Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d87c2975-c322-4a99-8af6-32b0d3aa8fe8.roa
File:                     d87c2975-c322-4a99-8af6-32b0d3aa8fe8.roa (raw, json)
Hash identifier:          /t0IrWwKa3IhLCT2OkdEJnOW3wxeAfuq+FbFusCvIog=
Subject key identifier:   53:4A:F3:EF:73:05:D0:C1:D2:68:24:34:3F:E0:FD:FC:DD:7A:29:D1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7DC70E50D7E3204EAE7777DAB594602CC8CAEE5F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d87c2975-c322-4a99-8af6-32b0d3aa8fe8.roa
Signing time:             Fri 05 Sep 2025 00:20:14 +0000
ROA not before:           Fri 05 Sep 2025 00:20:14 +0000
ROA not after:            Fri 10 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        192.43.176.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 07 Sep 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:c7:0e:50:d7:e3:20:4e:ae:77:77:da:b5:94:60:2c:c8:ca:ee:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep  5 00:20:14 2025 GMT
            Not After : Oct 10 23:59:59 2025 GMT
        Subject: serialNumber=73c05d18d339e1e470a42b6c85537e25e3fc61d07c0d39a3d650c5c30d0d6d6f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:16:2a:2a:07:df:b5:d4:26:ad:ef:15:39:f4:
                    22:cf:7f:98:69:99:7a:29:ce:99:a7:f0:b6:cb:80:
                    8b:be:09:41:5f:ef:f0:c5:63:b5:ae:64:24:0e:d9:
                    2f:0a:77:41:88:ff:f6:53:88:d3:19:5f:de:67:d2:
                    9e:67:ee:cd:8a:fd:77:69:ab:6f:f9:c2:88:9e:63:
                    9f:bb:fc:f5:8e:15:b7:cc:e5:f4:5b:d4:ce:1f:aa:
                    9c:43:ae:bc:f0:b9:36:5f:7a:37:0a:12:f5:71:a8:
                    e8:46:67:53:b7:ee:92:66:db:e7:b1:a8:2e:88:d7:
                    20:f9:74:d2:91:d8:6d:84:41:23:03:22:6c:15:8c:
                    8b:a5:c0:8a:07:59:03:9a:04:13:00:48:90:46:67:
                    c6:66:fa:60:83:d8:8b:15:e9:fd:4f:f9:11:27:de:
                    59:74:b8:fc:fb:17:d8:0c:30:63:48:ba:b0:5c:f8:
                    5a:87:bb:2c:10:1f:51:be:6b:27:cc:9c:d6:74:10:
                    97:bc:1c:b2:5c:b9:ee:e5:9e:7d:ee:32:e6:70:0c:
                    94:b9:12:fc:35:33:03:1b:c1:7d:7b:ef:2f:dd:d2:
                    ba:77:b5:4d:e9:c7:cf:59:93:3e:ec:fb:aa:c6:6d:
                    fc:09:68:9b:da:3e:02:55:2f:ad:46:3a:fc:1c:fb:
                    ec:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:4A:F3:EF:73:05:D0:C1:D2:68:24:34:3F:E0:FD:FC:DD:7A:29:D1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d87c2975-c322-4a99-8af6-32b0d3aa8fe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.43.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4d:75:b3:32:2b:ce:08:69:0f:79:c3:14:1a:05:3e:ac:6c:ff:
         81:ac:cb:c2:cb:a6:5b:c8:80:97:22:29:57:29:42:8a:21:c4:
         74:1e:e4:35:dd:10:57:0c:00:37:34:ea:56:7b:35:11:10:a7:
         4e:e7:a8:a3:67:28:a7:15:49:24:64:9b:14:ff:4f:cc:ca:47:
         4f:9e:6a:ec:99:4e:b7:0a:3d:65:d4:a4:c8:ff:8b:06:d1:cb:
         9f:f7:30:b2:f0:8e:e1:bc:c7:c6:96:00:62:d6:7b:2c:b6:e9:
         94:5a:e9:f8:ef:7b:4f:0e:fe:40:1d:65:9b:62:56:57:81:a0:
         28:ac:16:ff:3f:4b:c1:00:76:9c:ac:05:7c:c0:64:04:19:42:
         43:8d:a7:10:48:fa:5e:4c:71:c6:61:69:13:b3:d4:86:9f:8a:
         17:20:ae:ed:bb:ec:02:72:a2:02:2f:e6:8f:b8:9e:66:f3:50:
         b1:85:49:10:08:a0:83:3e:e2:6a:02:08:17:dd:55:e6:78:ae:
         5b:ec:0b:62:97:5e:21:38:f8:ff:c9:c4:71:bf:3b:1a:fc:3d:
         3a:39:d4:86:74:b4:2e:f4:15:fe:ce:fb:c9:8a:fe:8b:97:60:
         85:37:42:28:ef:54:cb:94:fc:a9:82:e3:e4:74:54:f7:c0:ad:
         66:c1:c9:2b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfccOUNfjIE6ud3fatZRgLMjK7l8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTA1MDAyMDE0WhcNMjUxMDEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3M2MwNWQxOGQzMzllMWU0NzBhNDJiNmM4NTUzN2UyNWUz
ZmM2MWQwN2MwZDM5YTNkNjUwYzVjMzBkMGQ2ZDZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8FioqB9+11Cat7xU59CLPf5hpmXopzpmn8LbLgIu+CUFf
7/DFY7WuZCQO2S8Kd0GI//ZTiNMZX95n0p5n7s2K/Xdpq2/5woieY5+7/PWOFbfM
5fRb1M4fqpxDrrzwuTZfejcKEvVxqOhGZ1O37pJm2+exqC6I1yD5dNKR2G2EQSMD
ImwVjIulwIoHWQOaBBMASJBGZ8Zm+mCD2IsV6f1P+REn3ll0uPz7F9gMMGNIurBc
+FqHuywQH1G+ayfMnNZ0EJe8HLJcue7lnn3uMuZwDJS5Evw1MwMbwX177y/d0rp3
tU3px89Zkz7s+6rGbfwJaJvaPgJVL61GOvwc++xVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUU0rz73MF0MHSaCQ0P+D9/N16KdEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4N2MyOTc1LWMzMjItNGE5OS04YWY2LTMyYjBkM2FhOGZlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPAK7AwDQYJKoZIhvcNAQELBQADggEBAE11szIrzghpD3nDFBoFPqxs/4Gs
y8LLplvIgJciKVcpQoohxHQe5DXdEFcMADc06lZ7NREQp07nqKNnKKcVSSRkmxT/
T8zKR0+eauyZTrcKPWXUpMj/iwbRy5/3MLLwjuG8x8aWAGLWeyy26ZRa6fjve08O
/kAdZZtiVleBoCisFv8/S8EAdpysBXzAZAQZQkONpxBI+l5MccZhaROz1Iafihcg
ru277AJyogIv5o+4nmbzULGFSRAIoIM+4moCCBfdVeZ4rlvsC2KXXiE4+P/JxHG/
Oxr8PTo51IZ0tC70Ff7O+8mK/ouXYIU3QijvVMuU/KmC4+R0VPfArWbBySs=
-----END CERTIFICATE-----