Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/18be7a76-724b-4e6a-9d5a-ba51fd885a5e.roa
File:                     18be7a76-724b-4e6a-9d5a-ba51fd885a5e.roa (raw, json)
Hash identifier:          d9dDWeapSOp3CpqQw0pAIRtd4KiqbdzSAYNJIvTjvJ0=
Subject key identifier:   AF:A2:F0:2E:E7:7B:38:CF:DA:04:5E:9D:CC:CE:27:3B:1A:98:11:F4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       72401AF461524489BA303ECCABB6B119FEA76533
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/18be7a76-724b-4e6a-9d5a-ba51fd885a5e.roa
Signing time:             Mon 18 Aug 2025 15:11:10 +0000
ROA not before:           Mon 18 Aug 2025 15:11:10 +0000
ROA not after:            Mon 22 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.32.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 21 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:40:1a:f4:61:52:44:89:ba:30:3e:cc:ab:b6:b1:19:fe:a7:65:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 18 15:11:10 2025 GMT
            Not After : Sep 22 23:59:59 2025 GMT
        Subject: serialNumber=a79f607206ab414fc35df3adb0f0c640aa9766390030c9e29b6cdc5ddb00ab74, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c3:c5:60:0b:db:4a:ec:59:85:ab:5d:03:86:
                    d4:65:93:48:72:fc:20:8e:73:d8:d7:7e:a6:15:10:
                    c6:78:21:cd:38:ba:78:6f:05:ab:ea:5a:b6:80:7a:
                    67:ef:c9:ec:bf:67:49:46:2d:64:6a:7d:65:cf:64:
                    91:e3:1e:8a:f9:3f:18:67:31:be:15:6c:b3:1c:de:
                    1a:5e:3d:d2:cb:8f:52:93:d3:fb:cc:d1:ed:2f:4d:
                    01:4f:89:9f:98:47:2f:da:7f:5f:ad:7f:57:14:10:
                    92:4e:1c:80:cb:88:8e:c5:cd:47:67:98:69:68:26:
                    06:cb:da:35:00:34:0f:ca:14:8d:08:f6:db:c5:5d:
                    94:82:44:02:04:25:92:72:35:c1:8f:34:26:8d:b4:
                    3b:3f:c8:cc:eb:49:cc:6a:f7:32:cb:d5:ba:a0:f7:
                    26:33:2f:4f:51:ff:41:35:35:01:08:3e:0e:a1:32:
                    34:09:d5:92:9c:b4:92:af:5b:0a:c0:bb:5e:fe:ab:
                    db:9c:f7:46:f3:f3:da:94:11:01:e5:fe:c0:f9:90:
                    22:3e:af:51:a7:a4:49:ad:cc:d2:35:86:04:84:7d:
                    f8:5e:e2:e7:7b:27:2e:42:40:5b:54:a1:32:16:73:
                    14:1d:18:bf:ec:24:8b:0b:b0:24:26:77:cd:01:fe:
                    5c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:A2:F0:2E:E7:7B:38:CF:DA:04:5E:9D:CC:CE:27:3B:1A:98:11:F4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/18be7a76-724b-4e6a-9d5a-ba51fd885a5e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         52:f9:a9:d5:78:ff:7d:9e:76:e8:ff:98:9e:a0:bd:2c:57:5f:
         f1:c6:a9:10:d4:4d:36:f9:c9:63:80:f9:15:5e:6c:27:62:67:
         d4:7b:a0:5a:88:c9:8f:1f:f9:1b:3f:51:09:5a:cc:8d:7f:10:
         55:b6:35:01:2c:35:d5:46:6c:96:68:99:b7:27:75:d6:ab:12:
         5c:8a:ab:92:63:32:8e:4c:d5:e9:56:d0:8a:61:e3:f1:00:48:
         49:17:1d:94:eb:9c:f1:ba:e4:41:b7:e9:ff:4c:74:2c:be:64:
         69:33:73:f4:68:29:71:cb:37:a6:70:36:8c:06:49:05:2e:b2:
         db:08:cd:de:17:fd:6d:85:14:21:3c:39:9e:04:3d:08:b9:8e:
         d0:c0:f5:0b:7a:e1:bf:15:87:6a:50:23:37:a6:e2:6c:71:64:
         57:eb:78:2c:44:e7:d7:6c:e2:79:0c:b7:d2:71:db:d2:3a:34:
         10:ba:25:78:70:ef:85:26:36:38:77:f6:8b:f9:60:d2:83:87:
         11:f2:a3:3d:a0:be:47:22:d6:60:4b:05:c6:74:0b:6b:ca:5a:
         b7:b6:70:8a:62:1e:ba:2d:e5:09:20:9a:4c:55:dc:28:cd:3a:
         40:67:b4:68:8a:55:f4:d3:0d:a4:90:57:4f:17:28:bd:6c:86:
         ee:a2:2e:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUckAa9GFSRIm6MD7Mq7axGf6nZTMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODE4MTUxMTEwWhcNMjUwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzlmNjA3MjA2YWI0MTRmYzM1ZGYzYWRiMGYwYzY0MGFh
OTc2NjM5MDAzMGM5ZTI5YjZjZGM1ZGRiMDBhYjc0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUw8VgC9tK7FmFq10DhtRlk0hy/CCOc9jXfqYVEMZ4Ic04
unhvBavqWraAemfvyey/Z0lGLWRqfWXPZJHjHor5PxhnMb4VbLMc3hpePdLLj1KT
0/vM0e0vTQFPiZ+YRy/af1+tf1cUEJJOHIDLiI7FzUdnmGloJgbL2jUANA/KFI0I
9tvFXZSCRAIEJZJyNcGPNCaNtDs/yMzrScxq9zLL1bqg9yYzL09R/0E1NQEIPg6h
MjQJ1ZKctJKvWwrAu17+q9uc90bz89qUEQHl/sD5kCI+r1GnpEmtzNI1hgSEffhe
4ud7Jy5CQFtUoTIWcxQdGL/sJIsLsCQmd80B/lxxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUr6LwLud7OM/aBF6dzM4nOxqYEfQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE4YmU3YTc2LTcyNGItNGU2YS05ZDVhLWJhNTFmZDg4NWE1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASIEiAwDQYJKoZIhvcNAQELBQADggEBAFL5qdV4/32eduj/mJ6gvSxXX/HG
qRDUTTb5yWOA+RVebCdiZ9R7oFqIyY8f+Rs/UQlazI1/EFW2NQEsNdVGbJZombcn
ddarElyKq5JjMo5M1elW0Iph4/EASEkXHZTrnPG65EG36f9MdCy+ZGkzc/RoKXHL
N6ZwNowGSQUustsIzd4X/W2FFCE8OZ4EPQi5jtDA9Qt64b8Vh2pQIzem4mxxZFfr
eCxE59ds4nkMt9Jx29I6NBC6JXhw74UmNjh39ov5YNKDhxHyoz2gvkci1mBLBcZ0
C2vKWre2cIpiHrot5QkgmkxV3CjNOkBntGiKVfTTDaSQV08XKL1shu6iLvM=
-----END CERTIFICATE-----