Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d886ebf-617b-43d5-b3bf-9bb78bd0c0b6.roa
File:                     6d886ebf-617b-43d5-b3bf-9bb78bd0c0b6.roa (raw, json)
Hash identifier:          OGjgQYqkQBmC0nO0p0cYRKzfYrwtgj6S9hGubECRrU0=
Subject key identifier:   C1:CC:02:69:D9:86:C7:69:10:9A:33:23:28:25:FB:DC:D7:2B:29:F8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3CF4EC0040F30A52994D64BC777056F62CC61F2D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d886ebf-617b-43d5-b3bf-9bb78bd0c0b6.roa
Signing time:             Tue 08 Jul 2025 00:50:58 +0000
ROA not before:           Tue 08 Jul 2025 00:50:58 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        204.236.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:f4:ec:00:40:f3:0a:52:99:4d:64:bc:77:70:56:f6:2c:c6:1f:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  8 00:50:58 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=9eef7712ea2f6e695ebeff05353cafbaa5de32f89f20170a76e65e51317d0d9b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f5:18:4e:e6:85:9d:cb:7b:00:04:e4:9b:46:
                    90:e0:ed:5f:2e:d8:ca:ce:ef:7b:df:e1:3e:3b:cb:
                    94:15:fe:e8:93:39:54:cd:54:a7:0a:6f:48:22:ee:
                    15:d8:51:42:f1:42:33:e9:9d:ca:e9:d5:60:9f:16:
                    bf:47:09:98:a9:f5:7c:9b:df:8a:a2:2d:4a:5d:06:
                    1c:98:c9:5f:2d:59:b9:45:9a:ba:59:cc:97:03:4f:
                    21:f1:c1:33:9e:d4:67:d8:58:75:f1:0b:15:e8:18:
                    d7:3e:80:75:8a:28:36:8c:35:b7:f8:47:65:b1:a2:
                    c6:21:2f:bd:dd:07:ae:2e:28:6e:be:56:c4:44:d4:
                    ff:0d:c4:99:40:d7:44:5c:16:02:b9:3e:b7:d1:91:
                    70:5d:41:a5:86:31:7e:48:e7:82:ab:d4:6a:69:13:
                    f6:2f:e9:5f:25:32:be:55:bc:4f:bf:53:f6:78:97:
                    c8:db:f5:4f:34:6f:48:a0:95:16:f4:6d:55:81:9b:
                    28:b7:3d:88:b4:98:7f:4d:5b:ca:9c:03:31:c1:88:
                    8c:18:90:5e:36:63:6f:91:b6:97:78:41:e1:b1:09:
                    86:3e:4e:7e:ca:ee:59:7b:94:42:87:4a:fd:6e:98:
                    14:76:07:77:ab:4c:55:96:4b:fb:b7:3b:8b:b1:ea:
                    06:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:CC:02:69:D9:86:C7:69:10:9A:33:23:28:25:FB:DC:D7:2B:29:F8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6d886ebf-617b-43d5-b3bf-9bb78bd0c0b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.236.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:07:b3:62:ed:34:f8:c5:30:ce:23:ec:05:a9:b4:2b:01:a3:
         ca:e1:ab:3e:3b:82:f2:5f:79:c9:b3:7c:76:d8:24:47:53:66:
         c7:cd:38:b8:d1:5a:73:5f:b7:d8:37:a8:76:c8:70:c4:47:04:
         bf:c1:60:f4:42:30:b1:68:3a:b3:d4:14:16:e5:68:06:57:5c:
         9b:44:71:8e:a9:3a:85:fc:1d:bf:bb:a3:3f:f7:1a:86:e7:51:
         e1:fa:c6:62:10:02:3e:95:9b:1d:35:59:66:83:ca:05:35:b4:
         86:2c:da:e5:89:6f:c0:cf:15:22:d6:59:a8:c8:3c:86:51:25:
         2b:e5:e8:d7:74:56:88:17:43:c1:c7:05:c3:07:c3:0e:cf:07:
         97:01:27:19:39:80:97:a2:b8:76:68:d2:97:13:2b:38:c6:22:
         9b:bf:d8:04:1f:79:ad:44:72:91:60:97:df:a8:13:53:14:5a:
         2d:49:0f:4b:f4:79:93:61:20:22:db:f5:a0:4e:ce:c4:dc:45:
         6b:8f:75:22:b5:ad:d3:ba:43:bf:a9:92:00:27:90:c9:b5:19:
         18:8c:a4:e5:33:e3:2f:eb:dc:09:6c:bb:a5:09:b0:f1:a9:96:
         94:7b:c3:2e:a7:4c:7e:8c:74:1e:15:4b:16:87:a9:0a:ed:59:
         be:31:3a:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPPTsAEDzClKZTWS8d3BW9izGHy0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzA4MDA1MDU4WhcNMjUwODEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZWVmNzcxMmVhMmY2ZTY5NWViZWZmMDUzNTNjYWZiYWE1
ZGUzMmY4OWYyMDE3MGE3NmU2NWU1MTMxN2QwZDliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCr9RhO5oWdy3sABOSbRpDg7V8u2MrO73vf4T47y5QV/uiT
OVTNVKcKb0gi7hXYUULxQjPpncrp1WCfFr9HCZip9Xyb34qiLUpdBhyYyV8tWblF
mrpZzJcDTyHxwTOe1GfYWHXxCxXoGNc+gHWKKDaMNbf4R2WxosYhL73dB64uKG6+
VsRE1P8NxJlA10RcFgK5PrfRkXBdQaWGMX5I54Kr1GppE/Yv6V8lMr5VvE+/U/Z4
l8jb9U80b0iglRb0bVWBmyi3PYi0mH9NW8qcAzHBiIwYkF42Y2+Rtpd4QeGxCYY+
Tn7K7ll7lEKHSv1umBR2B3erTFWWS/u3O4ux6gZHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwcwCadmGx2kQmjMjKCX73NcrKfgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZkODg2ZWJmLTYxN2ItNDNkNS1iM2JmLTliYjc4YmQwYzBiNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALM7NwwDQYJKoZIhvcNAQELBQADggEBAHcHs2LtNPjFMM4j7AWptCsBo8rh
qz47gvJfecmzfHbYJEdTZsfNOLjRWnNft9g3qHbIcMRHBL/BYPRCMLFoOrPUFBbl
aAZXXJtEcY6pOoX8Hb+7oz/3GobnUeH6xmIQAj6Vmx01WWaDygU1tIYs2uWJb8DP
FSLWWajIPIZRJSvl6Nd0VogXQ8HHBcMHww7PB5cBJxk5gJeiuHZo0pcTKzjGIpu/
2AQfea1EcpFgl9+oE1MUWi1JD0v0eZNhICLb9aBOzsTcRWuPdSK1rdO6Q7+pkgAn
kMm1GRiMpOUz4y/r3Alsu6UJsPGplpR7wy6nTH6MdB4VSxaHqQrtWb4xOj0=
-----END CERTIFICATE-----