Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d845b310-ed3d-4505-8597-970be13c03af.roa
File:                     d845b310-ed3d-4505-8597-970be13c03af.roa (raw, json)
Hash identifier:          jqxPWNSsJ2btvFrqAa0A/FtixzPZrrK+l2lr+bF/ZLM=
Subject key identifier:   DB:53:C4:A9:9C:6D:B2:99:5F:B5:1C:7E:8B:1D:00:27:1D:B7:E0:52
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E8CF2DFED887607A3D14207F2321B99AE31DF93
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d845b310-ed3d-4505-8597-970be13c03af.roa
Signing time:             Mon 16 Jun 2025 15:01:04 +0000
ROA not before:           Mon 16 Jun 2025 15:01:04 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        156.4.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 04 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:8c:f2:df:ed:88:76:07:a3:d1:42:07:f2:32:1b:99:ae:31:df:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 16 15:01:04 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=c803d24b5c633772ce2a9944df2d2a1a92ddaf5687ba60b403251369e84ff731, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6d:97:44:32:ff:88:02:1d:df:c5:7b:98:60:
                    b3:28:39:54:5e:ab:47:92:ea:bc:73:9d:2d:ca:6c:
                    de:78:78:5a:5a:61:49:8b:f6:88:35:62:6c:29:e3:
                    08:e9:93:26:5f:6f:c2:fd:22:bc:91:1b:b1:7d:1c:
                    13:0a:98:7e:19:5d:d1:68:16:57:61:9b:12:83:99:
                    8a:80:b5:89:e0:07:20:20:b5:27:fd:da:4f:b4:98:
                    90:b9:fd:15:f5:80:8a:10:19:c1:a2:e1:ef:fb:0b:
                    80:b7:c5:5d:1d:77:ed:2e:e7:0c:a9:d3:e5:ed:23:
                    51:4c:ec:82:49:1d:6e:76:6c:7e:11:4f:30:e5:da:
                    1f:b2:31:ad:36:c6:c8:f3:f2:ed:9b:26:7b:93:b8:
                    71:92:f2:27:36:77:4d:e2:f7:f2:f2:78:28:22:a0:
                    30:4e:34:31:71:b0:c1:9f:88:ce:d4:ab:8e:7f:58:
                    1e:98:19:7a:53:6b:2f:f3:55:1c:5e:ca:fc:6e:69:
                    26:16:81:47:b8:02:3e:ea:7b:5d:f2:9e:fd:f3:a0:
                    ef:fe:25:73:7f:d4:16:8a:73:41:6a:18:90:20:8e:
                    c2:df:60:2f:a8:e2:9e:17:a1:81:6f:34:1e:ce:ab:
                    6d:19:45:83:22:04:0a:d0:6c:94:db:68:2a:e8:86:
                    89:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:53:C4:A9:9C:6D:B2:99:5F:B5:1C:7E:8B:1D:00:27:1D:B7:E0:52
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d845b310-ed3d-4505-8597-970be13c03af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.4.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         ca:e6:6f:e1:0d:77:d4:03:60:ae:c1:9e:fc:6f:32:df:6c:29:
         c7:48:c3:1c:44:de:02:a5:da:a4:03:c9:41:8c:a2:1d:69:f4:
         3a:51:21:7a:32:54:04:49:42:46:af:c4:9b:3e:57:62:8d:fc:
         e7:83:8e:c7:65:56:95:e0:18:d5:61:14:a2:57:60:fe:9d:7f:
         77:e5:c3:94:23:2b:d8:ce:06:44:ef:71:c8:32:b4:fe:83:b0:
         ae:df:6d:4d:38:0d:c4:29:7f:10:43:0b:44:9a:d3:b6:b6:ba:
         ee:f5:7a:20:e1:d2:ba:0d:a9:df:cf:9a:3a:33:6d:68:5e:a4:
         f8:9a:b9:98:30:77:c9:c8:22:6e:b5:ce:82:d5:bd:63:f5:32:
         94:0e:97:8b:6d:29:cd:f1:63:76:ac:6f:07:a2:7d:0c:51:61:
         f5:40:1e:1c:7b:d0:98:3c:54:76:a9:9d:b6:f0:ac:d2:27:84:
         9e:07:e2:b0:bd:fe:b7:9d:6d:ea:9d:d5:a1:0d:cf:ca:27:7a:
         51:23:6b:fd:c0:58:be:03:ae:b5:e4:ca:69:d5:aa:9a:a9:35:
         2d:44:f7:3b:86:52:ea:06:71:53:7f:dd:2f:e2:a9:bc:32:90:
         f7:9a:e8:7c:69:a6:bf:da:07:c9:0a:5a:87:03:5d:a9:a1:43:
         d0:c0:cc:c4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbozy3+2Idgej0UIH8jIbma4x35MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE2MTUwMTA0WhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjODAzZDI0YjVjNjMzNzcyY2UyYTk5NDRkZjJkMmExYTky
ZGRhZjU2ODdiYTYwYjQwMzI1MTM2OWU4NGZmNzMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCubZdEMv+IAh3fxXuYYLMoOVReq0eS6rxznS3KbN54eFpa
YUmL9og1Ymwp4wjpkyZfb8L9IryRG7F9HBMKmH4ZXdFoFldhmxKDmYqAtYngByAg
tSf92k+0mJC5/RX1gIoQGcGi4e/7C4C3xV0dd+0u5wyp0+XtI1FM7IJJHW52bH4R
TzDl2h+yMa02xsjz8u2bJnuTuHGS8ic2d03i9/LyeCgioDBONDFxsMGfiM7Uq45/
WB6YGXpTay/zVRxeyvxuaSYWgUe4Aj7qe13ynv3zoO/+JXN/1BaKc0FqGJAgjsLf
YC+o4p4XoYFvNB7Oq20ZRYMiBArQbJTbaCroholtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU21PEqZxtsplftRx+ix0AJx234FIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4NDViMzEwLWVkM2QtNDUwNS04NTk3LTk3MGJlMTNjMDNhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwGcBDANBgkqhkiG9w0BAQsFAAOCAQEAyuZv4Q131ANgrsGe/G8y32wpx0jD
HETeAqXapAPJQYyiHWn0OlEhejJUBElCRq/Emz5XYo3854OOx2VWleAY1WEUoldg
/p1/d+XDlCMr2M4GRO9xyDK0/oOwrt9tTTgNxCl/EEMLRJrTtra67vV6IOHSug2p
38+aOjNtaF6k+Jq5mDB3ycgibrXOgtW9Y/UylA6Xi20pzfFjdqxvB6J9DFFh9UAe
HHvQmDxUdqmdtvCs0ieEngfisL3+t51t6p3VoQ3Pyid6USNr/cBYvgOuteTKadWq
mqk1LUT3O4ZS6gZxU3/dL+KpvDKQ95rofGmmv9oHyQpahwNdqaFD0MDMxA==
-----END CERTIFICATE-----
Generated at Thu Jul 3 04:55:39 2025 by rpki-client