Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ae8d221b-7c83-4dd1-ba17-96784666216f.roa
File:                     ae8d221b-7c83-4dd1-ba17-96784666216f.roa (raw, json)
Hash identifier:          9vqAuEtbzGDOsVUfye+eqgBx7qA78yLeROKaVwZ71TQ=
Subject key identifier:   88:1E:6A:D4:2B:23:CB:C4:A9:B3:6E:B8:AF:B9:6F:3D:C2:AC:65:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       15D797F05B59B167D68996EC5580149FDBA1F2AE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ae8d221b-7c83-4dd1-ba17-96784666216f.roa
Signing time:             Tue 12 Aug 2025 15:01:07 +0000
ROA not before:           Tue 12 Aug 2025 15:01:07 +0000
ROA not after:            Tue 16 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.83.64.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 21 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:d7:97:f0:5b:59:b1:67:d6:89:96:ec:55:80:14:9f:db:a1:f2:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 12 15:01:07 2025 GMT
            Not After : Sep 16 23:59:59 2025 GMT
        Subject: serialNumber=e86c67f0c4385c6f9db49c7d2b6494ad161579a70a5a878a4ef21bffcb63a9ee, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:84:f1:f8:86:5e:a5:0d:18:28:01:cf:6d:05:
                    90:4b:ea:f3:86:f0:1d:51:fa:5f:c5:02:0d:c4:7e:
                    66:5d:31:9e:f2:0e:7d:89:59:fb:9e:71:8c:78:f1:
                    94:86:d6:cd:48:0d:f0:4e:9e:ee:db:7a:7d:12:6f:
                    60:b1:90:b5:89:29:fa:a6:b3:ac:59:0f:43:2c:cd:
                    ba:e8:bb:d7:07:4b:52:f6:d4:5f:74:d1:5b:f3:1e:
                    17:44:cc:3d:37:70:38:6c:07:66:02:0b:b5:f6:22:
                    c0:94:66:23:36:86:0a:f4:2b:5a:de:75:78:95:ef:
                    ed:72:f5:97:40:b2:31:0e:ff:fc:50:ac:6e:ab:a4:
                    6a:54:d7:9b:d3:ef:ce:b9:cd:e8:93:12:8b:aa:31:
                    78:8e:13:43:c0:b8:bb:8c:ba:4d:a5:4c:27:a5:85:
                    cf:f1:19:32:1a:49:f2:64:eb:80:01:65:a1:b6:fe:
                    9a:c4:42:9c:10:d1:c1:36:d9:d5:ab:2e:43:54:8c:
                    69:fb:df:d1:57:31:b8:12:85:45:2e:b2:79:6c:60:
                    bd:0d:56:5d:e4:1d:f1:9a:37:68:c6:43:b3:b2:2d:
                    e2:ef:1e:fc:21:49:0c:76:88:fd:a5:9d:2b:5a:06:
                    f0:49:09:a9:d6:bc:00:e7:7b:b5:b2:0a:61:44:56:
                    00:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:1E:6A:D4:2B:23:CB:C4:A9:B3:6E:B8:AF:B9:6F:3D:C2:AC:65:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ae8d221b-7c83-4dd1-ba17-96784666216f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.83.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         0b:f4:91:69:62:b7:c0:36:12:d0:aa:b3:f6:e9:ff:05:5d:c4:
         83:f0:d5:26:36:f6:2e:77:e4:b5:55:0e:5b:84:2f:f5:9f:e5:
         17:54:fd:6a:cb:13:cb:07:83:50:74:2c:91:82:33:fe:27:7e:
         98:be:43:ad:98:06:e3:b9:77:3c:c1:d6:44:a7:a3:04:cf:2f:
         8c:68:b9:bc:d4:c0:16:30:ba:07:8b:25:ef:90:63:6d:31:f4:
         f8:2a:e5:52:a3:80:b4:f8:9b:2f:76:ae:37:20:96:7b:56:66:
         0e:d9:02:7d:be:87:14:db:19:49:fe:9b:bf:80:7b:2e:7e:c0:
         24:f7:54:11:4f:4a:c4:d3:fd:0a:9b:07:e4:e8:68:38:a8:41:
         60:29:81:e5:dc:33:ff:de:85:38:c2:55:86:db:b3:bb:73:2a:
         90:dc:35:dc:90:0e:0d:e2:f7:bd:c3:7c:7d:8e:19:1e:86:14:
         22:6d:1a:29:f1:d3:fd:ac:c1:da:5e:f7:59:57:cc:ec:d8:53:
         55:fa:cf:3f:52:45:22:57:ec:9f:54:97:13:cd:de:76:18:e5:
         b8:66:8c:f6:dc:d1:d4:d4:86:71:32:42:60:77:da:de:cf:5d:
         fa:08:50:0e:ca:76:b1:6a:c8:1f:93:bb:d5:82:b5:94:6e:ce:
         67:be:88:f6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFdeX8FtZsWfWiZbsVYAUn9uh8q4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODEyMTUwMTA3WhcNMjUwOTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlODZjNjdmMGM0Mzg1YzZmOWRiNDljN2QyYjY0OTRhZDE2
MTU3OWE3MGE1YTg3OGE0ZWYyMWJmZmNiNjNhOWVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzhPH4hl6lDRgoAc9tBZBL6vOG8B1R+l/FAg3EfmZdMZ7y
Dn2JWfuecYx48ZSG1s1IDfBOnu7ben0Sb2CxkLWJKfqms6xZD0Mszbrou9cHS1L2
1F900VvzHhdEzD03cDhsB2YCC7X2IsCUZiM2hgr0K1redXiV7+1y9ZdAsjEO//xQ
rG6rpGpU15vT7865zeiTEouqMXiOE0PAuLuMuk2lTCelhc/xGTIaSfJk64ABZaG2
/prEQpwQ0cE22dWrLkNUjGn739FXMbgShUUusnlsYL0NVl3kHfGaN2jGQ7OyLeLv
HvwhSQx2iP2lnStaBvBJCanWvADne7WyCmFEVgAPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiB5q1Csjy8Sps264r7lvPcKsZZMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FlOGQyMjFiLTdjODMtNGRkMS1iYTE3LTk2Nzg0NjY2MjE2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZjU0AwDQYJKoZIhvcNAQELBQADggEBAAv0kWlit8A2EtCqs/bp/wVdxIPw
1SY29i535LVVDluEL/Wf5RdU/WrLE8sHg1B0LJGCM/4nfpi+Q62YBuO5dzzB1kSn
owTPL4xoubzUwBYwugeLJe+QY20x9Pgq5VKjgLT4my92rjcglntWZg7ZAn2+hxTb
GUn+m7+Aey5+wCT3VBFPSsTT/QqbB+ToaDioQWApgeXcM//ehTjCVYbbs7tzKpDc
NdyQDg3i973DfH2OGR6GFCJtGinx0/2swdpe91lXzOzYU1X6zz9SRSJX7J9UlxPN
3nYY5bhmjPbc0dTUhnEyQmB32t7PXfoIUA7KdrFqyB+Tu9WCtZRuzme+iPY=
-----END CERTIFICATE-----