Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3551575-fda8-40cd-a012-2dd98f54a35c.roa
File:                     a3551575-fda8-40cd-a012-2dd98f54a35c.roa (raw, json)
Hash identifier:          M+OTDJLw/pYqq/ekSJ7lcVxInIdLJ866Tg9PdmgsOu0=
Subject key identifier:   9A:BA:0F:71:96:31:31:45:0A:79:CC:6C:02:3D:0D:F3:3C:A9:5D:F6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       36EA5159F1B8A99CBAF3479E858E24BEB1E24A33
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3551575-fda8-40cd-a012-2dd98f54a35c.roa
Signing time:             Wed 23 Jul 2025 00:30:15 +0000
ROA not before:           Wed 23 Jul 2025 00:30:15 +0000
ROA not after:            Wed 27 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        198.13.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 07 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:ea:51:59:f1:b8:a9:9c:ba:f3:47:9e:85:8e:24:be:b1:e2:4a:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 23 00:30:15 2025 GMT
            Not After : Aug 27 23:59:59 2025 GMT
        Subject: serialNumber=6ff852efa479926dc0a68d23cfbb2d20ba90dd3aac9df094a970894875dac612, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e4:bc:6e:08:32:aa:78:53:a2:0e:c1:1a:2b:
                    be:fb:c4:ad:b5:0a:3a:fe:89:d3:0d:81:99:80:21:
                    ef:7d:05:7d:43:70:7d:e1:d3:93:5f:5c:1d:1f:29:
                    89:ae:0b:ad:02:08:f7:bb:a6:96:d2:88:66:09:50:
                    71:fe:0a:3c:ba:4c:ea:68:4b:c3:74:9f:4c:9e:7e:
                    c5:13:9a:a0:e2:53:55:7c:96:a7:e8:1c:86:e6:f8:
                    01:8b:9e:5f:e7:51:f7:e4:80:89:18:ce:82:b7:13:
                    ec:16:f1:ff:26:e3:a6:fd:fd:82:eb:24:65:78:14:
                    d1:7b:19:1a:1d:0f:1e:b8:99:18:e7:49:07:ab:01:
                    8a:93:89:34:d1:5e:8a:ff:1c:41:58:21:db:8c:07:
                    a6:d3:2b:bc:51:76:8d:97:b9:12:c9:97:73:21:c8:
                    ed:5d:0f:77:9f:25:84:5d:46:40:ae:3a:e6:d2:40:
                    7e:93:61:5b:97:09:1a:69:3e:8c:e4:e8:26:20:8c:
                    83:4d:6a:d0:6f:f4:a4:13:ce:0b:d9:d4:bf:93:f1:
                    9d:3c:14:b2:dd:48:2d:fb:2e:96:7d:30:8c:aa:ba:
                    b8:47:7b:cf:39:12:b2:ab:4d:08:b8:c0:ca:9c:27:
                    93:3e:e9:fc:26:30:77:5e:87:10:6a:5b:27:f3:f5:
                    82:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:BA:0F:71:96:31:31:45:0A:79:CC:6C:02:3D:0D:F3:3C:A9:5D:F6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3551575-fda8-40cd-a012-2dd98f54a35c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.13.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4f:89:63:1b:3d:d1:64:5e:1f:ba:6c:50:bd:ad:c1:0b:36:48:
         77:21:d1:d1:3a:91:39:51:82:c1:63:fd:d3:d8:21:c6:47:a8:
         81:7b:5a:bf:12:03:43:e2:d3:61:1a:78:1e:6a:28:cf:0c:5f:
         11:ef:95:65:e7:8f:37:71:cf:37:b4:6f:50:78:05:73:96:b8:
         df:db:0a:7a:7f:15:f3:7d:92:b9:95:4b:cf:e4:ff:9c:09:b8:
         fa:fe:3e:90:fe:5f:52:f7:7f:0d:34:a2:1c:ba:63:e2:4c:0f:
         8d:ef:9c:42:1c:ae:8e:17:fc:fe:7b:a4:bc:1c:e1:62:cb:1a:
         b8:c9:9b:b8:01:ea:be:7d:55:1d:cc:35:86:5d:43:61:e6:5b:
         2f:c0:cb:5b:66:59:fd:d1:78:5e:7a:19:4c:33:9d:1d:aa:45:
         d5:50:24:64:e8:eb:69:f9:66:b2:5e:7b:30:6e:36:18:d7:21:
         e3:3f:7e:e6:1a:6c:58:74:ef:38:32:d6:2b:b6:95:03:c4:16:
         00:f0:01:96:7a:e8:22:81:c5:65:c9:75:57:02:8d:c7:78:25:
         cf:a4:6d:63:4e:16:fe:cb:d7:ab:cf:ca:c9:4f:86:22:83:3a:
         3f:e3:dc:75:00:86:7a:99:95:b7:a7:43:f7:1d:52:e6:c9:16:
         90:31:34:84
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNupRWfG4qZy680eehY4kvrHiSjMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzIzMDAzMDE1WhcNMjUwODI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZmY4NTJlZmE0Nzk5MjZkYzBhNjhkMjNjZmJiMmQyMGJh
OTBkZDNhYWM5ZGYwOTRhOTcwODk0ODc1ZGFjNjEyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJ5LxuCDKqeFOiDsEaK777xK21Cjr+idMNgZmAIe99BX1D
cH3h05NfXB0fKYmuC60CCPe7ppbSiGYJUHH+Cjy6TOpoS8N0n0yefsUTmqDiU1V8
lqfoHIbm+AGLnl/nUffkgIkYzoK3E+wW8f8m46b9/YLrJGV4FNF7GRodDx64mRjn
SQerAYqTiTTRXor/HEFYIduMB6bTK7xRdo2XuRLJl3MhyO1dD3efJYRdRkCuOubS
QH6TYVuXCRppPozk6CYgjINNatBv9KQTzgvZ1L+T8Z08FLLdSC37LpZ9MIyqurhH
e885ErKrTQi4wMqcJ5M+6fwmMHdehxBqWyfz9YKFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmroPcZYxMUUKecxsAj0N8zypXfYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EzNTUxNTc1LWZkYTgtNDBjZC1hMDEyLTJkZDk4ZjU0YTM1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXGDWAwDQYJKoZIhvcNAQELBQADggEBAE+JYxs90WReH7psUL2twQs2SHch
0dE6kTlRgsFj/dPYIcZHqIF7Wr8SA0Pi02EaeB5qKM8MXxHvlWXnjzdxzze0b1B4
BXOWuN/bCnp/FfN9krmVS8/k/5wJuPr+PpD+X1L3fw00ohy6Y+JMD43vnEIcro4X
/P57pLwc4WLLGrjJm7gB6r59VR3MNYZdQ2HmWy/Ay1tmWf3ReF56GUwznR2qRdVQ
JGTo62n5ZrJeezBuNhjXIeM/fuYabFh07zgy1iu2lQPEFgDwAZZ66CKBxWXJdVcC
jcd4Jc+kbWNOFv7L16vPyslPhiKDOj/j3HUAhnqZlbenQ/cdUubJFpAxNIQ=
-----END CERTIFICATE-----