Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c79dcfe0-da44-47d0-b8f4-144bb5e244fd.roa
File:                     c79dcfe0-da44-47d0-b8f4-144bb5e244fd.roa (raw, json)
Hash identifier:          2PwO1Q++I/0LKnBaEEFlrmgSeiiDrazRmGFiJrvFPzw=
Subject key identifier:   1F:B7:A4:9A:51:10:0F:77:E9:93:28:03:35:13:67:93:0E:4D:02:D2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       75032998FF08343C9A6391E1171D8FA0C387E93A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c79dcfe0-da44-47d0-b8f4-144bb5e244fd.roa
Signing time:             Tue 26 Aug 2025 15:11:02 +0000
ROA not before:           Tue 26 Aug 2025 15:11:02 +0000
ROA not after:            Tue 30 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        148.65.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 07 Sep 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:03:29:98:ff:08:34:3c:9a:63:91:e1:17:1d:8f:a0:c3:87:e9:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 26 15:11:02 2025 GMT
            Not After : Sep 30 23:59:59 2025 GMT
        Subject: serialNumber=451b3324d801544efbfcbc4c88904161a02e028af43a89323ad62903d647c07d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:bb:45:4a:80:0a:1c:4f:63:5d:f9:f5:a7:33:
                    60:0b:d2:0d:4b:20:b8:90:e4:85:8a:55:4b:83:29:
                    99:98:8c:25:ab:3a:9a:aa:3c:7f:9e:fd:0a:20:9f:
                    d1:7d:de:a4:1f:21:0e:67:7e:30:b2:b7:62:60:32:
                    9a:3f:f1:31:5c:a3:38:d2:2e:35:98:fe:13:e7:f7:
                    20:39:81:04:01:6b:02:ef:44:cb:0b:32:23:c0:9f:
                    85:65:25:01:a8:94:4f:e9:ec:14:df:08:27:e3:fb:
                    c4:1f:e5:d9:27:20:14:55:66:5c:83:3f:5a:f7:8d:
                    1c:67:ca:33:ae:af:33:fd:4d:b9:ac:5c:ba:8f:5e:
                    43:0c:fb:0b:aa:11:d0:73:79:7c:4c:f7:f1:6d:bf:
                    27:23:84:ea:f3:2c:17:f4:b1:12:be:3d:46:98:58:
                    db:ca:1e:a5:7e:f8:41:8f:9a:7b:44:44:ef:04:7d:
                    f3:67:ca:5e:16:c0:d4:34:4d:fb:8e:b9:54:74:77:
                    2e:68:7b:a0:a6:71:01:ac:b5:18:99:a9:9e:ac:6e:
                    3c:0f:4a:2a:38:1b:12:7c:75:0a:51:9b:f9:ef:9d:
                    37:54:3e:07:a6:28:b2:d5:79:c2:a1:04:38:f8:c8:
                    dd:de:d8:8a:96:36:d8:8b:1d:27:33:75:8c:a7:ca:
                    b1:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:B7:A4:9A:51:10:0F:77:E9:93:28:03:35:13:67:93:0E:4D:02:D2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c79dcfe0-da44-47d0-b8f4-144bb5e244fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.65.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2a:9a:76:3e:ca:19:b8:51:2e:6d:cb:8e:15:3e:23:34:52:e4:
         04:e1:5f:d6:2f:57:6d:1f:c8:92:49:bc:93:07:69:fd:5c:af:
         fe:ed:04:82:84:2f:b7:1c:65:7a:e4:ca:cc:1a:88:e7:f3:da:
         ed:fe:fe:e9:f8:fc:af:4d:23:da:8f:1e:2c:4a:f3:79:07:2a:
         17:6f:01:bb:a7:94:73:2c:09:a3:12:49:22:86:b2:34:e2:d9:
         01:8b:d2:85:f9:66:2a:72:fa:f3:66:7b:0a:96:8c:73:be:8d:
         4b:9e:e4:d4:9f:ab:c1:a5:6f:41:79:12:3c:e5:88:e3:2a:69:
         a7:0c:33:da:f8:f2:63:7f:69:ac:89:98:ee:df:fa:05:ec:5d:
         2a:f8:bb:30:34:c1:7d:aa:70:42:b7:a0:1e:0d:8e:4f:bb:78:
         e2:7b:0e:87:8f:0b:73:c0:06:f8:5d:df:10:93:28:b1:1e:33:
         99:05:e0:16:20:35:ba:2a:16:d6:40:35:12:df:b1:f1:22:02:
         af:a4:f8:1e:a0:2c:30:b7:ad:1b:5a:66:4a:6c:bb:a8:4f:2b:
         71:8b:b4:d8:85:0e:ac:15:ad:75:86:fb:1d:b9:81:7a:75:dc:
         ea:8f:34:c8:e9:d5:d2:54:46:9d:8a:82:53:77:e0:01:b7:62:
         60:e0:70:d9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdQMpmP8INDyaY5HhFx2PoMOH6TowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODI2MTUxMTAyWhcNMjUwOTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTFiMzMyNGQ4MDE1NDRlZmJmY2JjNGM4ODkwNDE2MWEw
MmUwMjhhZjQzYTg5MzIzYWQ2MjkwM2Q2NDdjMDdkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfu0VKgAocT2Nd+fWnM2AL0g1LILiQ5IWKVUuDKZmYjCWr
OpqqPH+e/Qogn9F93qQfIQ5nfjCyt2JgMpo/8TFcozjSLjWY/hPn9yA5gQQBawLv
RMsLMiPAn4VlJQGolE/p7BTfCCfj+8Qf5dknIBRVZlyDP1r3jRxnyjOurzP9Tbms
XLqPXkMM+wuqEdBzeXxM9/FtvycjhOrzLBf0sRK+PUaYWNvKHqV++EGPmntERO8E
ffNnyl4WwNQ0TfuOuVR0dy5oe6CmcQGstRiZqZ6sbjwPSio4GxJ8dQpRm/nvnTdU
PgemKLLVecKhBDj4yN3e2IqWNtiLHSczdYynyrHhAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUH7ekmlEQD3fpkygDNRNnkw5NAtIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M3OWRjZmUwLWRhNDQtNDdkMC1iOGY0LTE0NGJiNWUyNDRmZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCUQTANBgkqhkiG9w0BAQsFAAOCAQEAKpp2PsoZuFEubcuOFT4jNFLkBOFf
1i9XbR/Ikkm8kwdp/Vyv/u0EgoQvtxxleuTKzBqI5/Pa7f7+6fj8r00j2o8eLErz
eQcqF28Bu6eUcywJoxJJIoayNOLZAYvShflmKnL682Z7CpaMc76NS57k1J+rwaVv
QXkSPOWI4ypppwwz2vjyY39prImY7t/6BexdKvi7MDTBfapwQregHg2OT7t44nsO
h48Lc8AG+F3fEJMosR4zmQXgFiA1uioW1kA1Et+x8SICr6T4HqAsMLetG1pmSmy7
qE8rcYu02IUOrBWtdYb7HbmBenXc6o80yOnV0lRGnYqCU3fgAbdiYOBw2Q==
-----END CERTIFICATE-----