Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ad3a4fb-a417-4f1b-83fd-6527c2718313.roa
File:                     0ad3a4fb-a417-4f1b-83fd-6527c2718313.roa (raw, json)
Hash identifier:          R4lT7gFmX3J5hzQkMhQSRgEDBHBRtXQoTo1Aq+df3W4=
Subject key identifier:   D2:9F:1A:29:B6:5B:28:BD:BB:6D:3C:4B:AF:28:F4:8C:14:A5:C5:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E31CB611A02A4D9701A01F863D07124CAEC7421
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ad3a4fb-a417-4f1b-83fd-6527c2718313.roa
Signing time:             Sat 07 Jun 2025 00:41:53 +0000
ROA not before:           Sat 07 Jun 2025 00:41:53 +0000
ROA not after:            Sat 12 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        93.190.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:31:cb:61:1a:02:a4:d9:70:1a:01:f8:63:d0:71:24:ca:ec:74:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun  7 00:41:53 2025 GMT
            Not After : Jul 12 23:59:59 2025 GMT
        Subject: serialNumber=bf0cc84e742a208edaa4ea539cc95dce5c964a7f98daadd8facaa694d0d2f248, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e5:b1:26:62:1b:b4:a9:66:2a:a3:49:75:27:
                    2f:c5:a6:d7:d1:70:fe:a8:94:09:1e:07:a6:44:11:
                    99:a1:08:93:89:1a:1d:10:5e:f7:6f:90:41:04:59:
                    00:64:13:ba:30:2e:96:0d:22:a4:84:9d:07:66:44:
                    64:0c:4a:dd:a1:10:cb:c9:20:78:95:14:d5:7c:9c:
                    7f:ce:ce:83:8e:fa:36:54:1f:5d:e5:75:cb:3e:93:
                    0a:3b:89:65:d3:4c:88:33:28:3d:1a:26:c1:63:72:
                    14:75:6c:d9:47:f2:03:6d:81:10:64:1f:51:83:8c:
                    e5:14:0e:94:79:4e:32:bb:ba:77:64:ab:6a:a8:0c:
                    bc:ea:41:45:09:da:9a:74:10:f3:7e:2e:3c:59:f9:
                    c6:99:66:2f:06:29:1b:04:8a:e1:9c:75:ec:0a:1e:
                    f6:d2:26:d6:45:0d:0c:3c:ca:60:b5:c4:d4:6d:43:
                    fd:ce:51:b4:89:3c:6a:09:21:36:e9:53:da:08:63:
                    5d:7a:b6:ea:3b:56:b3:10:cd:f5:51:1a:94:b8:b5:
                    bf:41:68:7b:4d:73:03:2e:04:72:b7:59:39:6d:38:
                    a9:08:d2:77:ae:8e:e2:bb:33:cc:24:18:57:2b:d4:
                    64:79:10:bb:6a:7c:09:f9:e9:70:73:a9:44:2c:61:
                    f6:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:9F:1A:29:B6:5B:28:BD:BB:6D:3C:4B:AF:28:F4:8C:14:A5:C5:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ad3a4fb-a417-4f1b-83fd-6527c2718313.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.190.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:f1:18:1e:ea:fd:e8:8d:18:c7:b1:fc:38:2c:6d:c6:71:c8:
         42:a6:da:3e:b0:45:5c:72:2d:ce:40:e6:a7:15:2c:c1:6f:5b:
         09:55:21:88:ee:17:b0:cc:35:6c:c3:28:0f:16:f1:13:64:06:
         ce:39:4b:33:54:1c:ae:0f:02:80:87:a1:27:1e:a7:f3:a9:fd:
         8c:0b:46:a5:ed:2d:d3:d3:54:f8:06:f8:71:0a:93:f6:39:91:
         bf:eb:2c:e5:5d:df:b8:39:6d:ff:b4:ad:55:cc:2c:f9:2e:30:
         12:44:1c:d5:02:95:bf:b0:a3:05:a3:42:d4:0d:e8:98:1a:84:
         c6:35:16:5c:17:5c:9a:ab:c5:0a:f1:08:f2:41:9b:f9:a9:1a:
         36:ae:ec:5e:dc:67:a3:41:4a:c2:f5:58:55:94:a7:aa:4d:25:
         0b:e4:7f:c9:25:9d:fa:88:d3:63:f6:ab:c6:22:49:b1:1b:2b:
         7c:6e:55:28:c1:55:1f:c8:da:df:78:cc:d4:d3:b8:e2:20:9b:
         87:3a:2f:13:ef:9b:48:4e:08:78:8d:6b:07:75:08:57:b8:cb:
         f2:3e:d4:1a:5d:fc:e7:65:47:a4:13:90:21:6e:0c:36:33:7d:
         de:e0:d4:30:ac:c2:22:8b:d3:e9:11:18:f8:e4:b6:91:73:5d:
         6b:db:3d:51
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPjHLYRoCpNlwGgH4Y9BxJMrsdCEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjA3MDA0MTUzWhcNMjUwNzEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZjBjYzg0ZTc0MmEyMDhlZGFhNGVhNTM5Y2M5NWRjZTVj
OTY0YTdmOThkYWFkZDhmYWNhYTY5NGQwZDJmMjQ4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZ5bEmYhu0qWYqo0l1Jy/FptfRcP6olAkeB6ZEEZmhCJOJ
Gh0QXvdvkEEEWQBkE7owLpYNIqSEnQdmRGQMSt2hEMvJIHiVFNV8nH/OzoOO+jZU
H13ldcs+kwo7iWXTTIgzKD0aJsFjchR1bNlH8gNtgRBkH1GDjOUUDpR5TjK7undk
q2qoDLzqQUUJ2pp0EPN+LjxZ+caZZi8GKRsEiuGcdewKHvbSJtZFDQw8ymC1xNRt
Q/3OUbSJPGoJITbpU9oIY116tuo7VrMQzfVRGpS4tb9BaHtNcwMuBHK3WTltOKkI
0neujuK7M8wkGFcr1GR5ELtqfAn56XBzqUQsYfY7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0p8aKbZbKL27bTxLryj0jBSlxVgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBhZDNhNGZiLWE0MTctNGYxYi04M2ZkLTY1MjdjMjcxODMxMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABdvrgwDQYJKoZIhvcNAQELBQADggEBAD7xGB7q/eiNGMex/DgsbcZxyEKm
2j6wRVxyLc5A5qcVLMFvWwlVIYjuF7DMNWzDKA8W8RNkBs45SzNUHK4PAoCHoSce
p/Op/YwLRqXtLdPTVPgG+HEKk/Y5kb/rLOVd37g5bf+0rVXMLPkuMBJEHNUClb+w
owWjQtQN6JgahMY1FlwXXJqrxQrxCPJBm/mpGjau7F7cZ6NBSsL1WFWUp6pNJQvk
f8klnfqI02P2q8YiSbEbK3xuVSjBVR/I2t94zNTTuOIgm4c6LxPvm0hOCHiNawd1
CFe4y/I+1Bpd/OdlR6QTkCFuDDYzfd7g1DCswiKL0+kRGPjktpFzXWvbPVE=
-----END CERTIFICATE-----