Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7cedeac-0833-47ed-853e-0aaeed16cf21.roa
File:                     c7cedeac-0833-47ed-853e-0aaeed16cf21.roa (raw, json)
Hash identifier:          oRjfRaWaZNLqwyOJYoqrw2ai8z1AJ8pfGlNv2+17CJg=
Subject key identifier:   08:EC:6D:E3:B8:65:71:AF:77:FB:E9:C6:6B:21:C9:D3:76:B2:0B:FF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0BD9740182CDF235DD2D1618A5BE40E3CB9A4776
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7cedeac-0833-47ed-853e-0aaeed16cf21.roa
Signing time:             Sat 16 Aug 2025 00:01:11 +0000
ROA not before:           Sat 16 Aug 2025 00:01:11 +0000
ROA not after:            Sat 20 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.128.248.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:d9:74:01:82:cd:f2:35:dd:2d:16:18:a5:be:40:e3:cb:9a:47:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 16 00:01:11 2025 GMT
            Not After : Sep 20 23:59:59 2025 GMT
        Subject: serialNumber=7afd563bb1d94454ac7ef59fa22fb0b6c1b1f6693ad494cfe55b275d5e3434ba, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:db:38:3c:e9:a2:69:8b:23:7a:4d:c8:5c:af:
                    02:98:be:ac:c3:21:f5:f1:18:20:81:90:a3:fd:3a:
                    63:73:71:8d:6e:ad:65:fe:01:9d:25:99:a1:fd:d6:
                    0c:51:00:ee:1c:8a:5b:c1:fe:4a:e5:3a:b6:e6:f7:
                    b5:46:21:c6:73:71:73:54:85:15:1f:e4:58:5e:65:
                    4a:57:f0:5e:8e:11:1a:f0:3d:46:5f:5d:b4:2e:bb:
                    54:b8:46:d8:6e:02:25:6b:6d:74:e1:ba:2f:2d:86:
                    94:98:71:52:0e:72:5b:a0:6a:78:bb:a7:e6:51:ac:
                    bf:8e:1e:6a:7e:f9:83:ed:c9:5f:ab:97:41:01:b3:
                    42:2c:a4:74:82:bf:f8:f9:ab:03:de:52:d3:c4:b7:
                    77:9e:3a:cb:20:47:ff:6d:1b:3e:bc:f3:81:d7:73:
                    d7:e2:ba:64:2e:68:fa:97:c9:1d:a4:2c:db:0e:ea:
                    06:bc:69:62:5b:a9:2a:ca:a0:84:de:5e:04:fb:5f:
                    1a:78:d6:0f:ec:f6:de:8c:4b:57:db:1b:fe:e8:79:
                    5e:d8:69:04:98:fc:bf:00:9f:52:66:a7:82:6e:57:
                    42:50:26:25:49:68:ec:05:4e:27:ad:aa:bf:3a:3b:
                    81:c0:b4:e9:d2:48:65:ea:ea:ca:4b:5f:5e:36:d5:
                    79:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:EC:6D:E3:B8:65:71:AF:77:FB:E9:C6:6B:21:C9:D3:76:B2:0B:FF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7cedeac-0833-47ed-853e-0aaeed16cf21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.128.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b7:72:ae:77:96:43:41:27:a0:c5:c5:04:1b:13:50:dc:12:5c:
         47:ae:bb:f8:c9:9c:f6:95:1d:de:36:78:00:0d:e8:1b:d3:71:
         b6:1d:3b:a1:64:a1:75:2d:e2:76:ca:c2:8e:95:a7:aa:49:05:
         2f:b8:75:4b:79:fd:8e:b1:a0:8a:26:3d:d4:34:cd:6f:37:24:
         01:6c:ff:bc:c2:47:a3:ec:d0:00:aa:c9:52:8b:9a:77:fb:6c:
         89:50:c1:57:e4:75:05:09:e1:a3:c1:87:00:8c:58:d5:c2:90:
         b4:2c:bb:63:d7:ae:28:26:cd:69:5b:d8:ba:2b:85:99:2b:e7:
         7f:df:4f:2b:49:69:3d:c6:05:ef:b9:0a:38:7c:d6:d3:e0:db:
         36:d8:99:1f:59:61:d7:68:f3:dd:b6:60:5e:6f:16:d5:cc:19:
         21:bc:b5:70:45:0b:22:ef:3c:ec:bf:61:d5:b1:38:7e:80:33:
         bf:c6:10:1c:0f:40:94:12:b6:bc:7c:70:0e:9a:c6:13:04:46:
         32:36:98:38:85:89:a6:7b:04:d3:b4:c3:f2:97:f2:e5:ba:0f:
         77:77:1f:ad:f6:48:2a:3e:66:9f:7c:cd:41:51:ee:74:5f:29:
         ea:04:e7:0b:f5:a5:ee:81:94:5b:54:2f:67:be:8a:8f:64:1f:
         c4:31:75:3f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC9l0AYLN8jXdLRYYpb5A48uaR3YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODE2MDAwMTExWhcNMjUwOTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YWZkNTYzYmIxZDk0NDU0YWM3ZWY1OWZhMjJmYjBiNmMx
YjFmNjY5M2FkNDk0Y2ZlNTViMjc1ZDVlMzQzNGJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC52zg86aJpiyN6TchcrwKYvqzDIfXxGCCBkKP9OmNzcY1u
rWX+AZ0lmaH91gxRAO4cilvB/krlOrbm97VGIcZzcXNUhRUf5FheZUpX8F6OERrw
PUZfXbQuu1S4RthuAiVrbXThui8thpSYcVIOclugani7p+ZRrL+OHmp++YPtyV+r
l0EBs0IspHSCv/j5qwPeUtPEt3eeOssgR/9tGz6884HXc9fiumQuaPqXyR2kLNsO
6ga8aWJbqSrKoITeXgT7Xxp41g/s9t6MS1fbG/7oeV7YaQSY/L8An1Jmp4JuV0JQ
JiVJaOwFTietqr86O4HAtOnSSGXq6spLX1421XmVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCOxt47hlca93++nGayHJ03ayC/8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M3Y2VkZWFjLTA4MzMtNDdlZC04NTNlLTBhYWVlZDE2Y2YyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMNgPgwDQYJKoZIhvcNAQELBQADggEBALdyrneWQ0EnoMXFBBsTUNwSXEeu
u/jJnPaVHd42eAAN6BvTcbYdO6FkoXUt4nbKwo6Vp6pJBS+4dUt5/Y6xoIomPdQ0
zW83JAFs/7zCR6Ps0ACqyVKLmnf7bIlQwVfkdQUJ4aPBhwCMWNXCkLQsu2PXrigm
zWlb2LorhZkr53/fTytJaT3GBe+5Cjh81tPg2zbYmR9ZYddo8922YF5vFtXMGSG8
tXBFCyLvPOy/YdWxOH6AM7/GEBwPQJQStrx8cA6axhMERjI2mDiFiaZ7BNO0w/KX
8uW6D3d3H632SCo+Zp98zUFR7nRfKeoE5wv1pe6BlFtUL2e+io9kH8QxdT8=
-----END CERTIFICATE-----