Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2abe357-a286-4173-9db3-3fe355a4e8f9.roa
File:                     e2abe357-a286-4173-9db3-3fe355a4e8f9.roa (raw, json)
Hash identifier:          p/PfkJc3bxdvl/PkNgb6H8HQQhY+l5uUBDnAlnYrdkw=
Subject key identifier:   51:E8:E8:A1:07:68:BA:8A:48:CC:FF:5E:3F:3F:73:7D:EC:5F:D4:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4266A588CEE2F987C95B417096517A6D01995DE3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2abe357-a286-4173-9db3-3fe355a4e8f9.roa
Signing time:             Fri 01 Aug 2025 15:11:16 +0000
ROA not before:           Fri 01 Aug 2025 15:11:16 +0000
ROA not after:            Fri 05 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.31.192.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 08 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:66:a5:88:ce:e2:f9:87:c9:5b:41:70:96:51:7a:6d:01:99:5d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  1 15:11:16 2025 GMT
            Not After : Sep  5 23:59:59 2025 GMT
        Subject: serialNumber=4b0e518d7b7643dae1d4fbc62f3df7e04f5fcd06fda04a4bff3bee716436ec9a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:92:7f:c3:11:f7:c4:3d:73:2a:2d:a0:6a:47:
                    d4:88:d0:00:bb:30:ea:1e:c9:4f:d7:b3:56:bb:e5:
                    21:41:46:49:f9:3e:8c:18:20:df:9b:f9:c9:fb:66:
                    1e:27:ac:0b:bb:ff:a6:09:de:a7:40:c9:5f:90:19:
                    6b:24:e9:24:0a:43:86:0e:72:b8:bc:74:f1:3d:81:
                    bd:9b:ba:9c:e1:cb:3c:db:db:4c:82:32:0e:3f:a6:
                    00:b1:04:62:a7:e4:5d:50:ef:7b:d2:ed:1f:e2:c5:
                    e8:10:fb:1a:68:34:85:46:95:a9:5d:c8:6c:5f:78:
                    6e:bd:82:96:bd:c3:99:e3:66:d4:db:e5:c7:dd:4b:
                    7f:18:0d:60:ae:7c:8f:c7:b2:d8:c7:73:63:63:6a:
                    66:fd:b2:7c:f6:9c:42:6b:84:9c:e1:14:0c:d6:82:
                    1d:df:f0:5c:2b:e3:e3:f3:ef:0f:08:10:de:e5:f8:
                    26:ac:f6:7f:69:5b:79:02:8e:1d:13:09:aa:25:d5:
                    e9:86:e9:14:00:bf:3d:f8:cc:7a:fe:bd:b1:be:64:
                    7f:de:f7:75:6f:b9:19:ca:4f:d4:32:e9:01:03:39:
                    18:95:47:6d:4c:46:89:ca:d3:f5:89:be:26:a8:cc:
                    ff:f6:f8:57:c8:a1:4d:84:93:45:b1:c9:33:ba:16:
                    0d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:E8:E8:A1:07:68:BA:8A:48:CC:FF:5E:3F:3F:73:7D:EC:5F:D4:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2abe357-a286-4173-9db3-3fe355a4e8f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.31.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         ba:6a:5b:b3:4f:bd:32:43:85:05:bf:db:80:58:fb:bc:d9:34:
         b1:9d:f3:7c:46:9e:fe:bf:64:98:36:08:27:4b:fd:b5:c2:a9:
         22:7e:3d:35:10:3f:0c:fd:a8:5c:9c:18:20:04:1f:28:fa:25:
         2e:3b:9c:52:49:99:44:d7:59:32:f8:62:6d:b6:ca:3b:db:a9:
         ac:e8:53:c0:cc:d8:6d:08:d0:13:cd:bd:43:d9:de:bd:6f:c5:
         33:f4:c3:a5:b0:f6:54:d6:99:0a:79:c2:d4:b3:fa:f4:02:b2:
         a1:ae:12:bc:23:88:ea:25:ce:4d:2a:1c:ee:e3:17:9c:ec:ad:
         f9:60:ef:19:aa:24:a9:e0:31:e6:0e:36:f1:d4:42:d1:b3:75:
         ef:dc:5c:af:d1:04:35:db:f6:ca:5d:97:e1:fc:f9:94:21:ee:
         a1:2b:64:c6:5c:1b:8e:b1:85:24:36:e1:cf:31:8c:ff:05:6c:
         20:61:e8:8f:ec:6a:2d:d8:82:76:83:df:a3:5e:47:ee:1f:6b:
         4d:4a:87:c0:31:ad:27:11:00:a1:d1:e1:44:82:55:4d:8b:f8:
         b6:9e:84:45:d3:9b:c1:f9:24:ae:33:9a:90:7b:82:ed:b4:e9:
         3f:f5:d6:63:2c:bf:2a:9b:99:f3:bf:bc:e6:8f:93:f4:ac:55:
         37:9a:42:3e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQmaliM7i+YfJW0FwllF6bQGZXeMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODAxMTUxMTE2WhcNMjUwOTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YjBlNTE4ZDdiNzY0M2RhZTFkNGZiYzYyZjNkZjdlMDRm
NWZjZDA2ZmRhMDRhNGJmZjNiZWU3MTY0MzZlYzlhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClkn/DEffEPXMqLaBqR9SI0AC7MOoeyU/Xs1a75SFBRkn5
PowYIN+b+cn7Zh4nrAu7/6YJ3qdAyV+QGWsk6SQKQ4YOcri8dPE9gb2bupzhyzzb
20yCMg4/pgCxBGKn5F1Q73vS7R/ixegQ+xpoNIVGlaldyGxfeG69gpa9w5njZtTb
5cfdS38YDWCufI/HstjHc2Njamb9snz2nEJrhJzhFAzWgh3f8Fwr4+Pz7w8IEN7l
+Cas9n9pW3kCjh0TCaol1emG6RQAvz34zHr+vbG+ZH/e93VvuRnKT9Qy6QEDORiV
R21MRonK0/WJviaozP/2+FfIoU2Ek0WxyTO6Fg0DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUejooQdouopIzP9ePz9zfexf1O0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UyYWJlMzU3LWEyODYtNDE3My05ZGIzLTNmZTM1NWE0ZThmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXMH8AwDQYJKoZIhvcNAQELBQADggEBALpqW7NPvTJDhQW/24BY+7zZNLGd
83xGnv6/ZJg2CCdL/bXCqSJ+PTUQPwz9qFycGCAEHyj6JS47nFJJmUTXWTL4Ym22
yjvbqazoU8DM2G0I0BPNvUPZ3r1vxTP0w6Ww9lTWmQp5wtSz+vQCsqGuErwjiOol
zk0qHO7jF5zsrflg7xmqJKngMeYONvHUQtGzde/cXK/RBDXb9spdl+H8+ZQh7qEr
ZMZcG46xhSQ24c8xjP8FbCBh6I/sai3YgnaD36NeR+4fa01Kh8AxrScRAKHR4USC
VU2L+LaehEXTm8H5JK4zmpB7gu206T/11mMsvyqbmfO/vOaPk/SsVTeaQj4=
-----END CERTIFICATE-----