Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1564f4a-7df0-4932-af96-1ebffff2e421.roa
File:                     b1564f4a-7df0-4932-af96-1ebffff2e421.roa (raw, json)
Hash identifier:          XeEEMnpFosi19JDMwXHeMAmeS8M3z4GusrR8TuhXEaE=
Subject key identifier:   D7:8A:4C:E4:A1:7B:D9:74:AF:26:03:FA:38:C1:59:A5:6C:24:60:A3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       69DD2136FE0A1B0B81CAF803886B92E8A486B10C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1564f4a-7df0-4932-af96-1ebffff2e421.roa
Signing time:             Wed 20 May 2026 00:11:04 +0000
ROA not before:           Wed 20 May 2026 00:11:04 +0000
ROA not after:            Tue 18 Aug 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        72.29.0.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 May 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:dd:21:36:fe:0a:1b:0b:81:ca:f8:03:88:6b:92:e8:a4:86:b1:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 20 00:11:04 2026 GMT
            Not After : Aug 18 23:59:59 2026 GMT
        Subject: serialNumber=7f688c02f23cc97e09fa952f1afde8d22fb5560061cf057958b52a61553bf128, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:93:11:21:7b:d5:0c:b2:f0:bf:8b:e6:f5:ef:
                    63:6f:fe:f8:4a:47:09:98:fe:fd:63:38:d2:fa:c9:
                    cf:c3:2b:51:aa:34:c4:39:1c:5f:7b:9e:0e:36:8f:
                    56:1e:e1:83:a1:ae:0a:58:25:bc:fd:a4:c0:8f:10:
                    04:00:91:16:76:ad:45:6d:6e:1a:39:da:90:9f:fb:
                    2a:11:b1:d6:9a:35:4a:aa:9d:70:32:15:e5:c2:c6:
                    20:42:17:09:50:c8:f2:cb:96:fc:e5:7e:3d:86:81:
                    4e:99:97:59:58:0c:c8:42:88:9f:c5:0b:7c:00:38:
                    09:00:69:9a:c2:da:4b:d0:40:3d:7c:ca:80:b4:b2:
                    2f:91:1a:99:b2:c0:24:d1:95:10:9f:c5:4d:98:ff:
                    b9:7c:3a:41:1b:bd:86:02:cb:c5:d6:a3:b3:f7:50:
                    c5:0a:65:c9:cd:1f:70:15:ae:26:86:f7:1b:8a:7e:
                    a3:7e:07:58:58:8e:b8:23:e7:19:6e:0a:30:99:63:
                    29:c5:d9:9b:69:cd:b2:68:c9:b9:60:ba:ed:d6:1e:
                    4f:22:d0:2d:09:a3:6b:62:1d:cd:5f:c3:73:dc:b2:
                    cc:c1:14:2e:00:a3:66:6c:b9:ce:b8:0b:67:77:58:
                    ca:9e:f4:ec:0d:9d:8d:8d:29:a3:bb:cb:bd:5c:6c:
                    8e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:8A:4C:E4:A1:7B:D9:74:AF:26:03:FA:38:C1:59:A5:6C:24:60:A3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1564f4a-7df0-4932-af96-1ebffff2e421.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.29.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         99:69:ec:d7:06:ca:16:19:d9:19:af:62:57:20:ec:d8:83:72:
         7a:d5:6c:84:d7:9e:d0:ce:11:a1:d1:5b:2d:41:98:5c:0f:6f:
         72:ef:77:b6:0d:65:75:23:f7:11:cc:7a:e8:63:13:74:cf:a0:
         c6:b5:59:b1:4b:47:2d:82:bb:2b:56:40:a2:d0:79:31:be:26:
         2d:e0:95:d5:83:66:fb:86:d8:5b:5b:26:a8:24:f3:48:76:f0:
         c8:7d:2e:f4:5b:26:db:5d:7a:94:b4:49:10:74:35:4f:8a:4f:
         6a:3e:56:26:16:db:44:c3:82:63:da:15:39:15:dc:54:07:34:
         0b:ed:8e:2e:07:f1:66:4c:91:30:f5:ad:a0:c0:73:de:cc:b6:
         8d:13:13:08:7f:dc:11:20:49:fc:08:50:f1:37:8f:47:f8:fd:
         f2:0a:e0:47:f1:ce:20:94:2d:4f:b7:3b:48:f9:90:64:88:9c:
         a0:28:a1:e8:3f:fe:d9:46:4b:98:71:e3:03:55:f2:14:a0:c6:
         6e:9f:ed:27:7b:a0:4e:89:63:67:d6:8d:1a:58:22:a2:c3:f2:
         00:2b:3f:e0:8c:b2:36:d5:fe:1e:1f:b9:d4:76:04:42:57:5d:
         3b:f3:3f:7f:e8:0c:fd:06:98:83:b8:32:6e:1f:25:96:89:c7:
         88:3c:0c:31
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUad0hNv4KGwuByvgDiGuS6KSGsQwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwNTIwMDAxMTA0WhcNMjYwODE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZjY4OGMwMmYyM2NjOTdlMDlmYTk1MmYxYWZkZThkMjJm
YjU1NjAwNjFjZjA1Nzk1OGI1MmE2MTU1M2JmMTI4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSkxEhe9UMsvC/i+b172Nv/vhKRwmY/v1jONL6yc/DK1Gq
NMQ5HF97ng42j1Ye4YOhrgpYJbz9pMCPEAQAkRZ2rUVtbho52pCf+yoRsdaaNUqq
nXAyFeXCxiBCFwlQyPLLlvzlfj2GgU6Zl1lYDMhCiJ/FC3wAOAkAaZrC2kvQQD18
yoC0si+RGpmywCTRlRCfxU2Y/7l8OkEbvYYCy8XWo7P3UMUKZcnNH3AVriaG9xuK
fqN+B1hYjrgj5xluCjCZYynF2ZtpzbJoyblguu3WHk8i0C0Jo2tiHc1fw3PcsszB
FC4Ao2Zsuc64C2d3WMqe9OwNnY2NKaO7y71cbI7PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU14pM5KF72XSvJgP6OMFZpWwkYKMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IxNTY0ZjRhLTdkZjAtNDkzMi1hZjk2LTFlYmZmZmYyZTQyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVIHQAwDQYJKoZIhvcNAQELBQADggEBAJlp7NcGyhYZ2RmvYlcg7NiDcnrV
bITXntDOEaHRWy1BmFwPb3Lvd7YNZXUj9xHMeuhjE3TPoMa1WbFLRy2CuytWQKLQ
eTG+Ji3gldWDZvuG2FtbJqgk80h28Mh9LvRbJttdepS0SRB0NU+KT2o+ViYW20TD
gmPaFTkV3FQHNAvtji4H8WZMkTD1raDAc97Mto0TEwh/3BEgSfwIUPE3j0f4/fIK
4EfxziCULU+3O0j5kGSInKAooeg//tlGS5hx4wNV8hSgxm6f7Sd7oE6JY2fWjRpY
IqLD8gArP+CMsjbV/h4fudR2BEJXXTvzP3/oDP0GmIO4Mm4fJZaJx4g8DDE=
-----END CERTIFICATE-----