Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c57bcef1-b811-4c33-8250-10863c654d10.roa
File:                     c57bcef1-b811-4c33-8250-10863c654d10.roa (raw, json)
Hash identifier:          bpFYW6oSotDA5hvKTbQ7AYmBRVFwt9KmB5yCBkuVGwo=
Subject key identifier:   9B:C4:B8:E7:52:59:39:01:BA:86:33:E3:38:CC:74:1B:F7:65:58:A7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       21C445C80D7E6821C7F0D3F6220EBBA72147A600
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c57bcef1-b811-4c33-8250-10863c654d10.roa
Signing time:             Fri 22 Aug 2025 00:30:21 +0000
ROA not before:           Fri 22 Aug 2025 00:30:21 +0000
ROA not after:            Fri 26 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.33.160.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:c4:45:c8:0d:7e:68:21:c7:f0:d3:f6:22:0e:bb:a7:21:47:a6:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 22 00:30:21 2025 GMT
            Not After : Sep 26 23:59:59 2025 GMT
        Subject: serialNumber=d7d70b7f2399546d7306f5b4f1586fbc46781d802560474ca0d614013d26eaee, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:30:46:22:cd:25:84:c3:a9:1d:e7:73:99:24:
                    8f:3d:78:db:90:59:e9:c7:84:b3:9c:62:74:4f:11:
                    3f:bf:fa:3b:30:54:05:4b:55:62:4c:e4:03:ae:3e:
                    24:57:74:8e:91:57:26:30:99:95:a1:0c:6f:74:52:
                    9f:0b:f6:ea:65:91:81:2b:ca:85:dd:a4:bf:da:b2:
                    dd:0f:fb:98:d9:8b:0e:05:c0:17:02:bd:a4:74:a1:
                    d6:21:fa:e2:16:58:d3:7f:69:66:64:46:bc:3f:bc:
                    15:88:62:6f:5d:b6:85:a8:b5:3c:f8:35:bb:e9:e0:
                    03:ee:f7:46:c2:a6:3a:2e:79:bc:38:81:a2:f3:e8:
                    b6:17:22:54:78:a5:cc:ff:cb:90:69:65:5f:fa:c0:
                    39:f3:a5:0a:15:cb:06:f9:39:b4:dd:ea:b2:5a:56:
                    13:54:3a:97:9d:bc:f8:6e:fa:d8:c4:5d:95:1d:d9:
                    d8:ee:8c:16:61:f7:ff:22:0e:bd:fa:37:38:22:69:
                    bc:81:38:ee:c9:61:cf:0a:90:03:b8:d4:29:61:8c:
                    25:89:76:3b:b3:e7:ab:13:cb:37:b7:2f:98:bd:61:
                    7a:dc:3f:99:f9:51:4d:dd:e9:7b:09:30:58:a2:4f:
                    e5:04:3e:0f:1d:c9:87:69:f0:b5:b6:35:16:51:e6:
                    29:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:C4:B8:E7:52:59:39:01:BA:86:33:E3:38:CC:74:1B:F7:65:58:A7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c57bcef1-b811-4c33-8250-10863c654d10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.33.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a8:9a:f1:f1:4f:5b:fd:c3:3e:2f:1e:c2:77:f7:a5:fc:f7:37:
         fe:24:04:b5:92:a0:9f:96:78:7f:3f:d6:7d:4a:ee:15:fa:fd:
         59:b2:47:0a:37:1f:9b:c9:fa:30:98:69:dc:c9:0c:25:8c:ac:
         72:bb:4c:f4:99:5e:a5:9c:f9:61:72:63:fa:16:92:78:c7:ed:
         2e:b8:a1:1f:27:6a:3b:27:fd:0a:1a:7a:d1:b0:a0:04:65:18:
         0e:48:0b:95:66:33:88:20:cd:92:14:3e:cf:6b:bd:29:c5:42:
         1d:d0:c5:43:dd:dc:01:60:0d:00:7a:97:70:cc:e4:45:9f:9f:
         ed:7f:41:89:5f:5f:2b:6c:17:29:91:59:be:dd:8c:fe:34:43:
         5e:54:b4:c9:d2:1f:31:2a:e9:e7:05:b7:88:da:39:f0:b0:b9:
         b8:99:35:77:44:65:f3:d6:17:e2:58:2f:35:d6:45:a8:82:fb:
         dc:60:d1:89:77:4e:77:75:ec:9a:c9:19:4a:ae:dd:98:f3:67:
         86:22:cc:59:e8:d1:34:07:9f:92:50:cb:a2:f1:42:15:91:db:
         9a:df:1b:75:6c:ba:d2:db:30:6d:63:a5:88:2c:80:fe:cb:7b:
         69:f6:f1:63:59:34:81:a7:ff:d2:60:6e:cf:60:e8:0d:eb:6b:
         05:d8:c2:86
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIcRFyA1+aCHH8NP2Ig67pyFHpgAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODIyMDAzMDIxWhcNMjUwOTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkN2Q3MGI3ZjIzOTk1NDZkNzMwNmY1YjRmMTU4NmZiYzQ2
NzgxZDgwMjU2MDQ3NGNhMGQ2MTQwMTNkMjZlYWVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfMEYizSWEw6kd53OZJI89eNuQWenHhLOcYnRPET+/+jsw
VAVLVWJM5AOuPiRXdI6RVyYwmZWhDG90Up8L9uplkYEryoXdpL/ast0P+5jZiw4F
wBcCvaR0odYh+uIWWNN/aWZkRrw/vBWIYm9dtoWotTz4Nbvp4APu90bCpjouebw4
gaLz6LYXIlR4pcz/y5BpZV/6wDnzpQoVywb5ObTd6rJaVhNUOpedvPhu+tjEXZUd
2djujBZh9/8iDr36NzgiabyBOO7JYc8KkAO41ClhjCWJdjuz56sTyze3L5i9YXrc
P5n5UU3d6XsJMFiiT+UEPg8dyYdp8LW2NRZR5inRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUm8S451JZOQG6hjPjOMx0G/dlWKcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M1N2JjZWYxLWI4MTEtNGMzMy04MjUwLTEwODYzYzY1NGQxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATMIaAwDQYJKoZIhvcNAQELBQADggEBAKia8fFPW/3DPi8ewnf3pfz3N/4k
BLWSoJ+WeH8/1n1K7hX6/VmyRwo3H5vJ+jCYadzJDCWMrHK7TPSZXqWc+WFyY/oW
knjH7S64oR8najsn/QoaetGwoARlGA5IC5VmM4ggzZIUPs9rvSnFQh3QxUPd3AFg
DQB6l3DM5EWfn+1/QYlfXytsFymRWb7djP40Q15UtMnSHzEq6ecFt4jaOfCwubiZ
NXdEZfPWF+JYLzXWRaiC+9xg0Yl3Tnd17JrJGUqu3ZjzZ4YizFno0TQHn5JQy6Lx
QhWR25rfG3VsutLbMG1jpYgsgP7Le2n28WNZNIGn/9Jgbs9g6A3rawXYwoY=
-----END CERTIFICATE-----