Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3605182-73be-4b14-a693-b70c018bdd57.roa
File:                     b3605182-73be-4b14-a693-b70c018bdd57.roa (raw, json)
Hash identifier:          lPTPm1EXrJKm83jrRESNprC6NNlqNJwBDOwbiUZ7aNY=
Subject key identifier:   CB:DC:BD:ED:8A:E1:86:AA:73:34:6D:06:05:AB:9B:8D:17:AF:AA:67
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       558D62A4C402BD669364A54392C3F7DF0B734919
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3605182-73be-4b14-a693-b70c018bdd57.roa
Signing time:             Wed 29 Apr 2026 00:40:49 +0000
ROA not before:           Wed 29 Apr 2026 00:40:49 +0000
ROA not after:            Tue 28 Jul 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        130.171.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 06 May 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:8d:62:a4:c4:02:bd:66:93:64:a5:43:92:c3:f7:df:0b:73:49:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 29 00:40:49 2026 GMT
            Not After : Jul 28 23:59:59 2026 GMT
        Subject: serialNumber=7babf240f66c2a07199299bd494fbcd4f98759570041ec8e2ec83f975822ca2e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:54:c5:ca:45:ec:5c:2b:8f:aa:27:89:c6:52:
                    12:cb:87:cd:81:3a:e6:5f:24:ec:5d:2d:9b:d5:06:
                    7c:c0:50:ed:ac:f6:f6:35:3d:dd:a1:3b:e5:7b:fd:
                    45:80:bd:86:e9:22:24:a1:18:f2:b8:d2:b3:d9:82:
                    e0:4a:3e:07:ef:74:09:cd:4c:20:85:e2:7f:61:0b:
                    2a:11:46:ca:4b:9a:fb:b4:39:ba:c2:70:d2:ec:68:
                    c0:e8:df:92:3c:d9:31:c4:75:b4:47:9e:b5:6d:ca:
                    4d:a6:14:6a:23:2b:9e:8d:ec:eb:33:87:91:16:c6:
                    ce:39:f9:7e:a9:a7:5b:57:a9:e3:b0:55:f8:81:0e:
                    ea:77:af:96:f0:43:af:72:82:83:71:de:d9:15:91:
                    51:a2:c1:42:5f:f6:51:1f:d5:f0:1c:dd:2d:56:7a:
                    6a:6b:76:64:b9:75:b6:4d:96:3d:6b:30:09:5c:00:
                    18:ac:00:86:56:f5:8c:44:45:57:3f:a2:92:fc:4d:
                    52:fa:d1:c1:6c:2d:2f:2a:5e:91:59:4a:a2:e6:73:
                    ce:cf:cd:72:53:41:2c:27:24:c4:49:02:78:c7:ca:
                    ab:a7:39:68:ae:89:b1:5b:23:3d:ff:fc:20:50:b5:
                    bd:b4:c4:d9:9b:d3:21:28:18:02:15:3b:60:42:0d:
                    e8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:DC:BD:ED:8A:E1:86:AA:73:34:6D:06:05:AB:9B:8D:17:AF:AA:67
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3605182-73be-4b14-a693-b70c018bdd57.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.171.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8a:24:4e:e8:fb:af:1d:87:05:eb:cf:c2:7c:c0:fb:55:f4:a9:
         3c:35:b0:9a:06:ba:0d:ba:4b:97:a3:4d:3a:f0:ff:ab:b7:41:
         39:87:a3:d1:6a:04:95:53:e5:9f:94:c6:20:65:78:ae:3c:b8:
         fe:d1:dd:d5:fa:ff:65:cb:a7:e0:bc:61:8d:21:be:ba:8b:ef:
         c0:ce:0b:05:d9:4a:ba:ee:fa:96:c7:bc:68:09:a1:ae:1e:5e:
         a2:06:7a:49:63:8a:5e:06:95:3c:b6:4d:61:7d:b6:4a:19:16:
         bb:3c:41:5c:3d:2a:17:77:14:05:38:80:b8:db:49:30:fa:bd:
         7a:7e:31:0a:6a:cd:f6:c4:2d:10:bc:4a:75:0f:75:9c:a5:7d:
         70:d9:f6:db:9c:b1:73:79:fd:d7:69:7c:ca:8f:db:e9:d5:db:
         d8:18:a2:5a:1f:cf:16:ed:70:50:a6:1f:8f:59:c8:4c:5b:2e:
         c6:63:e8:8f:a9:de:2f:2e:a0:1a:1a:68:1f:20:36:7b:61:36:
         44:41:36:76:11:fc:4f:9c:47:8d:77:41:85:9b:f2:40:a6:86:
         36:7c:c6:2e:0d:70:29:59:33:b3:6a:bf:fc:5f:e6:ba:a3:6c:
         36:e0:ce:0e:e7:4e:8c:e7:88:4e:d5:94:d9:8f:47:65:c7:81:
         85:cc:48:5c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVY1ipMQCvWaTZKVDksP33wtzSRkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwNDI5MDA0MDQ5WhcNMjYwNzI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YmFiZjI0MGY2NmMyYTA3MTk5Mjk5YmQ0OTRmYmNkNGY5
ODc1OTU3MDA0MWVjOGUyZWM4M2Y5NzU4MjJjYTJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdVMXKRexcK4+qJ4nGUhLLh82BOuZfJOxdLZvVBnzAUO2s
9vY1Pd2hO+V7/UWAvYbpIiShGPK40rPZguBKPgfvdAnNTCCF4n9hCyoRRspLmvu0
ObrCcNLsaMDo35I82THEdbRHnrVtyk2mFGojK56N7Oszh5EWxs45+X6pp1tXqeOw
VfiBDup3r5bwQ69ygoNx3tkVkVGiwUJf9lEf1fAc3S1WemprdmS5dbZNlj1rMAlc
ABisAIZW9YxERVc/opL8TVL60cFsLS8qXpFZSqLmc87PzXJTQSwnJMRJAnjHyqun
OWiuibFbIz3//CBQtb20xNmb0yEoGAIVO2BCDehPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUy9y97YrhhqpzNG0GBaubjRevqmcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzNjA1MTgyLTczYmUtNGIxNC1hNjkzLWI3MGMwMThiZGQ1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCCqzANBgkqhkiG9w0BAQsFAAOCAQEAiiRO6PuvHYcF68/CfMD7VfSpPDWw
mga6DbpLl6NNOvD/q7dBOYej0WoElVPln5TGIGV4rjy4/tHd1fr/Zcun4LxhjSG+
uovvwM4LBdlKuu76lse8aAmhrh5eogZ6SWOKXgaVPLZNYX22ShkWuzxBXD0qF3cU
BTiAuNtJMPq9en4xCmrN9sQtELxKdQ91nKV9cNn225yxc3n912l8yo/b6dXb2Bii
Wh/PFu1wUKYfj1nITFsuxmPoj6neLy6gGhpoHyA2e2E2REE2dhH8T5xHjXdBhZvy
QKaGNnzGLg1wKVkzs2q//F/muqNsNuDODudOjOeITtWU2Y9HZceBhcxIXA==
-----END CERTIFICATE-----