Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb56cb92-b2af-486c-8e14-550871fce8cf.roa
File:                     cb56cb92-b2af-486c-8e14-550871fce8cf.roa (raw, json)
Hash identifier:          jS/KP7lA0dWDzhQfbB/rzdr5GtS20qLqiXi+0L5ZEhA=
Subject key identifier:   7B:6E:78:36:D4:43:0A:B6:C6:89:81:A3:6E:C1:73:79:F0:C0:CF:34
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       495BF45F799FE9E5E7521567EB7CDE9214F482B8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb56cb92-b2af-486c-8e14-550871fce8cf.roa
Signing time:             Fri 08 Aug 2025 00:22:13 +0000
ROA not before:           Fri 08 Aug 2025 00:22:13 +0000
ROA not after:            Fri 12 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.131.192.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 09 Aug 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:5b:f4:5f:79:9f:e9:e5:e7:52:15:67:eb:7c:de:92:14:f4:82:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  8 00:22:13 2025 GMT
            Not After : Sep 12 23:59:59 2025 GMT
        Subject: serialNumber=6bcf1acd99d5c99c77b2ed9e166604a117de406279d580c8640175f2150a58e9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4f:f5:96:4d:b9:60:a2:97:91:c8:41:cc:4b:
                    c5:80:70:af:6f:3b:80:8a:f2:76:f8:4d:c4:96:8b:
                    3b:8c:12:3a:87:2e:13:73:d1:c0:bc:78:ab:03:c8:
                    4b:9c:ad:60:89:c5:59:7d:ae:af:01:f8:57:f4:7f:
                    f4:4a:00:b6:35:f7:83:56:61:96:a4:b3:3f:3c:b4:
                    53:be:8e:b7:04:fe:3c:0d:4c:4c:ab:c9:ac:03:d2:
                    06:5e:0c:ab:32:9e:45:04:e7:b2:b2:e1:3a:55:0f:
                    2b:6a:68:7d:f0:f9:1b:80:8c:a9:71:b7:13:84:fc:
                    17:90:0f:1c:e5:43:ab:21:2d:77:03:08:6d:32:0e:
                    07:d5:b2:b9:39:bb:b0:67:87:b2:f8:39:e1:df:0a:
                    b0:9f:75:bd:a4:b7:71:24:85:51:51:8e:51:94:cc:
                    8b:e0:7e:46:5f:29:09:b1:4b:48:18:9f:ac:ea:d2:
                    59:60:e7:6d:ac:54:5c:ba:fa:a9:d3:06:6e:69:e6:
                    0e:5a:40:a0:07:04:e5:c9:01:0d:32:ad:6e:55:36:
                    b5:d1:41:5b:16:db:7a:09:95:07:46:c6:27:9b:bd:
                    33:a7:fc:3c:89:39:b8:ac:47:ea:2b:56:a2:e6:fd:
                    40:43:81:ae:ac:6e:5d:25:c9:e9:3b:c9:39:4a:51:
                    81:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:6E:78:36:D4:43:0A:B6:C6:89:81:A3:6E:C1:73:79:F0:C0:CF:34
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb56cb92-b2af-486c-8e14-550871fce8cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.131.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         67:25:e8:ef:f1:91:82:5a:5d:c9:3c:b3:a7:30:43:1e:54:4a:
         0c:25:70:05:94:8c:ba:c3:a1:ce:b9:d9:9d:db:4b:68:62:32:
         d4:04:83:79:23:06:97:57:8c:80:cf:a3:c1:d8:4e:51:71:f5:
         16:ed:02:59:00:a9:57:f2:6a:a3:02:1d:82:36:14:95:e2:26:
         97:2a:87:77:3d:9e:90:f4:22:24:ca:a6:b5:e0:1b:0c:74:6a:
         e7:22:a7:61:d3:23:e3:2b:e4:98:d0:4e:db:98:0e:b5:5e:07:
         9d:e4:99:7f:f4:04:df:fc:5e:90:68:b6:dd:1e:a2:6d:5e:e6:
         cf:6c:c7:e6:8d:a8:b0:a3:9c:b8:fc:7a:34:4f:20:10:75:5d:
         15:9b:28:1f:6f:7d:99:18:d9:87:8e:40:55:bc:dd:c5:1e:c9:
         ab:5b:a2:0d:ef:22:b8:94:a5:b9:3d:1f:18:3f:3c:95:0e:9f:
         b0:c5:b9:6e:f5:a4:a6:93:9e:38:23:9e:55:79:7a:c9:b6:90:
         42:b2:4b:cf:7f:83:a0:df:75:28:ff:5d:15:c4:22:0a:47:c0:
         dd:a3:c1:c2:d6:ab:6d:fb:d7:5f:2f:ae:cf:44:51:3a:63:ec:
         8c:bc:16:25:63:f2:76:33:e0:b3:da:5e:0b:1a:67:3b:72:22:
         6d:9f:04:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSVv0X3mf6eXnUhVn63zekhT0grgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODA4MDAyMjEzWhcNMjUwOTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YmNmMWFjZDk5ZDVjOTljNzdiMmVkOWUxNjY2MDRhMTE3
ZGU0MDYyNzlkNTgwYzg2NDAxNzVmMjE1MGE1OGU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqT/WWTblgopeRyEHMS8WAcK9vO4CK8nb4TcSWizuMEjqH
LhNz0cC8eKsDyEucrWCJxVl9rq8B+Ff0f/RKALY194NWYZaksz88tFO+jrcE/jwN
TEyryawD0gZeDKsynkUE57Ky4TpVDytqaH3w+RuAjKlxtxOE/BeQDxzlQ6shLXcD
CG0yDgfVsrk5u7Bnh7L4OeHfCrCfdb2kt3EkhVFRjlGUzIvgfkZfKQmxS0gYn6zq
0llg522sVFy6+qnTBm5p5g5aQKAHBOXJAQ0yrW5VNrXRQVsW23oJlQdGxiebvTOn
/DyJObisR+orVqLm/UBDga6sbl0lyek7yTlKUYGXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUe254NtRDCrbGiYGjbsFzefDAzzQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NiNTZjYjkyLWIyYWYtNDg2Yy04ZTE0LTU1MDg3MWZjZThjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZGg8AwDQYJKoZIhvcNAQELBQADggEBAGcl6O/xkYJaXck8s6cwQx5USgwl
cAWUjLrDoc652Z3bS2hiMtQEg3kjBpdXjIDPo8HYTlFx9RbtAlkAqVfyaqMCHYI2
FJXiJpcqh3c9npD0IiTKprXgGwx0aucip2HTI+Mr5JjQTtuYDrVeB53kmX/0BN/8
XpBott0eom1e5s9sx+aNqLCjnLj8ejRPIBB1XRWbKB9vfZkY2YeOQFW83cUeyatb
og3vIriUpbk9Hxg/PJUOn7DFuW71pKaTnjgjnlV5esm2kEKyS89/g6DfdSj/XRXE
IgpHwN2jwcLWq237118vrs9EUTpj7Iy8FiVj8nYz4LPaXgsaZztyIm2fBGE=
-----END CERTIFICATE-----