Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2fd9155-8aca-4f0e-b0d4-1ac47bb17b2f.roa
File:                     e2fd9155-8aca-4f0e-b0d4-1ac47bb17b2f.roa (raw, json)
Hash identifier:          q/riL41wd6LPu4g3HLznat1xBYBU8S64me+Kml0sDk8=
Subject key identifier:   42:F6:27:D9:23:81:38:A3:5E:3D:A2:CF:6E:93:C9:A9:7E:24:20:FB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3A99CE860C5F2E0FE33DC82B9FAA874701BF2AD2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2fd9155-8aca-4f0e-b0d4-1ac47bb17b2f.roa
Signing time:             Tue 02 Sep 2025 00:10:19 +0000
ROA not before:           Tue 02 Sep 2025 00:10:19 +0000
ROA not after:            Tue 07 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        23.228.192.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 07 Sep 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:99:ce:86:0c:5f:2e:0f:e3:3d:c8:2b:9f:aa:87:47:01:bf:2a:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Sep  2 00:10:19 2025 GMT
            Not After : Oct  7 23:59:59 2025 GMT
        Subject: serialNumber=a3786483c469a463ba1a5adf29102a3759dfdac553af4088f58b2cc101d03e7e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:85:05:d9:b5:6f:f8:39:85:ea:54:75:64:39:
                    07:a1:6c:c9:af:ac:78:fc:1c:f3:ec:bf:1c:cf:35:
                    9b:4c:d3:40:f6:ea:af:c7:df:2e:52:4d:73:44:ab:
                    35:1a:bd:39:13:48:e0:0d:da:a6:ca:dc:5c:e2:b3:
                    21:5b:3c:0e:03:54:22:ae:39:0d:a6:ae:2e:fd:ba:
                    0c:55:5f:6c:09:dc:ac:d7:f8:22:4e:cb:79:35:96:
                    f6:5d:1f:3c:fb:03:a7:1d:bc:9a:63:b0:fa:f1:c8:
                    10:4b:64:e7:18:b1:b2:15:d7:fd:06:b3:32:32:9a:
                    e8:f0:58:8d:2a:d4:35:29:68:bb:2c:28:1c:79:21:
                    ed:d8:8d:f9:b9:b7:32:e9:d7:7a:68:02:1b:5c:89:
                    59:c1:f3:16:07:3e:17:b9:bb:0a:53:aa:f2:f6:e0:
                    23:17:f6:28:05:d5:ab:30:e2:03:8b:45:fa:66:ba:
                    d5:14:3f:b2:ed:25:cd:f1:af:45:a6:21:6a:79:54:
                    c8:c9:83:c9:ed:97:09:12:be:f2:0a:5b:c4:01:55:
                    05:8d:55:0b:ad:46:c9:c3:b0:db:a8:f1:a0:bb:11:
                    16:c6:7e:ce:eb:6a:d9:1c:98:fd:e6:b3:46:79:68:
                    8a:c8:15:af:56:8e:0e:e2:cb:eb:56:61:59:8f:20:
                    d4:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:F6:27:D9:23:81:38:A3:5E:3D:A2:CF:6E:93:C9:A9:7E:24:20:FB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2fd9155-8aca-4f0e-b0d4-1ac47bb17b2f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.228.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d8:31:cd:ec:a9:5d:22:44:9b:1c:6d:79:22:30:b3:77:8c:ed:
         88:24:cf:dc:a5:8d:dd:e5:26:64:52:92:28:1c:ad:aa:e8:4d:
         93:46:d2:fa:d4:49:24:6f:52:23:84:6a:fb:3a:a7:0d:bf:ee:
         94:01:30:ed:b8:96:da:23:ab:1c:8c:76:89:2c:ec:df:bd:f9:
         05:2d:44:e9:c9:ca:61:f2:2b:25:7e:2b:8f:e3:0a:76:f8:ca:
         e8:ed:b3:eb:44:d0:01:ff:ed:b0:76:31:2f:1d:1c:5b:4f:da:
         cf:55:f5:d9:de:57:6b:32:d6:3b:ba:76:6c:0c:fc:a1:b0:70:
         83:97:bc:bc:75:d8:38:ba:e7:29:41:22:cd:30:9e:45:0c:88:
         64:d9:21:3d:a9:5d:d4:81:bc:8f:12:f6:2e:94:c2:4e:6b:4c:
         47:f9:8e:be:e4:ed:8c:0d:bc:af:37:37:78:e2:0b:fc:4a:33:
         d0:0b:8c:08:90:3b:52:56:29:e4:a4:6f:53:ed:e1:06:af:68:
         86:9a:16:4b:4b:64:99:6e:1b:0d:50:26:4f:4b:53:34:c2:16:
         ff:e0:96:b7:00:d2:31:47:50:4a:19:f6:8d:13:ae:3c:54:44:
         66:4c:35:a0:57:d2:83:0a:f0:71:11:64:40:a1:cb:44:e1:2c:
         ae:bb:3d:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOpnOhgxfLg/jPcgrn6qHRwG/KtIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwOTAyMDAxMDE5WhcNMjUxMDA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzc4NjQ4M2M0NjlhNDYzYmExYTVhZGYyOTEwMmEzNzU5
ZGZkYWM1NTNhZjQwODhmNThiMmNjMTAxZDAzZTdlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLhQXZtW/4OYXqVHVkOQehbMmvrHj8HPPsvxzPNZtM00D2
6q/H3y5STXNEqzUavTkTSOAN2qbK3FzisyFbPA4DVCKuOQ2mri79ugxVX2wJ3KzX
+CJOy3k1lvZdHzz7A6cdvJpjsPrxyBBLZOcYsbIV1/0GszIymujwWI0q1DUpaLss
KBx5Ie3Yjfm5tzLp13poAhtciVnB8xYHPhe5uwpTqvL24CMX9igF1asw4gOLRfpm
utUUP7LtJc3xr0WmIWp5VMjJg8ntlwkSvvIKW8QBVQWNVQutRsnDsNuo8aC7ERbG
fs7ratkcmP3ms0Z5aIrIFa9Wjg7iy+tWYVmPINS9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQvYn2SOBOKNePaLPbpPJqX4kIPswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UyZmQ5MTU1LThhY2EtNGYwZS1iMGQ0LTFhYzQ3YmIxN2IyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYX5MAwDQYJKoZIhvcNAQELBQADggEBANgxzeypXSJEmxxteSIws3eM7Ygk
z9yljd3lJmRSkigcraroTZNG0vrUSSRvUiOEavs6pw2/7pQBMO24ltojqxyMdoks
7N+9+QUtROnJymHyKyV+K4/jCnb4yujts+tE0AH/7bB2MS8dHFtP2s9V9dneV2sy
1ju6dmwM/KGwcIOXvLx12Di65ylBIs0wnkUMiGTZIT2pXdSBvI8S9i6Uwk5rTEf5
jr7k7YwNvK83N3jiC/xKM9ALjAiQO1JWKeSkb1Pt4QavaIaaFktLZJluGw1QJk9L
UzTCFv/glrcA0jFHUEoZ9o0TrjxURGZMNaBX0oMK8HERZEChy0ThLK67PdE=
-----END CERTIFICATE-----