Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2309db7a-9533-458b-bc2b-77dd1708ae8a.roa
File:                     2309db7a-9533-458b-bc2b-77dd1708ae8a.roa (raw, json)
Hash identifier:          MmFXHrAdCrg5ugZKiiFPUI9PEn4XC8dJxiEd+IHqREQ=
Subject key identifier:   1E:1A:75:46:45:EC:FE:1A:BA:CA:CA:B3:9D:5A:DE:52:7E:D6:22:A7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1351D5A4F8BC846595AE9D82B0C6FD5B7404FF9D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2309db7a-9533-458b-bc2b-77dd1708ae8a.roa
Signing time:             Sat 06 Sep 2025 00:40:12 +0000
ROA not before:           Sat 06 Sep 2025 00:40:12 +0000
ROA not after:            Sat 11 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 19 Sep 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:51:d5:a4:f8:bc:84:65:95:ae:9d:82:b0:c6:fd:5b:74:04:ff:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep  6 00:40:12 2025 GMT
            Not After : Oct 11 23:59:59 2025 GMT
        Subject: serialNumber=67594d3a96b125846c7d95a546cac2a45ed0f7aac80adfc39b9494c1ee42949f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:07:3a:2a:64:8b:43:e6:d2:85:0f:ad:d5:f5:
                    f1:79:99:15:23:7f:d2:e1:2e:6f:2b:67:e2:44:2e:
                    78:9b:5a:fd:14:2b:c5:79:8d:12:7c:51:03:0e:21:
                    d6:c7:7e:d0:49:07:7a:fd:0d:f3:4f:9b:73:a5:2d:
                    76:00:b4:c0:38:0d:02:3f:da:56:c5:88:f1:a6:07:
                    4b:eb:40:17:0a:52:60:5f:56:36:c2:d8:a2:f0:c8:
                    bf:a0:aa:db:d1:ad:d6:91:a3:bc:4d:0f:34:01:74:
                    50:51:30:4c:10:92:85:2a:75:d8:0d:7c:26:24:97:
                    d4:06:0c:03:14:8b:ab:32:9e:46:d5:f9:04:2e:15:
                    cb:4b:60:c0:a7:64:d9:8e:97:35:93:40:74:92:22:
                    87:b6:ff:7a:91:67:82:a9:e6:94:a1:fa:42:95:e6:
                    a6:99:e6:8f:fd:ad:40:c5:19:b5:16:69:ed:16:37:
                    57:3d:7a:2b:ee:aa:eb:68:db:c1:fc:b9:e8:b1:de:
                    60:4c:f3:26:7d:b9:1c:f8:31:c8:c4:3c:bc:f3:ba:
                    72:1a:24:75:5b:68:39:b9:fb:2b:c3:2a:73:d5:8e:
                    f1:00:b0:1a:80:d5:f0:14:93:1c:94:52:97:75:1f:
                    5f:07:2b:a9:3f:fd:c3:90:a0:25:ce:ab:2e:ee:34:
                    18:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:1A:75:46:45:EC:FE:1A:BA:CA:CA:B3:9D:5A:DE:52:7E:D6:22:A7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2309db7a-9533-458b-bc2b-77dd1708ae8a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:4a:d2:09:01:5d:b5:5b:e8:9f:b4:d9:90:ab:69:fe:cb:22:
         79:ee:36:fe:4e:f4:76:33:c3:fb:af:69:d8:39:cd:40:46:8b:
         e2:f1:f8:92:45:ba:dc:74:9b:ae:69:60:cb:74:d1:65:fc:fd:
         65:fb:3b:08:0b:76:4a:82:6b:e2:9c:1b:76:b5:fd:aa:0b:90:
         9e:5f:7d:76:a9:a4:3a:f2:e0:f2:42:c3:09:0a:f7:a6:9f:9c:
         04:89:28:6b:78:63:d6:4a:c1:96:dc:79:7c:c5:5c:84:ad:b1:
         89:1f:30:26:cb:2b:37:c0:a2:36:87:69:12:72:5b:ca:6c:bf:
         c0:7b:74:cb:75:15:7e:6a:96:cb:6a:97:f6:d6:36:0a:f0:d9:
         f3:20:2e:15:a6:8c:80:ad:16:6d:14:fc:3c:c7:da:63:65:45:
         0c:f7:11:c8:3f:f2:36:c7:23:0d:eb:b5:2f:ea:32:81:20:b1:
         de:9f:f8:c2:a3:56:22:4e:11:22:60:f9:37:43:39:56:7b:98:
         50:a1:f2:a2:c6:78:b9:ca:54:b9:0d:23:f1:4e:34:42:9b:4d:
         d1:65:35:66:06:f8:c9:a3:bf:d6:80:f2:79:d2:d2:19:ca:46:
         e9:c7:28:f3:79:cb:63:f8:d0:73:4f:08:7f:a3:a0:d0:76:94:
         19:3f:ac:07
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUE1HVpPi8hGWVrp2CsMb9W3QE/50wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTA2MDA0MDEyWhcNMjUxMDExMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NzU5NGQzYTk2YjEyNTg0NmM3ZDk1YTU0NmNhYzJhNDVl
ZDBmN2FhYzgwYWRmYzM5Yjk0OTRjMWVlNDI5NDlmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8BzoqZItD5tKFD63V9fF5mRUjf9LhLm8rZ+JELnibWv0U
K8V5jRJ8UQMOIdbHftBJB3r9DfNPm3OlLXYAtMA4DQI/2lbFiPGmB0vrQBcKUmBf
VjbC2KLwyL+gqtvRrdaRo7xNDzQBdFBRMEwQkoUqddgNfCYkl9QGDAMUi6synkbV
+QQuFctLYMCnZNmOlzWTQHSSIoe2/3qRZ4Kp5pSh+kKV5qaZ5o/9rUDFGbUWae0W
N1c9eivuquto28H8ueix3mBM8yZ9uRz4McjEPLzzunIaJHVbaDm5+yvDKnPVjvEA
sBqA1fAUkxyUUpd1H18HK6k//cOQoCXOqy7uNBgxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHhp1RkXs/hq6ysqznVreUn7WIqcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIzMDlkYjdhLTk1MzMtNDU4Yi1iYzJiLTc3ZGQxNzA4YWU4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/GkwDQYJKoZIhvcNAQELBQADggEBAEVK0gkBXbVb6J+02ZCraf7LInnu
Nv5O9HYzw/uvadg5zUBGi+Lx+JJFutx0m65pYMt00WX8/WX7OwgLdkqCa+KcG3a1
/aoLkJ5ffXappDry4PJCwwkK96afnASJKGt4Y9ZKwZbceXzFXIStsYkfMCbLKzfA
ojaHaRJyW8psv8B7dMt1FX5qlstql/bWNgrw2fMgLhWmjICtFm0U/DzH2mNlRQz3
Ecg/8jbHIw3rtS/qMoEgsd6f+MKjViJOESJg+TdDOVZ7mFCh8qLGeLnKVLkNI/FO
NEKbTdFlNWYG+Mmjv9aA8nnS0hnKRunHKPN5y2P40HNPCH+joNB2lBk/rAc=
-----END CERTIFICATE-----