Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbc2b1a5-5365-48b4-affd-3867c265d11a.roa
File:                     bbc2b1a5-5365-48b4-affd-3867c265d11a.roa (raw, json)
Hash identifier:          hf4djBj0qlROKFCUpaz3Koc79iwCwEeR6NsAcHfhxfw=
Subject key identifier:   79:91:7C:77:10:83:CA:92:85:1E:64:91:E6:F3:93:47:08:2B:89:AA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5DF841D991086B7E7DD9D284809D6F9E609A8B5E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbc2b1a5-5365-48b4-affd-3867c265d11a.roa
Signing time:             Wed 02 Jul 2025 00:40:24 +0000
ROA not before:           Wed 02 Jul 2025 00:40:24 +0000
ROA not after:            Wed 06 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        89.254.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 23 Jul 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:f8:41:d9:91:08:6b:7e:7d:d9:d2:84:80:9d:6f:9e:60:9a:8b:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  2 00:40:24 2025 GMT
            Not After : Aug  6 23:59:59 2025 GMT
        Subject: serialNumber=b58303f3e910cd7c9ba309f5089387b908872bcabb9e1e7bce79fda562460925, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:cb:2c:b4:38:99:fc:01:44:d7:30:a5:5f:f6:
                    70:de:bf:ab:a8:4a:fe:87:e9:a3:12:10:e9:78:4f:
                    45:19:49:89:6d:81:9a:00:9d:56:1b:c3:e7:d3:3e:
                    c4:ac:3b:6b:b7:ce:26:76:c7:ad:d5:a3:37:c0:fe:
                    98:6b:ee:57:36:80:30:58:56:7e:16:aa:6f:b3:b2:
                    7a:68:bd:50:93:de:e6:bf:a8:e0:d5:ce:ff:76:6e:
                    5d:ea:82:2b:83:58:f1:7c:56:33:98:2b:9e:7a:d9:
                    7c:6f:b5:eb:49:8f:14:78:d8:2b:8c:fc:9d:06:5f:
                    93:90:e5:7f:0e:76:42:09:ea:c9:e5:5e:3f:3a:73:
                    bf:44:f0:ea:5f:4a:5d:10:2a:8c:00:90:a0:6c:10:
                    11:cd:70:84:a7:95:96:8b:01:a8:86:37:c8:e2:c3:
                    8d:ed:5a:43:26:24:73:ba:f4:13:6a:b8:8d:c0:bb:
                    3a:41:bf:a9:d1:3e:12:43:fb:32:ff:69:45:7b:06:
                    3e:f4:89:bd:15:97:ac:1c:c1:7e:df:2f:94:6d:15:
                    94:97:50:52:22:95:c3:be:1d:53:1f:29:86:05:b6:
                    cc:ab:de:fe:c1:c0:6c:e8:0a:4d:41:5e:10:9e:34:
                    30:ff:79:81:af:7e:28:37:d6:e9:ac:39:2a:4f:1e:
                    e4:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:91:7C:77:10:83:CA:92:85:1E:64:91:E6:F3:93:47:08:2B:89:AA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbc2b1a5-5365-48b4-affd-3867c265d11a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.254.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         12:26:58:50:67:bc:9a:41:98:bc:89:f5:5f:6f:25:ac:0a:b7:
         36:52:bf:10:ee:36:73:81:5e:a9:c4:7c:ab:f5:b9:74:be:a0:
         23:43:f6:50:a4:6e:89:d4:37:08:9c:43:bb:90:14:80:08:cd:
         02:3f:92:f9:d9:a7:1d:f5:69:63:f8:8e:78:44:79:36:8d:96:
         4d:ce:81:00:a0:20:05:45:3e:85:71:6c:37:65:3e:d0:fd:84:
         d7:20:ff:48:09:e4:61:18:df:7f:81:63:e1:e7:bd:81:25:b9:
         aa:c0:21:79:92:c8:80:21:8a:6c:c9:95:19:50:c5:a4:52:94:
         51:f9:56:c4:da:e9:88:f7:f8:f9:21:03:87:c4:90:38:98:f8:
         bb:59:42:17:18:7c:99:94:8b:83:03:2b:08:50:21:1e:12:64:
         32:f9:82:88:f0:9d:bc:83:b5:42:8f:c8:23:d1:79:bf:23:0d:
         cb:11:72:ff:17:c5:28:11:3e:d7:9b:e0:e0:c6:96:7b:84:a2:
         2c:42:5e:f3:82:1d:ac:24:a4:fb:be:32:29:02:b5:d1:a4:9a:
         98:ba:8f:13:44:84:65:09:52:b6:26:98:43:51:1c:91:07:48:
         62:f4:ad:ad:83:94:06:40:e4:86:01:25:56:4f:df:59:53:09:
         78:58:ed:de
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXfhB2ZEIa3592dKEgJ1vnmCai14wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzAyMDA0MDI0WhcNMjUwODA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTgzMDNmM2U5MTBjZDdjOWJhMzA5ZjUwODkzODdiOTA4
ODcyYmNhYmI5ZTFlN2JjZTc5ZmRhNTYyNDYwOTI1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFyyy0OJn8AUTXMKVf9nDev6uoSv6H6aMSEOl4T0UZSYlt
gZoAnVYbw+fTPsSsO2u3ziZ2x63VozfA/phr7lc2gDBYVn4Wqm+zsnpovVCT3ua/
qODVzv92bl3qgiuDWPF8VjOYK5562XxvtetJjxR42CuM/J0GX5OQ5X8OdkIJ6snl
Xj86c79E8OpfSl0QKowAkKBsEBHNcISnlZaLAaiGN8jiw43tWkMmJHO69BNquI3A
uzpBv6nRPhJD+zL/aUV7Bj70ib0Vl6wcwX7fL5RtFZSXUFIilcO+HVMfKYYFtsyr
3v7BwGzoCk1BXhCeNDD/eYGvfig31umsOSpPHuQDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeZF8dxCDypKFHmSR5vOTRwgriaowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiYzJiMWE1LTUzNjUtNDhiNC1hZmZkLTM4NjdjMjY1ZDExYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANZ/ggwDQYJKoZIhvcNAQELBQADggEBABImWFBnvJpBmLyJ9V9vJawKtzZS
vxDuNnOBXqnEfKv1uXS+oCND9lCkbonUNwicQ7uQFIAIzQI/kvnZpx31aWP4jnhE
eTaNlk3OgQCgIAVFPoVxbDdlPtD9hNcg/0gJ5GEY33+BY+HnvYEluarAIXmSyIAh
imzJlRlQxaRSlFH5VsTa6Yj3+PkhA4fEkDiY+LtZQhcYfJmUi4MDKwhQIR4SZDL5
gojwnbyDtUKPyCPReb8jDcsRcv8XxSgRPteb4ODGlnuEoixCXvOCHawkpPu+MikC
tdGkmpi6jxNEhGUJUrYmmENRHJEHSGL0ra2DlAZA5IYBJVZP31lTCXhY7d4=
-----END CERTIFICATE-----