Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/814a1304-f90c-4e23-82d9-6fe21bfdb541.roa
File:                     814a1304-f90c-4e23-82d9-6fe21bfdb541.roa (raw, json)
Hash identifier:          mwibMTUiOiiZq/gMRMg7kgx/OJWX6tTwd1b8digCUUE=
Subject key identifier:   26:B1:1E:A1:F0:73:F8:72:97:09:60:95:05:33:72:D4:08:BC:95:8F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6B931E589DD503230598883DE16DA8E418BA3E3C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/814a1304-f90c-4e23-82d9-6fe21bfdb541.roa
Signing time:             Sat 30 Aug 2025 00:00:17 +0000
ROA not before:           Sat 30 Aug 2025 00:00:17 +0000
ROA not after:            Sat 04 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        104.144.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 07 Sep 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:93:1e:58:9d:d5:03:23:05:98:88:3d:e1:6d:a8:e4:18:ba:3e:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 30 00:00:17 2025 GMT
            Not After : Oct  4 23:59:59 2025 GMT
        Subject: serialNumber=14e343e136421bfc08cfca57742a56aa576035f286d587bb0c4499c61d0ec374, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:7f:01:00:d9:dc:dd:4a:85:4e:f3:9b:21:db:
                    35:48:9e:0a:56:86:0a:62:bd:8b:8b:db:ae:7a:21:
                    d9:c6:c1:c7:f7:b2:15:7e:62:64:2c:db:fc:b2:f4:
                    5a:e9:8c:38:d0:94:89:4a:53:e7:09:0d:b8:be:16:
                    bf:b8:59:a5:a2:4b:47:7e:5c:fd:9e:53:ce:5a:85:
                    74:da:a6:3c:88:22:6d:04:81:b7:54:23:67:cd:6c:
                    ae:5f:a4:21:ce:43:35:47:6d:89:34:49:e9:ac:b1:
                    16:2d:88:b0:a2:a0:9f:60:5e:7e:ac:f2:b5:05:31:
                    ac:f6:d9:b0:a8:6c:cf:81:71:29:92:ad:8c:9c:64:
                    c7:b6:e6:6e:34:b2:dd:dd:58:2a:46:a8:06:dd:4b:
                    db:a4:14:5f:70:87:ab:a9:09:8a:cd:3d:c6:69:13:
                    ac:88:91:27:13:eb:0c:77:f5:52:a2:88:6b:29:cb:
                    c9:ba:db:2a:f7:d1:75:7e:f7:d9:8e:9c:33:e3:59:
                    1b:60:48:73:cd:61:c6:92:37:99:b4:1f:39:89:41:
                    1b:bb:18:71:b6:97:80:2a:25:3b:2c:30:8a:b1:d9:
                    30:e5:9b:ef:83:7d:c4:98:9c:39:32:2b:9d:f6:de:
                    39:55:e4:85:c2:13:9c:ff:69:19:bd:40:2d:bc:8f:
                    82:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:B1:1E:A1:F0:73:F8:72:97:09:60:95:05:33:72:D4:08:BC:95:8F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/814a1304-f90c-4e23-82d9-6fe21bfdb541.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.144.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d1:84:cf:af:f3:e0:74:5d:b4:6a:dd:60:fa:ea:9d:18:6f:49:
         23:fa:f1:8f:a1:bb:a8:30:40:10:be:96:f9:7d:20:2c:5e:a2:
         0d:b6:ae:68:f5:76:3c:53:58:cf:be:53:d6:ab:c9:83:a7:cb:
         ca:a2:4f:9d:16:9f:ee:b4:19:97:91:8a:d9:bb:da:10:47:f8:
         e4:a8:7d:31:43:0a:44:58:23:4a:50:fd:6f:64:41:d2:37:e0:
         e8:77:43:20:76:b6:a9:34:4c:a3:1c:04:54:58:c5:3e:de:0d:
         51:ee:8e:e4:3b:f2:0e:85:92:87:f2:a4:22:d7:a8:fd:a3:3f:
         f8:d0:fc:d4:97:6e:8f:be:61:5b:6e:e3:9a:c9:68:b8:fe:ce:
         19:56:64:88:4b:16:fd:d7:05:9b:a6:71:16:cc:82:e4:e6:ff:
         b3:8c:6d:91:7c:3e:49:2d:dd:da:b7:7c:23:ba:62:f3:a7:7e:
         56:2c:d3:cb:f7:8e:7c:63:f8:6a:2c:3d:5d:28:65:b6:cc:92:
         32:12:15:5b:ea:23:ce:27:fe:0a:10:7c:95:cf:d0:45:dd:31:
         58:fe:98:17:ff:89:56:d6:59:a7:4d:18:e8:76:db:7b:4d:df:
         7a:13:6e:20:71:a7:fb:ce:dc:ef:ef:05:87:35:9e:e8:d9:5c:
         d8:cf:1c:82
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUa5MeWJ3VAyMFmIg94W2o5Bi6PjwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODMwMDAwMDE3WhcNMjUxMDA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNGUzNDNlMTM2NDIxYmZjMDhjZmNhNTc3NDJhNTZhYTU3
NjAzNWYyODZkNTg3YmIwYzQ0OTljNjFkMGVjMzc0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRfwEA2dzdSoVO85sh2zVIngpWhgpivYuL2656IdnGwcf3
shV+YmQs2/yy9FrpjDjQlIlKU+cJDbi+Fr+4WaWiS0d+XP2eU85ahXTapjyIIm0E
gbdUI2fNbK5fpCHOQzVHbYk0SemssRYtiLCioJ9gXn6s8rUFMaz22bCobM+BcSmS
rYycZMe25m40st3dWCpGqAbdS9ukFF9wh6upCYrNPcZpE6yIkScT6wx39VKiiGsp
y8m62yr30XV+99mOnDPjWRtgSHPNYcaSN5m0HzmJQRu7GHG2l4AqJTssMIqx2TDl
m++DfcSYnDkyK5323jlV5IXCE5z/aRm9QC28j4IBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUJrEeofBz+HKXCWCVBTNy1Ai8lY8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgxNGExMzA0LWY5MGMtNGUyMy04MmQ5LTZmZTIxYmZkYjU0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBokDANBgkqhkiG9w0BAQsFAAOCAQEA0YTPr/PgdF20at1g+uqdGG9JI/rx
j6G7qDBAEL6W+X0gLF6iDbauaPV2PFNYz75T1qvJg6fLyqJPnRaf7rQZl5GK2bva
EEf45Kh9MUMKRFgjSlD9b2RB0jfg6HdDIHa2qTRMoxwEVFjFPt4NUe6O5DvyDoWS
h/KkIteo/aM/+ND81Jduj75hW27jmslouP7OGVZkiEsW/dcFm6ZxFsyC5Ob/s4xt
kXw+SS3d2rd8I7pi86d+VizTy/eOfGP4aiw9XShltsySMhIVW+ojzif+ChB8lc/Q
Rd0xWP6YF/+JVtZZp00Y6Hbbe03fehNuIHGn+87c7+8FhzWe6Nlc2M8cgg==
-----END CERTIFICATE-----