Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/12ee22c9-4918-4fcc-bfe0-41c7247cbe08.roa
File:                     12ee22c9-4918-4fcc-bfe0-41c7247cbe08.roa (raw, json)
Hash identifier:          n/9gjlg09nHBhEyU/hECuT7LUwx8lHYUoONIUO/Vckg=
Subject key identifier:   C1:C2:2D:EC:4E:DE:72:63:21:D1:82:07:36:DE:A8:6A:D3:6C:15:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       259CB96831BAB2C41C45B1833E9768C70D9E5C40
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/12ee22c9-4918-4fcc-bfe0-41c7247cbe08.roa
Signing time:             Wed 23 Jul 2025 00:21:27 +0000
ROA not before:           Wed 23 Jul 2025 00:21:27 +0000
ROA not after:            Wed 27 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        192.184.32.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 10 Aug 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:9c:b9:68:31:ba:b2:c4:1c:45:b1:83:3e:97:68:c7:0d:9e:5c:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 23 00:21:27 2025 GMT
            Not After : Aug 27 23:59:59 2025 GMT
        Subject: serialNumber=6b42475c26736f53032972144b7000c60b35dfd7ab751235bac9687d15fe6f7a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d5:f8:89:87:44:cd:23:d6:51:fb:27:0c:2e:
                    f4:24:3b:fb:e0:a0:38:d8:33:da:d7:cc:a1:5c:84:
                    5b:16:18:67:ad:a5:e7:50:62:b5:76:af:6e:6f:5d:
                    54:f8:31:c7:ef:22:db:bc:be:c0:22:1e:81:e1:a7:
                    6e:cc:74:e8:b7:e4:1e:ce:e2:d5:4f:19:7c:09:df:
                    59:b2:a1:9d:de:c6:5b:88:53:78:56:e1:a4:43:c7:
                    a2:90:25:6b:bb:dd:cb:5b:83:d7:6f:b3:e0:9e:ba:
                    14:86:3d:e1:94:cd:b9:e4:60:c4:22:49:96:7c:4d:
                    06:f7:49:75:e2:1e:89:49:ac:e1:4a:c2:af:20:67:
                    42:eb:cc:93:22:e2:06:fb:0a:c9:b2:5d:dc:f2:eb:
                    3c:9d:ae:29:8c:e9:59:64:00:01:5e:41:49:89:92:
                    76:ea:85:f1:df:10:1e:1a:b6:54:d2:2c:f1:63:e1:
                    c1:f3:8f:b4:95:a1:e0:4a:63:89:9e:50:54:64:9d:
                    18:85:4e:2f:32:4e:9c:ad:30:30:f4:3f:51:d9:5d:
                    b3:76:fe:b8:ef:4d:3a:a2:09:6b:95:93:44:21:ca:
                    ee:24:d8:12:08:67:20:6f:29:73:a4:52:14:77:81:
                    06:2d:53:c6:10:7c:37:0d:25:bf:86:25:53:4f:b7:
                    3e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C2:2D:EC:4E:DE:72:63:21:D1:82:07:36:DE:A8:6A:D3:6C:15:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/12ee22c9-4918-4fcc-bfe0-41c7247cbe08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.184.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a6:a8:a6:47:a3:fc:fc:69:e2:d5:bd:4a:7f:1f:ec:8a:74:15:
         89:48:fe:12:c0:a7:cd:4b:b9:7c:c1:d0:69:e0:0e:cc:db:6f:
         3a:da:f7:70:c8:ad:b9:6e:c4:31:1c:ac:8e:b7:69:24:4c:57:
         84:8e:bb:36:94:f6:37:f8:ea:e6:a0:86:44:3a:ba:63:37:c5:
         65:d4:43:89:ac:36:61:44:6f:b9:d7:c1:92:e3:df:48:f1:13:
         33:c8:01:1f:11:b8:f6:ae:94:16:93:41:55:ff:54:d6:69:33:
         ed:94:0c:3b:f4:e6:0a:b8:e9:b6:06:b3:d4:31:02:a4:93:c0:
         ee:b4:dd:44:70:1c:bb:d3:7a:93:76:21:aa:11:19:8f:63:3b:
         d4:9f:04:fe:b5:7a:8b:e0:d3:c1:71:b8:43:45:c4:5b:57:c8:
         08:7e:b5:70:d4:2b:20:bd:3c:17:6c:53:d7:d0:ea:96:9b:4a:
         67:05:82:06:b3:80:a0:1f:b4:49:b0:8a:f2:ce:83:85:76:9e:
         4c:19:8f:08:0c:a3:38:5a:a3:be:b4:55:49:3d:40:9f:68:21:
         08:46:18:0d:79:a5:05:d5:fc:e7:af:f4:cf:fb:17:b7:df:99:
         ac:a0:64:66:71:66:6f:70:fd:aa:1d:92:58:38:79:25:b8:6a:
         92:a7:26:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJZy5aDG6ssQcRbGDPpdoxw2eXEAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzIzMDAyMTI3WhcNMjUwODI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YjQyNDc1YzI2NzM2ZjUzMDMyOTcyMTQ0YjcwMDBjNjBi
MzVkZmQ3YWI3NTEyMzViYWM5Njg3ZDE1ZmU2ZjdhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCi1fiJh0TNI9ZR+ycMLvQkO/vgoDjYM9rXzKFchFsWGGet
pedQYrV2r25vXVT4McfvItu8vsAiHoHhp27MdOi35B7O4tVPGXwJ31myoZ3exluI
U3hW4aRDx6KQJWu73ctbg9dvs+CeuhSGPeGUzbnkYMQiSZZ8TQb3SXXiHolJrOFK
wq8gZ0LrzJMi4gb7CsmyXdzy6zydrimM6VlkAAFeQUmJknbqhfHfEB4atlTSLPFj
4cHzj7SVoeBKY4meUFRknRiFTi8yTpytMDD0P1HZXbN2/rjvTTqiCWuVk0Qhyu4k
2BIIZyBvKXOkUhR3gQYtU8YQfDcNJb+GJVNPtz7fAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwcIt7E7ecmMh0YIHNt6oatNsFeYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEyZWUyMmM5LTQ5MTgtNGZjYy1iZmUwLTQxYzcyNDdjYmUwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXAuCAwDQYJKoZIhvcNAQELBQADggEBAKaopkej/Pxp4tW9Sn8f7Ip0FYlI
/hLAp81LuXzB0GngDszbbzra93DIrbluxDEcrI63aSRMV4SOuzaU9jf46uaghkQ6
umM3xWXUQ4msNmFEb7nXwZLj30jxEzPIAR8RuPaulBaTQVX/VNZpM+2UDDv05gq4
6bYGs9QxAqSTwO603URwHLvTepN2IaoRGY9jO9SfBP61eovg08FxuENFxFtXyAh+
tXDUKyC9PBdsU9fQ6pabSmcFggazgKAftEmwivLOg4V2nkwZjwgMozhao760VUk9
QJ9oIQhGGA15pQXV/Oev9M/7F7ffmaygZGZxZm9w/aodklg4eSW4apKnJhs=
-----END CERTIFICATE-----