Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/971b4b94-b3ff-4b97-b75c-82fc03505333.roa
File:                     971b4b94-b3ff-4b97-b75c-82fc03505333.roa (raw, json)
Hash identifier:          8HJcIv1iDBWz/sBqIpsdIySoz3vcDkwFEQEXnz4ys7g=
Subject key identifier:   91:05:DC:90:9E:5C:D6:CD:3A:A0:E5:64:04:91:3E:7B:3C:B1:15:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       50B519691F567858B849DEFA32E0B4D2A37EF651
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/971b4b94-b3ff-4b97-b75c-82fc03505333.roa
Signing time:             Fri 19 Jun 2026 00:00:04 +0000
ROA not before:           Fri 19 Jun 2026 00:00:04 +0000
ROA not after:            Thu 17 Sep 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        54.20.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 20 Jun 2026 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:b5:19:69:1f:56:78:58:b8:49:de:fa:32:e0:b4:d2:a3:7e:f6:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 19 00:00:04 2026 GMT
            Not After : Sep 17 23:59:59 2026 GMT
        Subject: serialNumber=4bee42c01812a05e23c1512a7b82173478db2d217a1ab92b8cb941e1b5067e2c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:12:93:8f:f0:8a:8e:a2:2d:a7:6a:ef:36:c4:
                    2a:0c:56:d5:47:ac:a3:f8:1e:db:ed:56:57:bf:51:
                    bc:a2:dd:f6:99:3f:80:eb:80:d8:2d:81:23:b9:df:
                    2d:f2:6a:41:5a:94:b4:e8:e9:c9:c9:e0:82:c7:f2:
                    c0:38:fd:c6:38:3b:85:1f:74:ae:7a:38:7e:88:da:
                    c7:a9:fb:ff:87:3c:e9:20:34:e6:0c:45:e1:3d:18:
                    03:02:a3:15:00:ca:67:80:41:5a:fb:c4:97:6f:ce:
                    6a:79:f4:8c:9e:00:d5:09:39:93:49:b0:f2:50:a7:
                    4d:41:e3:d4:2f:7b:1c:8f:86:c5:f0:61:7e:a5:78:
                    85:d6:b7:33:99:08:0f:23:af:3b:25:89:d1:e7:29:
                    33:28:ad:a2:c3:5b:6c:6a:2d:c8:ec:22:7b:ff:ba:
                    4c:08:12:95:35:c1:60:3f:65:29:34:7d:ec:6b:d9:
                    65:97:7d:95:ab:1f:eb:2e:73:65:fd:11:77:f6:c7:
                    52:89:a4:ba:f1:b0:88:5f:86:2c:d6:45:60:77:da:
                    c0:f2:73:ab:93:81:1f:48:27:13:81:9c:c3:3f:f6:
                    1f:cf:86:b8:99:84:78:1d:41:6e:4f:62:6e:9c:d3:
                    08:a6:2c:48:df:f0:fc:44:24:72:90:a4:bf:ca:02:
                    8d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:05:DC:90:9E:5C:D6:CD:3A:A0:E5:64:04:91:3E:7B:3C:B1:15:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/971b4b94-b3ff-4b97-b75c-82fc03505333.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.20.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         18:e9:77:ce:e1:79:3b:0a:35:26:8d:4c:e5:68:57:dd:dd:18:
         2b:0f:a6:11:52:eb:40:5a:95:27:c4:34:7f:ca:92:11:53:b5:
         32:64:fd:38:9a:46:57:c5:78:34:2d:e2:8a:32:a2:c7:30:37:
         90:42:8c:df:ee:2c:2a:09:12:6e:bc:3e:bb:a6:3d:11:07:d8:
         d0:36:0a:5d:4f:50:7f:19:cd:d5:ed:e1:ef:60:f6:9d:b0:37:
         88:cd:a8:37:7e:2b:56:28:1e:3b:cc:10:62:b2:33:5d:f2:f6:
         00:63:d0:6d:c5:42:a4:7f:f0:83:51:c0:85:9f:fd:67:14:38:
         3b:ab:1e:34:1e:2d:84:99:00:56:f3:f0:26:97:68:02:0c:82:
         de:2b:32:89:40:90:54:90:e8:66:e7:bd:72:ed:f7:e9:9d:f9:
         17:72:36:74:5b:db:ee:0b:7f:1c:4b:94:37:16:c8:8d:10:90:
         90:3a:94:53:f2:a5:b7:98:40:64:02:13:5f:5d:ff:b6:63:dc:
         cb:cc:1c:f6:a3:c3:89:e0:37:6a:1f:20:8f:13:90:d2:4f:c5:
         50:b8:5b:93:82:4b:64:67:40:1a:72:28:2f:6f:9a:6c:31:65:
         b4:6e:4f:84:90:b8:73:5a:ef:0c:ff:f0:0a:31:2d:8f:56:cb:
         56:f2:03:58
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUULUZaR9WeFi4Sd76MuC00qN+9lEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwNjE5MDAwMDA0WhcNMjYwOTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YmVlNDJjMDE4MTJhMDVlMjNjMTUxMmE3YjgyMTczNDc4
ZGIyZDIxN2ExYWI5MmI4Y2I5NDFlMWI1MDY3ZTJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpEpOP8IqOoi2nau82xCoMVtVHrKP4HtvtVle/Ubyi3faZ
P4DrgNgtgSO53y3yakFalLTo6cnJ4ILH8sA4/cY4O4UfdK56OH6I2sep+/+HPOkg
NOYMReE9GAMCoxUAymeAQVr7xJdvzmp59IyeANUJOZNJsPJQp01B49QvexyPhsXw
YX6leIXWtzOZCA8jrzslidHnKTMoraLDW2xqLcjsInv/ukwIEpU1wWA/ZSk0fexr
2WWXfZWrH+suc2X9EXf2x1KJpLrxsIhfhizWRWB32sDyc6uTgR9IJxOBnMM/9h/P
hriZhHgdQW5PYm6c0wimLEjf8PxEJHKQpL/KAo1fAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUkQXckJ5c1s06oOVkBJE+ezyxFX0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk3MWI0Yjk0LWIzZmYtNGI5Ny1iNzVjLTgyZmMwMzUwNTMzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2FDANBgkqhkiG9w0BAQsFAAOCAQEAGOl3zuF5Owo1Jo1M5WhX3d0YKw+m
EVLrQFqVJ8Q0f8qSEVO1MmT9OJpGV8V4NC3iijKixzA3kEKM3+4sKgkSbrw+u6Y9
EQfY0DYKXU9QfxnN1e3h72D2nbA3iM2oN34rVigeO8wQYrIzXfL2AGPQbcVCpH/w
g1HAhZ/9ZxQ4O6seNB4thJkAVvPwJpdoAgyC3isyiUCQVJDoZue9cu336Z35F3I2
dFvb7gt/HEuUNxbIjRCQkDqUU/Klt5hAZAITX13/tmPcy8wc9qPDieA3ah8gjxOQ
0k/FULhbk4JLZGdAGnIoL2+abDFltG5PhJC4c1rvDP/wCjEtj1bLVvIDWA==
-----END CERTIFICATE-----