Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f42e0ac-64a6-460a-a70e-e0253cec676c.roa
File:                     2f42e0ac-64a6-460a-a70e-e0253cec676c.roa (raw, json)
Hash identifier:          KZbYd6MCGZK7Tk+Ve0H3YTsDhZ0eWTIOPTsTcGb5s2c=
Subject key identifier:   79:C9:85:F1:7C:3D:A5:61:9E:43:30:6D:66:41:5C:72:1B:54:44:00
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F1B6F82D19B3B5FF396D86803A638059F483340
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f42e0ac-64a6-460a-a70e-e0253cec676c.roa
Signing time:             Fri 13 Jun 2025 00:40:16 +0000
ROA not before:           Fri 13 Jun 2025 00:40:16 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        161.193.32.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:1b:6f:82:d1:9b:3b:5f:f3:96:d8:68:03:a6:38:05:9f:48:33:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 13 00:40:16 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=8977e03bad03fae429dbe3aa6012bb70fac127b9f400ed34edd62dc2cefd9a0f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d5:77:6d:d0:06:6b:95:30:32:28:19:d3:4d:
                    1d:c2:39:f1:85:ae:6c:30:80:c5:ba:a1:35:d2:47:
                    0a:76:82:c1:74:30:b9:a5:ca:96:2e:9e:ea:b5:1b:
                    5a:b5:39:fb:b4:15:ce:c9:bc:db:a8:22:2c:b0:b6:
                    10:fe:19:de:95:05:9a:57:48:60:fd:36:eb:d3:0d:
                    48:76:56:3f:6d:a3:df:b9:33:d3:a2:90:97:8f:12:
                    58:cf:47:7a:c3:bf:68:d7:75:35:dc:43:32:78:23:
                    bf:7d:b1:83:83:bf:ac:01:3c:e0:82:6b:18:2c:50:
                    a9:5a:a8:3a:5d:4b:9f:0f:e4:b6:a3:0e:da:a3:a1:
                    bb:57:8e:f6:a0:e6:d2:f1:3d:74:9a:db:20:8c:94:
                    6e:de:e6:db:47:ae:d1:f1:8d:da:92:b6:16:8c:2d:
                    0b:dd:b5:23:6d:27:ee:11:a2:d1:11:b1:52:0e:d7:
                    f8:68:f7:f9:54:23:d9:a5:db:6c:18:ed:d0:32:27:
                    36:f6:1b:85:45:cf:61:9d:2b:7a:00:05:0b:d5:3f:
                    73:16:b5:db:62:8c:ba:0f:7b:b3:5c:1f:bc:be:36:
                    30:05:f3:a2:1e:63:42:bf:79:b6:49:ff:b8:f8:27:
                    c1:c4:0d:2d:ed:69:00:a1:43:d2:c4:14:c3:96:54:
                    46:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:C9:85:F1:7C:3D:A5:61:9E:43:30:6D:66:41:5C:72:1B:54:44:00
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f42e0ac-64a6-460a-a70e-e0253cec676c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.193.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         71:a0:49:89:51:5a:1b:f7:c7:f6:3f:36:3e:bb:30:e2:c7:12:
         cc:61:e5:d2:a4:d6:f6:39:b1:e7:c4:7c:94:90:e8:14:ab:32:
         56:7f:bd:75:a4:04:1d:73:4d:ee:be:e8:37:63:97:53:28:d1:
         2d:48:73:bd:ac:2f:65:43:8b:d8:c0:18:4c:b4:c1:60:5a:6a:
         f9:e0:7a:bc:7c:4e:ad:58:a5:56:5b:17:9a:b3:2b:b6:21:c3:
         58:30:b6:9e:20:38:11:42:05:f3:50:cf:11:01:90:e8:3e:b8:
         3c:e4:7a:4f:27:92:8e:7a:5b:c0:e1:b8:9f:b8:b4:5b:f4:dc:
         2f:b8:4b:43:3e:94:0f:2b:1e:a6:d0:a7:ba:87:85:ec:fc:30:
         07:ec:74:3d:66:2f:22:01:8c:b2:7f:2b:98:1e:72:04:95:cf:
         66:6d:47:a1:98:c4:20:d2:86:04:6a:0c:e4:b7:1f:d9:75:d6:
         e6:49:ab:9f:86:4f:ad:98:f4:2a:81:f6:b8:2c:ee:ff:54:6d:
         66:37:da:be:61:8a:4c:43:64:f8:c9:66:82:36:f4:62:a4:49:
         5f:fa:e4:4f:84:30:db:79:e5:1d:3c:dd:e0:d9:a1:e6:ba:32:
         1b:14:7f:23:88:0e:4c:31:21:ae:38:7c:0a:fb:82:80:dd:31:
         42:b0:a0:41
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbxtvgtGbO1/zlthoA6Y4BZ9IM0AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjEzMDA0MDE2WhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OTc3ZTAzYmFkMDNmYWU0MjlkYmUzYWE2MDEyYmI3MGZh
YzEyN2I5ZjQwMGVkMzRlZGQ2MmRjMmNlZmQ5YTBmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCo1Xdt0AZrlTAyKBnTTR3COfGFrmwwgMW6oTXSRwp2gsF0
MLmlypYunuq1G1q1Ofu0Fc7JvNuoIiywthD+Gd6VBZpXSGD9NuvTDUh2Vj9to9+5
M9OikJePEljPR3rDv2jXdTXcQzJ4I799sYODv6wBPOCCaxgsUKlaqDpdS58P5Laj
DtqjobtXjvag5tLxPXSa2yCMlG7e5ttHrtHxjdqSthaMLQvdtSNtJ+4RotERsVIO
1/ho9/lUI9ml22wY7dAyJzb2G4VFz2GdK3oABQvVP3MWtdtijLoPe7NcH7y+NjAF
86IeY0K/ebZJ/7j4J8HEDS3taQChQ9LEFMOWVEafAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUecmF8Xw9pWGeQzBtZkFcchtURAAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJmNDJlMGFjLTY0YTYtNDYwYS1hNzBlLWUwMjUzY2VjNjc2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWhwSAwDQYJKoZIhvcNAQELBQADggEBAHGgSYlRWhv3x/Y/Nj67MOLHEsxh
5dKk1vY5sefEfJSQ6BSrMlZ/vXWkBB1zTe6+6Ddjl1Mo0S1Ic72sL2VDi9jAGEy0
wWBaavngerx8Tq1YpVZbF5qzK7Yhw1gwtp4gOBFCBfNQzxEBkOg+uDzkek8nko56
W8DhuJ+4tFv03C+4S0M+lA8rHqbQp7qHhez8MAfsdD1mLyIBjLJ/K5gecgSVz2Zt
R6GYxCDShgRqDOS3H9l11uZJq5+GT62Y9CqB9rgs7v9UbWY32r5hikxDZPjJZoI2
9GKkSV/65E+EMNt55R083eDZoea6MhsUfyOIDkwxIa44fAr7goDdMUKwoEE=
-----END CERTIFICATE-----