Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d729aa1c-ba17-4368-947b-9641c99e709e.roa
File:                     d729aa1c-ba17-4368-947b-9641c99e709e.roa (raw, json)
Hash identifier:          ZaldaAEIOFpjdZCGRhV8hBS0b8xns1RbEsgPAa8GleY=
Subject key identifier:   75:61:59:6A:D0:9E:4E:74:DF:ED:33:4D:BF:4E:58:F2:FF:70:D0:4D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       345CFD2E5855576D56F81C2F135F51A61CA584BB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d729aa1c-ba17-4368-947b-9641c99e709e.roa
Signing time:             Wed 09 Jul 2025 00:52:03 +0000
ROA not before:           Wed 09 Jul 2025 00:52:03 +0000
ROA not after:            Wed 13 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.25.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 23 Jul 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:5c:fd:2e:58:55:57:6d:56:f8:1c:2f:13:5f:51:a6:1c:a5:84:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  9 00:52:03 2025 GMT
            Not After : Aug 13 23:59:59 2025 GMT
        Subject: serialNumber=41aff3cbb62cea77f6e2714f2995d2a1a4937e89281e0ff94e8ecb5dda06d217, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6b:0a:85:c8:39:bd:b5:13:b6:a7:99:c0:c7:
                    52:8a:a6:6a:2f:e3:7f:3a:05:d5:81:1b:17:f0:45:
                    51:a1:59:e2:cb:07:56:e8:b8:f0:91:bd:47:3f:75:
                    8b:47:2a:20:ef:4f:7d:e2:72:ca:56:99:a6:11:2d:
                    18:83:9c:a9:fb:46:22:cb:72:bb:cb:11:2b:a9:78:
                    10:a1:13:fc:74:62:d9:9d:c0:2c:67:26:a9:46:c9:
                    7d:24:2e:cb:da:ae:e0:60:32:5f:d6:07:70:54:2b:
                    69:16:99:13:bc:9b:5e:ab:15:49:22:cc:01:fe:15:
                    cf:72:46:74:1d:5c:49:7d:e5:58:f4:fb:d4:7a:87:
                    0b:27:9c:00:3f:18:ae:50:1f:9d:d1:3a:83:55:1e:
                    46:03:60:9d:b9:54:f4:ca:98:57:fe:a3:b9:33:21:
                    58:10:55:20:b1:b0:6b:1b:96:bc:d7:86:28:a5:f4:
                    89:2c:0b:c7:26:c0:ae:8f:81:0c:4e:82:2f:05:9d:
                    cf:64:3c:cf:a4:12:27:e7:3d:a6:d2:0a:83:33:5f:
                    d1:56:af:78:88:97:9e:74:63:96:02:91:14:91:5f:
                    c3:a4:d6:b2:93:da:28:c1:0f:dd:f5:10:02:3e:e7:
                    c3:fb:6e:ae:36:e6:60:8f:df:d5:74:4e:cc:dc:c5:
                    f2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:61:59:6A:D0:9E:4E:74:DF:ED:33:4D:BF:4E:58:F2:FF:70:D0:4D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d729aa1c-ba17-4368-947b-9641c99e709e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.25.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:85:aa:b9:ae:0c:a9:8b:c0:e6:27:b4:5a:ce:80:53:4d:b8:
         47:ab:6a:8b:43:97:f8:f9:17:29:28:b3:6f:59:aa:aa:76:a1:
         d2:83:91:23:71:0c:4b:cf:d1:0c:06:86:28:f3:06:7d:4d:d3:
         c0:5d:7a:4d:07:aa:1a:41:35:e4:a8:a8:5b:42:c1:ac:72:ce:
         cf:14:f3:e1:29:29:0e:b8:95:58:32:c9:ab:8a:c3:69:a0:9d:
         87:4e:3b:0b:08:f2:56:a7:6f:74:1a:ab:a4:d6:11:42:74:05:
         da:e3:c8:70:5c:01:0d:a0:bd:2c:90:0a:19:26:d9:9c:39:b8:
         32:7d:49:83:e6:02:af:09:c2:82:bc:b6:cb:e0:8b:64:ae:c9:
         15:23:1a:92:9f:3c:d2:d7:f1:f4:f4:a2:3a:e6:e0:60:df:8b:
         be:e7:b2:54:13:67:0f:be:85:25:46:29:45:5b:96:52:70:1e:
         5d:d4:21:6f:f7:de:c9:60:f7:f6:9b:82:0f:6a:10:50:b9:cb:
         b6:e3:69:b8:5d:54:df:1e:7c:d3:43:07:71:df:6d:d0:4e:85:
         33:63:da:14:0c:d5:eb:69:c3:b2:b2:eb:6a:2c:35:07:32:e6:
         92:d4:38:e3:2c:0b:85:db:a3:34:5e:25:64:08:0e:0c:d6:b7:
         29:85:97:85
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNFz9LlhVV21W+BwvE19RphylhLswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzA5MDA1MjAzWhcNMjUwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MWFmZjNjYmI2MmNlYTc3ZjZlMjcxNGYyOTk1ZDJhMWE0
OTM3ZTg5MjgxZTBmZjk0ZThlY2I1ZGRhMDZkMjE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0awqFyDm9tRO2p5nAx1KKpmov4386BdWBGxfwRVGhWeLL
B1bouPCRvUc/dYtHKiDvT33icspWmaYRLRiDnKn7RiLLcrvLESupeBChE/x0Ytmd
wCxnJqlGyX0kLsvaruBgMl/WB3BUK2kWmRO8m16rFUkizAH+Fc9yRnQdXEl95Vj0
+9R6hwsnnAA/GK5QH53ROoNVHkYDYJ25VPTKmFf+o7kzIVgQVSCxsGsblrzXhiil
9IksC8cmwK6PgQxOgi8Fnc9kPM+kEifnPabSCoMzX9FWr3iIl550Y5YCkRSRX8Ok
1rKT2ijBD931EAI+58P7bq425mCP39V0TszcxfKfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdWFZatCeTnTf7TNNv05Y8v9w0E0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q3MjlhYTFjLWJhMTctNDM2OC05NDdiLTk2NDFjOTllNzA5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2GRQwDQYJKoZIhvcNAQELBQADggEBALqFqrmuDKmLwOYntFrOgFNNuEer
aotDl/j5Fykos29Zqqp2odKDkSNxDEvP0QwGhijzBn1N08Bdek0HqhpBNeSoqFtC
waxyzs8U8+EpKQ64lVgyyauKw2mgnYdOOwsI8lanb3Qaq6TWEUJ0BdrjyHBcAQ2g
vSyQChkm2Zw5uDJ9SYPmAq8JwoK8tsvgi2SuyRUjGpKfPNLX8fT0ojrm4GDfi77n
slQTZw++hSVGKUVbllJwHl3UIW/33slg9/abgg9qEFC5y7bjabhdVN8efNNDB3Hf
bdBOhTNj2hQM1etpw7Ky62osNQcy5pLUOOMsC4XbozReJWQIDgzWtymFl4U=
-----END CERTIFICATE-----
Generated at Tue Jul 22 11:56:38 2025 by rpki-client