Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5e9ed4e-9291-4b63-a0c4-15b7a3bfcf69.roa
File:                     b5e9ed4e-9291-4b63-a0c4-15b7a3bfcf69.roa (raw, json)
Hash identifier:          lGKwOvxFyRVTp8bCQhvkkuTWaRcTOJQSvOeQ1oRtzmk=
Subject key identifier:   12:80:4C:7D:01:3F:8D:C5:51:D6:51:E9:DE:3A:AC:DF:38:18:02:4B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0F7450F8E4419775E6B3F015C3E9C3925585F6B4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5e9ed4e-9291-4b63-a0c4-15b7a3bfcf69.roa
Signing time:             Sat 19 Jul 2025 00:00:20 +0000
ROA not before:           Sat 19 Jul 2025 00:00:20 +0000
ROA not after:            Sat 23 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        107.152.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 23 Jul 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:74:50:f8:e4:41:97:75:e6:b3:f0:15:c3:e9:c3:92:55:85:f6:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 19 00:00:20 2025 GMT
            Not After : Aug 23 23:59:59 2025 GMT
        Subject: serialNumber=7c0166489416861cc9813c90af8d9fcf8d4970b611a6273c78402e47a67afc21, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:85:df:77:41:98:69:ef:87:8b:f8:9d:2e:c1:
                    7e:98:4d:dd:f6:fc:0e:1e:67:30:b3:8f:bf:3d:64:
                    75:b9:90:5e:56:1f:79:c2:6b:6c:9b:e2:0a:ef:8b:
                    24:80:75:a0:85:b9:c9:51:de:fc:ea:88:f4:fd:75:
                    bd:33:c5:75:6c:28:9d:b0:0c:73:73:49:b2:1d:d4:
                    cb:39:aa:19:9a:ac:f6:31:6c:f5:f4:37:c9:2f:4c:
                    35:a1:2b:e5:48:42:6e:92:c1:46:f0:92:a5:47:4f:
                    6b:0b:3b:82:36:74:5e:e7:01:63:c8:b3:15:53:4d:
                    45:32:a3:5b:02:a2:82:83:9c:21:5c:02:72:ee:58:
                    9c:e0:92:7a:79:60:5b:b8:e6:a1:78:d4:4c:86:77:
                    93:26:d8:ae:3d:b0:a8:d7:2f:31:01:94:83:fa:73:
                    22:46:da:35:a6:28:43:65:ae:53:ac:e9:f7:fe:a0:
                    ec:c0:b0:ed:12:ac:18:5c:14:e7:29:bc:38:16:9d:
                    57:9e:6d:a1:fc:2e:59:af:c1:8d:de:be:86:92:e8:
                    5f:d0:9b:42:2f:5d:f1:55:d3:ae:c5:19:29:35:a0:
                    29:0a:d8:71:b3:30:9c:2a:48:56:d1:51:6e:0a:6f:
                    43:39:78:5c:df:21:fa:81:36:79:cf:d7:c3:f6:3c:
                    b1:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:80:4C:7D:01:3F:8D:C5:51:D6:51:E9:DE:3A:AC:DF:38:18:02:4B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5e9ed4e-9291-4b63-a0c4-15b7a3bfcf69.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.152.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:ed:db:7b:1e:66:ac:ea:83:68:29:3f:aa:ed:64:de:ce:17:
         51:f4:cd:18:f8:86:71:e9:79:7a:60:0e:62:19:76:c9:54:2f:
         29:4e:8b:2d:c2:3b:a2:24:6e:3c:75:78:40:4b:69:b8:9a:89:
         ee:ba:59:f4:72:3b:da:47:55:48:03:9f:92:d4:23:ca:0b:c1:
         1d:a9:f8:33:fe:02:05:bf:11:26:fa:6f:4c:77:3f:52:3d:0e:
         ba:b9:6e:d5:9a:09:3f:37:1d:19:0f:77:93:9c:26:c0:20:4d:
         74:53:e9:74:ce:05:c8:c9:1c:ad:e6:1d:d8:2e:0e:a4:01:14:
         ae:11:bf:14:90:cd:fc:f3:a8:80:01:10:a8:36:37:3a:10:28:
         a2:26:18:78:93:be:75:de:2f:f0:fe:2b:d7:19:28:af:e0:bc:
         06:bb:7f:85:9e:1d:22:d8:7c:c0:1b:7e:ff:fe:34:f6:02:30:
         36:30:de:a0:65:b3:bc:a6:39:4b:0e:5b:b4:07:b7:f8:24:aa:
         df:dd:5e:79:40:37:b4:ce:5c:5f:f9:25:a8:19:6b:e2:56:8e:
         04:6d:84:fc:1e:83:dc:01:53:95:9d:77:0f:92:eb:36:7d:27:
         c8:3b:99:30:70:8a:30:5b:4b:df:6b:c4:34:26:51:8b:9c:3c:
         87:85:a6:34
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD3RQ+ORBl3Xms/AVw+nDklWF9rQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzE5MDAwMDIwWhcNMjUwODIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YzAxNjY0ODk0MTY4NjFjYzk4MTNjOTBhZjhkOWZjZjhk
NDk3MGI2MTFhNjI3M2M3ODQwMmU0N2E2N2FmYzIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbhd93QZhp74eL+J0uwX6YTd32/A4eZzCzj789ZHW5kF5W
H3nCa2yb4grviySAdaCFuclR3vzqiPT9db0zxXVsKJ2wDHNzSbId1Ms5qhmarPYx
bPX0N8kvTDWhK+VIQm6SwUbwkqVHT2sLO4I2dF7nAWPIsxVTTUUyo1sCooKDnCFc
AnLuWJzgknp5YFu45qF41EyGd5Mm2K49sKjXLzEBlIP6cyJG2jWmKENlrlOs6ff+
oOzAsO0SrBhcFOcpvDgWnVeebaH8LlmvwY3evoaS6F/Qm0IvXfFV067FGSk1oCkK
2HGzMJwqSFbRUW4Kb0M5eFzfIfqBNnnP18P2PLEnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEoBMfQE/jcVR1lHp3jqs3zgYAkswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I1ZTllZDRlLTkyOTEtNGI2My1hMGM0LTE1YjdhM2JmY2Y2OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABrmIUwDQYJKoZIhvcNAQELBQADggEBAM3t23seZqzqg2gpP6rtZN7OF1H0
zRj4hnHpeXpgDmIZdslULylOiy3CO6Ikbjx1eEBLabiaie66WfRyO9pHVUgDn5LU
I8oLwR2p+DP+AgW/ESb6b0x3P1I9Drq5btWaCT83HRkPd5OcJsAgTXRT6XTOBcjJ
HK3mHdguDqQBFK4RvxSQzfzzqIABEKg2NzoQKKImGHiTvnXeL/D+K9cZKK/gvAa7
f4WeHSLYfMAbfv/+NPYCMDYw3qBls7ymOUsOW7QHt/gkqt/dXnlAN7TOXF/5JagZ
a+JWjgRthPweg9wBU5Wddw+S6zZ9J8g7mTBwijBbS99rxDQmUYucPIeFpjQ=
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:55:18 2025 by rpki-client