Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef392e95-5697-4675-a401-25d090055bed.roa
File:                     ef392e95-5697-4675-a401-25d090055bed.roa (raw, json)
Hash identifier:          zfXbNtNv9qp9XdVjrGfvJ35GfhxwKOkwoA3U35XERHA=
Subject key identifier:   DD:F3:A0:FA:AA:65:08:D9:9A:7A:87:CC:68:35:A8:9D:AE:C8:7C:D6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       17F78973AABBE7C35BD7AD95FF91A2C35DDF5489
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef392e95-5697-4675-a401-25d090055bed.roa
Signing time:             Fri 22 Aug 2025 00:31:23 +0000
ROA not before:           Fri 22 Aug 2025 00:31:23 +0000
ROA not after:            Fri 26 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.87.208.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:f7:89:73:aa:bb:e7:c3:5b:d7:ad:95:ff:91:a2:c3:5d:df:54:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 22 00:31:23 2025 GMT
            Not After : Sep 26 23:59:59 2025 GMT
        Subject: serialNumber=fc5209b68499c3921f28c2f5ef9e9da4c6284a9e4d3cc8bc93b13606c00aad1e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:45:69:ae:b9:b4:b3:f0:3b:12:09:2d:8c:20:
                    a5:1e:73:67:91:0e:0f:36:41:52:bc:20:e4:88:6c:
                    ab:94:85:4b:dd:71:81:2b:cd:f1:57:89:2f:97:f0:
                    21:09:b7:d7:55:32:b0:15:7e:93:56:00:7f:3e:ef:
                    0b:34:a0:fd:70:e9:17:72:28:81:37:87:5a:2d:22:
                    07:8e:70:6b:3c:fd:25:20:b8:7e:b5:fa:0b:6f:ee:
                    0c:71:d6:81:ea:a1:40:26:75:a6:2a:b0:af:11:dd:
                    97:fe:7e:5c:a2:87:25:c8:51:83:63:8b:79:3e:36:
                    1f:59:2a:e1:93:8a:43:77:9b:1c:88:e7:dd:b4:00:
                    5b:bc:36:91:5e:af:dd:25:4d:50:e9:fb:dd:ad:47:
                    fb:85:99:7b:92:1c:bb:e2:62:c2:fb:da:0f:be:da:
                    0b:02:98:fd:38:9f:4a:46:89:83:98:22:3b:bd:14:
                    85:ed:04:26:1e:f8:2f:15:83:85:84:6f:5d:84:d1:
                    ec:aa:f9:93:3c:d2:8d:06:69:32:a7:f3:64:f9:cb:
                    88:90:84:17:ae:a4:1c:71:3e:d6:bb:a5:17:72:2d:
                    9c:35:0f:f1:ac:b6:58:bc:ec:a7:63:64:13:8f:43:
                    2e:20:2a:7c:25:cb:86:2d:62:47:8c:93:e0:5d:6a:
                    30:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:F3:A0:FA:AA:65:08:D9:9A:7A:87:CC:68:35:A8:9D:AE:C8:7C:D6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef392e95-5697-4675-a401-25d090055bed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.87.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         52:ef:d4:3b:b9:1f:4c:d9:b5:2f:a3:74:36:97:18:3b:48:e4:
         e9:7f:5e:b4:25:bf:39:df:48:72:95:b6:73:fb:1e:a4:e5:61:
         d9:f4:64:52:e0:e1:e0:a8:4c:3d:d4:4e:f5:5b:63:67:63:69:
         de:9d:a5:ff:87:04:03:03:8e:80:ad:6d:f6:7c:f0:5e:1e:36:
         2e:26:31:90:8d:4e:b2:1a:81:9f:d9:06:02:c2:08:f3:38:b3:
         e1:0d:07:65:f7:e7:fc:8d:de:eb:31:65:c8:04:58:e2:70:92:
         f5:94:68:2c:d3:f5:ae:24:56:69:47:47:93:03:22:f5:ff:02:
         e9:4f:8a:6a:73:4f:0d:d5:86:52:78:f6:5d:d3:11:49:35:e2:
         d3:bd:ed:e3:58:72:87:34:58:30:16:01:c6:1b:58:65:61:60:
         7e:54:23:27:3d:c0:5b:ea:61:6b:65:47:10:86:d8:68:5a:10:
         30:ff:56:5a:58:70:04:50:23:1d:2d:f6:97:8b:d9:be:69:70:
         de:13:af:11:b7:00:b1:50:1e:fc:5b:83:b3:c7:78:f1:08:18:
         91:ec:46:0b:d6:75:2d:d5:40:e5:3a:ec:01:fd:43:5a:69:f0:
         e7:0f:6f:9d:1d:49:6c:69:57:2b:a2:bb:e8:82:c0:ba:e1:19:
         ff:a5:a6:dc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF/eJc6q758Nb162V/5Giw13fVIkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODIyMDAzMTIzWhcNMjUwOTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYzUyMDliNjg0OTljMzkyMWYyOGMyZjVlZjllOWRhNGM2
Mjg0YTllNGQzY2M4YmM5M2IxMzYwNmMwMGFhZDFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDARWmuubSz8DsSCS2MIKUec2eRDg82QVK8IOSIbKuUhUvd
cYErzfFXiS+X8CEJt9dVMrAVfpNWAH8+7ws0oP1w6RdyKIE3h1otIgeOcGs8/SUg
uH61+gtv7gxx1oHqoUAmdaYqsK8R3Zf+flyihyXIUYNji3k+Nh9ZKuGTikN3mxyI
5920AFu8NpFer90lTVDp+92tR/uFmXuSHLviYsL72g++2gsCmP04n0pGiYOYIju9
FIXtBCYe+C8Vg4WEb12E0eyq+ZM80o0GaTKn82T5y4iQhBeupBxxPta7pRdyLZw1
D/Gstli87KdjZBOPQy4gKnwly4YtYkeMk+BdajDJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3fOg+qplCNmaeofMaDWona7IfNYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmMzkyZTk1LTU2OTctNDY3NS1hNDAxLTI1ZDA5MDA1NWJlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPYV9AwDQYJKoZIhvcNAQELBQADggEBAFLv1Du5H0zZtS+jdDaXGDtI5Ol/
XrQlvznfSHKVtnP7HqTlYdn0ZFLg4eCoTD3UTvVbY2djad6dpf+HBAMDjoCtbfZ8
8F4eNi4mMZCNTrIagZ/ZBgLCCPM4s+ENB2X35/yN3usxZcgEWOJwkvWUaCzT9a4k
VmlHR5MDIvX/AulPimpzTw3VhlJ49l3TEUk14tO97eNYcoc0WDAWAcYbWGVhYH5U
Iyc9wFvqYWtlRxCG2GhaEDD/VlpYcARQIx0t9peL2b5pcN4TrxG3ALFQHvxbg7PH
ePEIGJHsRgvWdS3VQOU67AH9Q1pp8OcPb50dSWxpVyuiu+iCwLrhGf+lptw=
-----END CERTIFICATE-----