Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b291d7d3-1582-4d15-9362-848d2950798a.roa
File:                     b291d7d3-1582-4d15-9362-848d2950798a.roa (raw, json)
Hash identifier:          NYQ/lAQDIsFdRx3FAQmcfDwAt1xVQoJe+wc86LH/xNA=
Subject key identifier:   36:A3:40:D7:A8:08:06:EB:C1:CB:50:E8:9B:29:37:02:BB:23:77:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E3C7DAD383A8194606E02586CD584C29357CE53
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b291d7d3-1582-4d15-9362-848d2950798a.roa
Signing time:             Wed 16 Jul 2025 00:21:04 +0000
ROA not before:           Wed 16 Jul 2025 00:21:04 +0000
ROA not after:            Wed 20 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        198.148.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 23 Jul 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:3c:7d:ad:38:3a:81:94:60:6e:02:58:6c:d5:84:c2:93:57:ce:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 16 00:21:04 2025 GMT
            Not After : Aug 20 23:59:59 2025 GMT
        Subject: serialNumber=b9434ee9387aedb8f3c051c6556fbf2baa56eb08466f885eb50b7c78fe14e932, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2c:a4:bc:2f:1a:20:d6:26:27:f7:2e:72:9e:
                    35:b0:2d:43:fd:15:10:a6:96:96:fc:92:70:ce:fe:
                    b5:7e:9a:29:00:50:66:9a:8c:23:7f:32:f4:1f:14:
                    56:91:de:af:f0:dd:31:e7:c6:a1:f6:6e:5b:59:ab:
                    b0:84:32:fc:66:05:71:af:56:71:5a:7f:94:9e:41:
                    04:2a:3b:4c:d8:eb:64:05:30:da:c4:91:56:b8:e3:
                    96:1c:ed:84:a4:8f:d3:9d:96:87:eb:f3:57:56:c8:
                    38:b5:68:f0:50:1a:47:8b:9e:ec:cc:82:3b:af:d6:
                    41:76:2e:2e:b0:f1:b3:b7:f7:89:ce:ac:fd:29:b7:
                    1a:45:bb:3f:43:c4:5f:87:39:c4:34:6d:c8:68:bf:
                    b9:ea:ec:d0:35:38:be:01:e7:78:ce:14:7b:e2:78:
                    69:9f:56:0d:e5:43:05:95:96:c7:54:80:bc:27:af:
                    26:e9:5b:bf:fa:66:c3:af:de:6a:bf:52:c5:83:3d:
                    09:ac:a1:46:72:3a:48:c6:ad:39:d2:33:28:30:97:
                    b4:b1:8b:8b:31:e7:a7:ad:a1:5c:a3:ca:4e:5c:f5:
                    08:40:80:80:fb:1c:dc:9d:8d:18:2d:d2:93:c3:a6:
                    a1:6d:2a:b6:6f:ed:23:fb:24:8b:25:2d:40:81:43:
                    ae:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:A3:40:D7:A8:08:06:EB:C1:CB:50:E8:9B:29:37:02:BB:23:77:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b291d7d3-1582-4d15-9362-848d2950798a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.148.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2a:9a:80:05:21:c8:f9:d6:7a:9a:f4:6c:c3:3f:5f:cf:0c:10:
         a7:b4:e2:af:aa:5d:59:6c:ad:f2:cf:35:52:7d:18:a7:88:9f:
         45:07:72:4e:c6:77:65:4e:15:12:0f:b2:78:ad:07:42:29:3f:
         ab:39:93:00:01:6e:c9:4f:00:3d:f9:ba:a9:d6:49:ec:f1:f8:
         42:90:a5:75:ff:50:26:ef:32:df:c3:73:f9:44:66:5b:a7:d9:
         ee:5a:91:6c:db:25:3d:da:4d:9d:4b:5d:24:21:ed:e7:3d:14:
         52:10:68:3d:6f:b2:1e:82:ff:d0:1a:30:14:e3:54:cc:8e:7c:
         cc:88:d7:ba:85:85:ad:09:0c:65:b9:a8:a4:28:27:8e:ca:43:
         42:bc:91:9d:30:51:b4:15:87:94:68:cd:29:7b:4f:76:89:83:
         65:54:9d:b6:87:30:bd:ec:11:dc:2c:fa:90:8d:26:ad:99:3f:
         12:ba:e7:d9:14:d3:d3:c0:7d:99:4d:1a:ae:f2:c2:5d:1a:77:
         07:33:70:6f:3f:20:24:f4:7e:48:3a:0c:b3:12:2a:b6:f7:8a:
         e2:a8:7d:f9:87:f8:64:43:c1:e2:92:7e:5c:a4:a3:b1:64:0c:
         02:43:a9:be:6e:65:4b:37:62:af:ad:6f:23:39:95:b8:57:10:
         cd:fe:fa:f4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHjx9rTg6gZRgbgJYbNWEwpNXzlMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzE2MDAyMTA0WhcNMjUwODIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiOTQzNGVlOTM4N2FlZGI4ZjNjMDUxYzY1NTZmYmYyYmFh
NTZlYjA4NDY2Zjg4NWViNTBiN2M3OGZlMTRlOTMyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxLKS8Lxog1iYn9y5ynjWwLUP9FRCmlpb8knDO/rV+mikA
UGaajCN/MvQfFFaR3q/w3THnxqH2bltZq7CEMvxmBXGvVnFaf5SeQQQqO0zY62QF
MNrEkVa445Yc7YSkj9Odlofr81dWyDi1aPBQGkeLnuzMgjuv1kF2Li6w8bO394nO
rP0ptxpFuz9DxF+HOcQ0bchov7nq7NA1OL4B53jOFHvieGmfVg3lQwWVlsdUgLwn
rybpW7/6ZsOv3mq/UsWDPQmsoUZyOkjGrTnSMygwl7Sxi4sx56etoVyjyk5c9QhA
gID7HNydjRgt0pPDpqFtKrZv7SP7JIslLUCBQ65VAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNqNA16gIBuvBy1Domyk3Arsjd5MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IyOTFkN2QzLTE1ODItNGQxNS05MzYyLTg0OGQyOTUwNzk4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXGlGAwDQYJKoZIhvcNAQELBQADggEBACqagAUhyPnWepr0bMM/X88MEKe0
4q+qXVlsrfLPNVJ9GKeIn0UHck7Gd2VOFRIPsnitB0IpP6s5kwABbslPAD35uqnW
Sezx+EKQpXX/UCbvMt/Dc/lEZlun2e5akWzbJT3aTZ1LXSQh7ec9FFIQaD1vsh6C
/9AaMBTjVMyOfMyI17qFha0JDGW5qKQoJ47KQ0K8kZ0wUbQVh5RozSl7T3aJg2VU
nbaHML3sEdws+pCNJq2ZPxK659kU09PAfZlNGq7ywl0adwczcG8/ICT0fkg6DLMS
Krb3iuKoffmH+GRDweKSflyko7FkDAJDqb5uZUs3Yq+tbyM5lbhXEM3++vQ=
-----END CERTIFICATE-----