Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a25a98f5-7804-4094-8cb7-934444d2052d.roa
File:                     a25a98f5-7804-4094-8cb7-934444d2052d.roa (raw, json)
Hash identifier:          nmlpvGuk79xd0Uz8DuQK+1awUaZKh0v62NQOpdoJYTo=
Subject key identifier:   9D:33:23:11:BF:AA:EF:E9:19:AF:F4:9E:C8:AA:E3:D8:35:78:78:C9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1D2A4A91A213A2AD0B7720A0FFECFF44D9858230
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a25a98f5-7804-4094-8cb7-934444d2052d.roa
Signing time:             Fri 11 Jul 2025 00:10:16 +0000
ROA not before:           Fri 11 Jul 2025 00:10:16 +0000
ROA not after:            Fri 15 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        192.31.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 23 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:2a:4a:91:a2:13:a2:ad:0b:77:20:a0:ff:ec:ff:44:d9:85:82:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 11 00:10:16 2025 GMT
            Not After : Aug 15 23:59:59 2025 GMT
        Subject: serialNumber=66e565d40d1907e7ef8149890eb900f07a573ef820ec39c2b5e096bf1e87d901, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ae:6c:09:c8:64:59:31:45:5b:ed:ef:4e:f6:
                    d7:98:4a:99:c2:51:06:66:21:4f:4f:09:d5:58:4e:
                    1c:f0:98:7d:67:c8:d5:90:00:54:9a:fd:c9:f3:e9:
                    8f:58:29:ad:30:a3:f6:0e:24:08:7e:bc:6d:fe:f1:
                    dd:43:c5:9c:23:05:e9:f8:ef:69:af:41:0a:e8:d2:
                    b3:74:88:8f:b8:90:73:86:17:69:28:81:a4:69:7e:
                    b7:88:5c:98:43:fc:bd:33:06:ff:76:3a:63:81:80:
                    b8:9b:fa:21:67:aa:8f:10:69:c4:7b:e2:6e:bf:7f:
                    aa:40:1f:cf:c2:de:d1:54:fc:08:a4:84:0b:08:5f:
                    bb:56:19:7e:af:80:ed:f1:18:ee:f4:28:70:82:f7:
                    0e:90:b6:08:f6:c5:39:76:5f:cb:70:75:ce:a3:d3:
                    8d:fd:b0:03:b1:39:e1:82:89:3e:43:94:d4:49:76:
                    1b:7a:e5:d0:f7:ec:a8:b9:dc:d1:35:eb:b4:96:d9:
                    aa:7f:04:ed:66:0a:d7:be:82:79:b6:ee:e0:85:ef:
                    43:7f:f8:c7:01:a7:30:48:d8:f0:06:93:36:96:1f:
                    8a:7d:76:7b:b6:1a:4b:b8:82:36:3f:b2:bd:d3:ba:
                    5f:8e:5f:40:2f:c5:ff:0d:d3:3a:f0:0e:48:18:13:
                    fe:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:33:23:11:BF:AA:EF:E9:19:AF:F4:9E:C8:AA:E3:D8:35:78:78:C9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a25a98f5-7804-4094-8cb7-934444d2052d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.31.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:cc:1b:12:62:66:af:1b:b2:fd:5a:54:66:a9:af:d7:68:72:
         cc:39:d5:d6:e9:eb:f7:aa:04:db:21:a5:96:f7:d8:4e:7c:cd:
         55:b8:ab:e7:42:96:21:f3:e2:2a:8c:b2:79:fe:6e:77:2d:4e:
         b9:d9:e7:6f:15:f4:39:d6:bb:e9:1d:ad:98:7f:fd:00:12:cb:
         08:77:f4:f5:11:41:51:8f:ee:74:4d:7e:df:8b:26:41:88:83:
         8a:b9:9a:9e:99:9f:a6:c9:2e:9c:2f:7a:a4:0b:5f:1a:01:3a:
         43:4a:bf:b3:8e:0a:f7:34:d2:07:2f:84:6e:cf:a2:5e:97:b2:
         2e:96:88:28:e8:1a:a3:84:6e:d7:e9:af:87:84:77:16:cc:11:
         59:b2:95:9d:13:d5:4c:22:11:d9:c6:04:99:7e:81:4e:85:58:
         45:7b:22:fd:ff:63:15:2d:84:51:ec:53:36:f7:50:0e:5c:1e:
         e5:31:80:f9:63:bd:b9:04:8d:fa:50:a9:0e:4b:de:82:1e:bb:
         0e:93:cd:46:3f:0d:ad:72:8e:e6:73:b2:68:7a:e8:ca:15:73:
         70:b4:4c:27:12:93:aa:a1:40:b9:7c:78:4d:d7:32:55:78:a8:
         15:79:4e:45:49:5c:2e:56:d8:72:3e:69:68:bf:1f:f6:9c:24:
         fc:f8:bf:24
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHSpKkaIToq0LdyCg/+z/RNmFgjAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzExMDAxMDE2WhcNMjUwODE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NmU1NjVkNDBkMTkwN2U3ZWY4MTQ5ODkwZWI5MDBmMDdh
NTczZWY4MjBlYzM5YzJiNWUwOTZiZjFlODdkOTAxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUrmwJyGRZMUVb7e9O9teYSpnCUQZmIU9PCdVYThzwmH1n
yNWQAFSa/cnz6Y9YKa0wo/YOJAh+vG3+8d1DxZwjBen472mvQQro0rN0iI+4kHOG
F2kogaRpfreIXJhD/L0zBv92OmOBgLib+iFnqo8QacR74m6/f6pAH8/C3tFU/Aik
hAsIX7tWGX6vgO3xGO70KHCC9w6Qtgj2xTl2X8twdc6j0439sAOxOeGCiT5DlNRJ
dht65dD37Ki53NE167SW2ap/BO1mCte+gnm27uCF70N/+McBpzBI2PAGkzaWH4p9
dnu2Gku4gjY/sr3Tul+OX0Avxf8N0zrwDkgYE/4pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnTMjEb+q7+kZr/SeyKrj2DV4eMkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EyNWE5OGY1LTc4MDQtNDA5NC04Y2I3LTkzNDQ0NGQyMDUyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADAH9UwDQYJKoZIhvcNAQELBQADggEBAGjMGxJiZq8bsv1aVGapr9docsw5
1dbp6/eqBNshpZb32E58zVW4q+dCliHz4iqMsnn+bnctTrnZ528V9DnWu+kdrZh/
/QASywh39PURQVGP7nRNft+LJkGIg4q5mp6Zn6bJLpwveqQLXxoBOkNKv7OOCvc0
0gcvhG7Pol6Xsi6WiCjoGqOEbtfpr4eEdxbMEVmylZ0T1UwiEdnGBJl+gU6FWEV7
Iv3/YxUthFHsUzb3UA5cHuUxgPljvbkEjfpQqQ5L3oIeuw6TzUY/Da1yjuZzsmh6
6MoVc3C0TCcSk6qhQLl8eE3XMlV4qBV5TkVJXC5W2HI+aWi/H/acJPz4vyQ=
-----END CERTIFICATE-----
Generated at Mon Jul 21 18:14:10 2025 by rpki-client