11:1a:23:
         c5:d2:59:c1:86:c1:99:b9:71:c1:90:f4:ff:e4:e8:d2:a6:ca:
         c6:00:6f:b7:fa:2b:5a:7f:72:6a:dd:a1:c4:f4:a7:d2:d6:0a:
         7a:6f:ee:96:0a:71:60:d7:6a:cf:eb:56:98:10:90:6c:8a:61:
         a1:d9:ab:33:66:6b:09:f6:2f:a0:b3:3c:73:56:d3:3c:31:c2:
         4d:0a:cb:73:21:29:bc:f8:5e:46:80:43:2a:75:a8:0f:8d:0c:
         4f:bc:e5:2c:74:a9:30:db:e1:fd:05:90:6c:c9:dc:17:0b:67:
         9b:01:a2:79:eb:21:8f:38:7d:29:3d:6b:18:79:66:9f:51:a3:
         28:59:75:cb:e6:80:e6:3d:17:ef:09:28:d2:ce:fb:74:86:86:
         40:07:a6:d2:92:42:3a:cc:2c:34:b8:ae:b2:bd:f4:a4:d5:3e:
         56:16:66:59:92:a6:9c:9c:02:3e:dd:09:67:3f:ba:78:30:4c:
         ae:d0:26:0c:11:83:23:7f:85:d2:a8:f0:5d:d7:72:4a:04:f6:
         86:26:d8:87
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHJYI6/PUC0KkIV9dT968Jm0trd0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODE2MDAyMDMxWhcNMjUwOTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMGRiN2I4OWE3NWU4MTIzM2ZiMjliMjBlZDRkZWQ1ODZi
ZWFhZTJhZWNlNzk0ZGE3NTU0OGQyOTgwYWRmOGI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHLx0moROs54sIR0HOy/TCWL92Jlys25LBuGXHntAxEGGT
RqcFnm/YTbrT2r+B7UYbP9PVrP+No4jNunb2ww4laFlwk2nPOy3pQYM7UIuErP6y
N/bdta1Q4S/IL7486Ok6DDICkfqJ0f8UBuyDVf9Ki1ViN/5CAvgyWJsTEKGvIc3S
/moKMmBLF72UlR7SVwVYwa9C4RWAHc7QhuHrbpwj4WLyax0JP6BmIX5nIOYqXZS5
7O6CBMfJOcbg9HhICh56BTzbE7m/xKaGhHX1kaoPveS18Pj5jDlKdM88EWZmCny3
gLGrGQ+69pCTuQnrSlGWSsj8oAccRlEqLcDMG3KrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeNED6vuY+LWZnA7MQg13kSIZIfMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MwZmEzNDhjLWNlMTQtNGJhNy04MjRjLTVkN2U4ZTFkZWM1Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAs0skwDQYJKoZIhvcNAQELBQADggEBAKxIY4VCIzNWAslA38OokYw/OKhM
NbA85QMugxPsEZryzLkiFMKXn2zAA4Ki2/l4mMM1xREaI8XSWcGGwZm5ccGQ9P/k
6NKmysYAb7f6K1p/cmrdocT0p9LWCnpv7pYKcWDXas/rVpgQkGyKYaHZqzNmawn2
L6CzPHNW0zwxwk0Ky3MhKbz4XkaAQyp1qA+NDE+85Sx0qTDb4f0FkGzJ3BcLZ5sB
onnrIY84fSk9axh5Zp9RoyhZdcvmgOY9F+8JKNLO+3SGhkAHptKSQjrMLDS4rrK9
9KTVPlYWZlmSppycAj7dCWc/ungwTK7QJgwRgyN/hdKo8F3XckoE9oYm2Ic=
-----END CERTIFICATE-----