Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/425248ee-104d-44c2-9568-ff3915e0a91e.roa
File:                     425248ee-104d-44c2-9568-ff3915e0a91e.roa (raw, json)
Hash identifier:          89h5c/z5FW4b9RpvuZOR0fwEFku1yLHtVEwtpsb4RC0=
Subject key identifier:   C2:76:B4:7E:32:58:B9:FE:F2:EA:18:98:30:56:69:73:C9:BD:F2:82
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68A20D920F1A5EEBF301D2FE236557D4EB14B776
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/425248ee-104d-44c2-9568-ff3915e0a91e.roa
Signing time:             Tue 26 Aug 2025 15:00:32 +0000
ROA not before:           Tue 26 Aug 2025 15:00:32 +0000
ROA not after:            Tue 30 Sep 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        136.18.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 08 Sep 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:a2:0d:92:0f:1a:5e:eb:f3:01:d2:fe:23:65:57:d4:eb:14:b7:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 26 15:00:32 2025 GMT
            Not After : Sep 30 23:59:59 2025 GMT
        Subject: serialNumber=2af7bdcc49055b3a0f75526dd4cea1055e054dfc81a42786e4cd646f64b09e87, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d9:74:94:5f:cf:a8:f8:40:ca:c6:9b:e4:82:
                    23:fc:26:64:40:f6:e9:bc:c9:22:2b:d7:35:df:49:
                    85:0b:0b:37:dd:be:d8:c2:e4:20:3c:f5:1f:4c:3f:
                    44:d9:73:f7:69:bb:13:c2:2f:aa:b3:58:72:61:aa:
                    c3:b7:40:7c:2b:3c:c3:1f:46:d5:ce:ab:99:b7:98:
                    7f:16:ae:e2:b7:74:7f:cb:9f:75:22:b6:fc:3d:ab:
                    06:71:bf:4a:26:fc:7d:fd:86:50:25:b2:06:0e:49:
                    b5:a7:25:ed:97:83:26:8f:64:cc:8d:2f:a4:12:32:
                    ac:4f:76:d3:07:3f:2d:b3:ec:e7:a4:ae:20:e5:cf:
                    91:ec:a9:69:71:e6:d4:20:dd:b3:f6:1b:a5:bf:8d:
                    4c:6b:1d:f7:f2:95:4b:5b:dc:32:b0:0f:3e:f8:a0:
                    99:51:bb:73:f5:6b:08:06:45:1d:7a:45:14:20:50:
                    c6:d3:7c:45:ad:a3:ea:42:e1:6e:84:26:d7:57:3b:
                    0e:23:7e:cb:0b:c8:8b:9b:c0:87:c2:2b:02:02:38:
                    51:6a:bf:25:ee:e4:56:59:2f:38:fe:31:4b:4e:2c:
                    2e:88:54:10:9e:6c:aa:51:b4:72:74:6c:3e:3a:62:
                    bd:d9:53:dd:eb:88:eb:0d:d1:60:54:30:57:8b:ed:
                    fe:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:76:B4:7E:32:58:B9:FE:F2:EA:18:98:30:56:69:73:C9:BD:F2:82
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/425248ee-104d-44c2-9568-ff3915e0a91e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:1a:40:23:57:21:38:7e:a1:d4:c5:12:72:1c:cb:70:77:51:
         bc:d9:36:c8:79:76:16:dd:4a:25:3f:ad:60:36:3b:55:52:63:
         78:05:60:9e:c4:55:a1:b8:43:d9:e4:e8:29:80:1a:b8:09:24:
         a8:72:71:1c:5d:d6:85:a0:fd:6c:79:3e:d5:d7:2b:85:10:b4:
         0d:c4:9c:73:d9:5b:05:09:3b:dd:5d:bc:85:a8:0d:12:13:6c:
         0f:5c:54:53:68:d8:c0:53:16:b4:c6:ec:24:21:8b:a8:22:d5:
         48:71:32:93:ed:42:b0:29:c9:02:90:4d:6f:b3:be:71:03:b7:
         8c:6e:69:3e:7d:b4:6f:40:28:29:cb:32:37:eb:67:5f:2a:95:
         2a:d5:58:56:27:63:90:ba:15:88:cd:3a:34:5d:7a:b3:a2:9e:
         10:67:e3:1d:3e:68:09:c7:ef:98:4d:68:91:40:ad:84:df:9e:
         86:b4:91:5c:77:4f:8b:d2:52:19:78:2a:93:68:ef:3f:11:dd:
         86:21:6c:76:97:0b:22:ca:58:6a:d9:64:c6:25:10:7b:eb:d6:
         dd:ad:f8:da:bd:e8:88:7b:52:11:6a:b2:7c:d6:0b:a9:44:25:
         2c:08:fe:e1:5c:1e:1d:2b:7a:5d:29:e0:98:8d:b1:27:3a:e2:
         1e:f4:47:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaKINkg8aXuvzAdL+I2VX1OsUt3YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODI2MTUwMDMyWhcNMjUwOTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYWY3YmRjYzQ5MDU1YjNhMGY3NTUyNmRkNGNlYTEwNTVl
MDU0ZGZjODFhNDI3ODZlNGNkNjQ2ZjY0YjA5ZTg3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC22XSUX8+o+EDKxpvkgiP8JmRA9um8ySIr1zXfSYULCzfd
vtjC5CA89R9MP0TZc/dpuxPCL6qzWHJhqsO3QHwrPMMfRtXOq5m3mH8WruK3dH/L
n3Uitvw9qwZxv0om/H39hlAlsgYOSbWnJe2XgyaPZMyNL6QSMqxPdtMHPy2z7Oek
riDlz5HsqWlx5tQg3bP2G6W/jUxrHffylUtb3DKwDz74oJlRu3P1awgGRR16RRQg
UMbTfEWto+pC4W6EJtdXOw4jfssLyIubwIfCKwICOFFqvyXu5FZZLzj+MUtOLC6I
VBCebKpRtHJ0bD46Yr3ZU93riOsN0WBUMFeL7f4lAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwna0fjJYuf7y6hiYMFZpc8m98oIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQyNTI0OGVlLTEwNGQtNDRjMi05NTY4LWZmMzkxNWUwYTkxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEgEwDQYJKoZIhvcNAQELBQADggEBANMaQCNXITh+odTFEnIcy3B3UbzZ
Nsh5dhbdSiU/rWA2O1VSY3gFYJ7EVaG4Q9nk6CmAGrgJJKhycRxd1oWg/Wx5PtXX
K4UQtA3EnHPZWwUJO91dvIWoDRITbA9cVFNo2MBTFrTG7CQhi6gi1UhxMpPtQrAp
yQKQTW+zvnEDt4xuaT59tG9AKCnLMjfrZ18qlSrVWFYnY5C6FYjNOjRderOinhBn
4x0+aAnH75hNaJFArYTfnoa0kVx3T4vSUhl4KpNo7z8R3YYhbHaXCyLKWGrZZMYl
EHvr1t2t+Nq96Ih7UhFqsnzWC6lEJSwI/uFcHh0rel0p4JiNsSc64h70R98=
-----END CERTIFICATE-----
Generated at Sat Sep 6 16:52:42 2025 by rpki-client