Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0301e067-da19-4fd1-bbbc-72ecabcde612.roa
File:                     0301e067-da19-4fd1-bbbc-72ecabcde612.roa (raw, json)
Hash identifier:          nfBEFS3QQi0NwSaLQ1Z24sX9QsPaBamB2WEC+laojc8=
Subject key identifier:   4C:1D:24:3E:AD:A5:24:78:8D:1C:D2:83:53:A6:52:91:53:E6:CD:AE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0ECF4DD42B598375360FAF6347B31020194107E6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0301e067-da19-4fd1-bbbc-72ecabcde612.roa
Signing time:             Fri 01 Aug 2025 15:11:04 +0000
ROA not before:           Fri 01 Aug 2025 15:11:04 +0000
ROA not after:            Fri 05 Sep 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        192.43.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 10 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:cf:4d:d4:2b:59:83:75:36:0f:af:63:47:b3:10:20:19:41:07:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  1 15:11:04 2025 GMT
            Not After : Sep  5 23:59:59 2025 GMT
        Subject: serialNumber=e05da1ba04110e494f3e8ef3f8151809dcf0b8abceb0023984c9fc15735198be, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:07:3e:3e:ee:60:5e:03:bc:0c:fa:4d:c4:10:
                    19:92:ce:d9:c0:19:8c:02:1e:cd:29:43:c3:f5:d2:
                    e7:88:e7:12:ac:0d:73:b4:81:d0:a4:7d:46:e9:c4:
                    dc:3a:1e:18:0b:01:8a:c2:b8:41:65:87:68:28:a2:
                    ec:14:4b:30:07:4e:13:5c:49:fc:4e:9e:4c:45:1f:
                    29:07:0d:1e:c1:78:3f:e0:ea:47:c9:4f:c7:93:07:
                    ef:59:b3:7e:35:f6:e2:ca:58:90:d2:9f:eb:95:4b:
                    b5:83:24:94:91:18:d1:71:92:fd:16:73:1f:b3:bb:
                    70:6c:53:5e:63:75:8c:ef:c6:b2:f9:b8:9f:af:45:
                    aa:a7:d9:36:36:7e:7c:80:dc:c4:8a:92:93:a3:5a:
                    91:72:e1:db:15:8c:0f:22:88:ee:85:86:f3:89:c7:
                    30:2f:c8:93:a8:a6:73:4d:18:be:b4:9a:d7:69:bc:
                    4b:12:4c:ea:4b:12:38:d7:23:08:26:e7:86:52:73:
                    86:b0:f7:09:38:10:f9:ce:cc:50:09:af:7a:d9:5a:
                    9f:f9:52:4d:e6:4f:03:c6:dc:b6:2a:25:78:dd:c7:
                    da:b8:2f:e6:ca:33:af:98:d5:7d:b8:40:c4:77:15:
                    50:11:21:5a:5b:f8:40:cb:cd:2e:00:16:2b:47:d0:
                    02:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:1D:24:3E:AD:A5:24:78:8D:1C:D2:83:53:A6:52:91:53:E6:CD:AE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0301e067-da19-4fd1-bbbc-72ecabcde612.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.43.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:f3:e4:22:6d:11:08:be:87:00:9a:f1:2a:f0:26:5f:6f:de:
         32:4d:f9:ab:a2:65:ac:31:b7:18:f9:18:3e:a9:1b:1c:41:6c:
         68:90:39:ac:05:cb:af:c3:04:4c:2e:4f:33:7d:5b:ee:87:55:
         8f:4b:58:3a:ac:8e:63:43:64:aa:f8:fb:db:af:44:48:b7:a2:
         d5:fe:ad:02:54:fb:07:1b:d3:58:2b:b8:0f:75:5d:e0:8b:39:
         6d:a9:a2:09:ba:af:b1:e4:57:fd:06:8a:3d:bb:46:f7:e6:81:
         cb:5b:b5:9a:8d:7f:d2:da:7b:c2:d6:2c:a6:fe:c7:ea:8f:3e:
         75:19:4a:7d:59:e4:f6:4d:e9:c3:6b:56:d7:76:3c:7a:11:5a:
         4a:be:b9:94:b9:f9:3c:fc:64:db:bc:05:bd:fc:2e:0c:07:32:
         df:cf:37:89:3b:80:88:d1:7a:58:22:59:08:0d:8d:ea:69:2a:
         28:27:65:c1:67:9f:b1:55:a5:9e:e3:95:b4:58:b4:3a:7b:64:
         7b:1f:de:cf:86:72:47:3f:a4:de:f9:2d:a2:ef:66:61:84:a3:
         b1:7a:5c:ae:7c:08:5d:1d:08:61:2b:aa:63:ee:0a:61:a0:6a:
         0e:26:b1:23:f7:5b:d9:a4:b8:d6:90:d4:cd:fa:89:e6:93:5f:
         a8:a5:2a:a9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDs9N1CtZg3U2D69jR7MQIBlBB+YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODAxMTUxMTA0WhcNMjUwOTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMDVkYTFiYTA0MTEwZTQ5NGYzZThlZjNmODE1MTgwOWRj
ZjBiOGFiY2ViMDAyMzk4NGM5ZmMxNTczNTE5OGJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoBz4+7mBeA7wM+k3EEBmSztnAGYwCHs0pQ8P10ueI5xKs
DXO0gdCkfUbpxNw6HhgLAYrCuEFlh2goouwUSzAHThNcSfxOnkxFHykHDR7BeD/g
6kfJT8eTB+9Zs3419uLKWJDSn+uVS7WDJJSRGNFxkv0Wcx+zu3BsU15jdYzvxrL5
uJ+vRaqn2TY2fnyA3MSKkpOjWpFy4dsVjA8iiO6FhvOJxzAvyJOopnNNGL60mtdp
vEsSTOpLEjjXIwgm54ZSc4aw9wk4EPnOzFAJr3rZWp/5Uk3mTwPG3LYqJXjdx9q4
L+bKM6+Y1X24QMR3FVARIVpb+EDLzS4AFitH0AKLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTB0kPq2lJHiNHNKDU6ZSkVPmza4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzMDFlMDY3LWRhMTktNGZkMS1iYmJjLTcyZWNhYmNkZTYxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADAK7gwDQYJKoZIhvcNAQELBQADggEBAGjz5CJtEQi+hwCa8SrwJl9v3jJN
+auiZawxtxj5GD6pGxxBbGiQOawFy6/DBEwuTzN9W+6HVY9LWDqsjmNDZKr4+9uv
REi3otX+rQJU+wcb01gruA91XeCLOW2pogm6r7HkV/0Gij27RvfmgctbtZqNf9La
e8LWLKb+x+qPPnUZSn1Z5PZN6cNrVtd2PHoRWkq+uZS5+Tz8ZNu8Bb38LgwHMt/P
N4k7gIjRelgiWQgNjeppKignZcFnn7FVpZ7jlbRYtDp7ZHsf3s+Gckc/pN75LaLv
ZmGEo7F6XK58CF0dCGErqmPuCmGgag4msSP3W9mkuNaQ1M36ieaTX6ilKqk=
-----END CERTIFICATE-----