Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ae9d595-e46f-4b50-99d6-0707f0dd0ff0.roa
File:                     9ae9d595-e46f-4b50-99d6-0707f0dd0ff0.roa (raw, json)
Hash identifier:          EkJV5MNANlk4nZ0QQfX5/XuD3O4p7alPUsWXTBbgTwE=
Subject key identifier:   3D:63:62:86:91:11:98:AB:FC:20:2F:9F:96:A2:53:C3:1E:3D:A4:AB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       47FA13B57E755622EDEC675455AC484810C5EB2B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ae9d595-e46f-4b50-99d6-0707f0dd0ff0.roa
Signing time:             Tue 17 Jun 2025 00:12:13 +0000
ROA not before:           Tue 17 Jun 2025 00:12:13 +0000
ROA not after:            Tue 22 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        149.186.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 02 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:fa:13:b5:7e:75:56:22:ed:ec:67:54:55:ac:48:48:10:c5:eb:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 17 00:12:13 2025 GMT
            Not After : Jul 22 23:59:59 2025 GMT
        Subject: serialNumber=03e53495dcdaecf9ad0029b0e3c583edd1483f6ca8a37a024c16d3619d5a95da, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:00:d6:60:55:20:d6:a5:37:40:ac:22:e6:4c:
                    29:ab:a8:6b:c1:34:89:98:05:f3:ed:14:d6:be:9b:
                    de:5a:0a:c6:9b:65:c2:3f:90:46:06:0d:d6:6b:e8:
                    f9:45:4b:c6:df:a0:6f:77:66:91:0d:73:60:ac:b6:
                    85:bb:66:11:92:c1:07:1e:3d:d9:f2:a3:a5:64:1a:
                    7c:64:6b:a7:2d:61:ce:4b:55:09:d2:aa:e8:78:48:
                    a4:78:41:74:d4:e2:d3:13:b0:93:08:f4:fc:38:cd:
                    1e:d6:78:97:51:8e:ee:09:ba:64:d9:b0:6e:05:ef:
                    f6:54:0d:db:72:25:b1:24:54:63:b9:6d:41:3b:fb:
                    98:7f:fe:37:42:31:49:b1:d9:3c:4f:b3:b0:09:c9:
                    b7:34:26:01:8f:85:43:96:80:b2:91:31:7d:9d:38:
                    79:0e:3b:2d:a1:04:cf:99:31:8a:cb:ad:c7:c2:28:
                    e3:b1:b4:a7:02:8f:c6:13:1d:0b:f0:1e:85:f7:ee:
                    6b:e8:83:01:9b:5f:51:85:6c:93:5f:66:9e:f7:fd:
                    7e:79:65:2a:04:82:8f:0b:80:37:fe:20:15:f5:89:
                    c4:26:50:b2:9c:af:ab:3b:5b:e1:6f:65:3e:9c:4e:
                    47:b8:63:0d:4d:68:24:9f:af:54:75:61:25:28:0c:
                    75:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:63:62:86:91:11:98:AB:FC:20:2F:9F:96:A2:53:C3:1E:3D:A4:AB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ae9d595-e46f-4b50-99d6-0707f0dd0ff0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.186.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d1:28:3e:cf:f6:c2:06:2e:fa:47:11:35:d8:a9:e4:e0:d6:fb:
         3d:1c:45:1d:fd:f9:59:03:bb:c7:0d:d2:e1:8b:7b:c9:e0:93:
         b6:e8:3e:b7:ca:8b:b7:bd:b2:bb:99:35:81:f8:be:bc:4b:09:
         5a:26:2e:93:e0:d7:16:68:97:5b:e9:d7:22:13:9f:17:4f:a2:
         4a:a8:52:08:03:bb:6c:b1:04:fa:f3:7b:56:29:ef:f9:5e:85:
         7a:1f:54:46:c5:66:26:94:44:27:cb:f3:33:65:b6:60:27:8d:
         72:ce:8f:8e:87:21:4f:24:be:12:d6:22:cf:d7:d5:07:8b:85:
         ea:08:55:33:66:0a:fe:01:a0:42:39:1f:5d:2d:af:70:0c:af:
         66:a8:09:ef:fe:b6:79:f9:33:1c:88:ba:72:5c:81:c8:a3:01:
         37:bd:3b:55:b7:a7:7a:21:38:2b:31:a5:62:4d:82:69:5b:00:
         0e:46:86:7c:f6:6f:1c:5b:97:43:5d:7d:af:5c:6c:e1:97:b8:
         44:78:97:1b:61:63:61:75:e5:6b:3d:7a:28:96:5b:bf:66:92:
         b3:eb:cf:a1:d2:b7:75:0d:9d:fe:1c:38:fd:0a:b2:40:5f:8f:
         df:1a:77:55:03:e0:78:7d:b5:e2:91:c8:6a:a2:4a:ff:ad:33:
         30:7b:7b:be
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR/oTtX51ViLt7GdUVaxISBDF6yswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE3MDAxMjEzWhcNMjUwNzIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwM2U1MzQ5NWRjZGFlY2Y5YWQwMDI5YjBlM2M1ODNlZGQx
NDgzZjZjYThhMzdhMDI0YzE2ZDM2MTlkNWE5NWRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpANZgVSDWpTdArCLmTCmrqGvBNImYBfPtFNa+m95aCsab
ZcI/kEYGDdZr6PlFS8bfoG93ZpENc2CstoW7ZhGSwQcePdnyo6VkGnxka6ctYc5L
VQnSquh4SKR4QXTU4tMTsJMI9Pw4zR7WeJdRju4JumTZsG4F7/ZUDdtyJbEkVGO5
bUE7+5h//jdCMUmx2TxPs7AJybc0JgGPhUOWgLKRMX2dOHkOOy2hBM+ZMYrLrcfC
KOOxtKcCj8YTHQvwHoX37mvogwGbX1GFbJNfZp73/X55ZSoEgo8LgDf+IBX1icQm
ULKcr6s7W+FvZT6cTke4Yw1NaCSfr1R1YSUoDHWrAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUPWNihpERmKv8IC+flqJTwx49pKswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlhZTlkNTk1LWU0NmYtNGI1MC05OWQ2LTA3MDdmMGRkMGZmMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCVujANBgkqhkiG9w0BAQsFAAOCAQEA0Sg+z/bCBi76RxE12Knk4Nb7PRxF
Hf35WQO7xw3S4Yt7yeCTtug+t8qLt72yu5k1gfi+vEsJWiYuk+DXFmiXW+nXIhOf
F0+iSqhSCAO7bLEE+vN7Vinv+V6Feh9URsVmJpREJ8vzM2W2YCeNcs6PjochTyS+
EtYiz9fVB4uF6ghVM2YK/gGgQjkfXS2vcAyvZqgJ7/62efkzHIi6clyByKMBN707
VbeneiE4KzGlYk2CaVsADkaGfPZvHFuXQ119r1xs4Ze4RHiXG2FjYXXlaz16KJZb
v2aSs+vPodK3dQ2d/hw4/QqyQF+P3xp3VQPgeH214pHIaqJK/60zMHt7vg==
-----END CERTIFICATE-----