Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea8bdb21-13ef-4fcb-bd54-6e345c8e3232.roa
File:                     ea8bdb21-13ef-4fcb-bd54-6e345c8e3232.roa (raw, json)
Hash identifier:          qKvFs7gLle9cwf3eMHofjfUcVzHUhmX+dULE7kdwrmo=
Subject key identifier:   AB:D4:86:6C:9B:6D:AB:B2:2E:6E:6B:B0:02:32:DB:92:69:FB:7A:0F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7E3CEBB1CAC8EFB4ECE0F84DA5664343E604FD62
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea8bdb21-13ef-4fcb-bd54-6e345c8e3232.roa
Signing time:             Mon 16 Jun 2025 15:41:37 +0000
ROA not before:           Mon 16 Jun 2025 15:41:37 +0000
ROA not after:            Mon 21 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.224.196.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 18 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:3c:eb:b1:ca:c8:ef:b4:ec:e0:f8:4d:a5:66:43:43:e6:04:fd:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 16 15:41:37 2025 GMT
            Not After : Jul 21 23:59:59 2025 GMT
        Subject: serialNumber=a2adf28e16119f27719e146858ec8aa59d3c5412430ab4f0f4c70df5848633ad, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:a1:d0:c9:e2:62:62:51:ea:69:3e:8d:76:ac:
                    51:2f:3a:f6:f7:ec:a6:8a:53:ef:08:f6:e3:54:e6:
                    1a:9b:fc:ca:ae:47:41:44:f1:6a:9d:9e:a6:32:c2:
                    54:ed:be:6a:43:19:8d:3c:0a:56:77:2b:8d:85:72:
                    05:2c:26:e1:90:86:c8:bf:6b:aa:4e:00:9d:2e:a4:
                    c3:b9:3f:2d:5d:9a:a4:c4:40:57:15:eb:54:96:10:
                    ab:7f:d9:14:e1:79:68:5c:1f:e3:5f:62:2c:fe:f0:
                    7e:fd:d6:37:e4:5c:ef:98:c6:7e:c7:55:07:ee:53:
                    fe:f6:91:89:b7:05:61:71:86:6e:3c:06:db:07:ab:
                    d0:97:57:6b:bf:62:12:1c:dc:cc:7d:9e:49:03:13:
                    2a:91:ef:f4:0e:00:e0:24:ef:94:c7:ce:47:34:36:
                    52:2b:18:68:60:9a:d2:80:ea:aa:7c:c0:ff:8b:8d:
                    9e:94:fe:84:6d:80:82:9a:4b:5a:28:4f:5d:a9:e1:
                    94:b8:a7:e5:dd:49:6b:ff:7f:85:3f:09:d8:b9:7d:
                    16:08:97:fb:d4:1a:64:e5:c7:00:5c:51:6c:a2:d0:
                    34:94:1d:07:05:72:a9:26:db:29:2b:20:4d:50:33:
                    37:44:6a:ed:66:44:0d:2e:5e:a2:34:dc:62:89:73:
                    7f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D4:86:6C:9B:6D:AB:B2:2E:6E:6B:B0:02:32:DB:92:69:FB:7A:0F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea8bdb21-13ef-4fcb-bd54-6e345c8e3232.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.224.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:f1:e1:f8:66:f2:21:29:51:ed:d8:79:8e:dd:81:92:f4:ff:
         33:82:0d:fa:50:fa:3d:9f:5d:71:af:79:70:ce:51:b2:27:a5:
         0d:9b:7d:25:50:ba:5f:50:33:2c:ab:29:36:56:53:da:87:56:
         6d:d3:21:94:2c:20:36:e1:9f:0e:df:4e:8c:a5:f8:ff:a0:64:
         11:87:89:13:80:e3:b4:f8:77:78:80:ba:b2:0a:bf:86:ee:35:
         25:f4:a3:77:f2:ef:18:0e:77:a1:96:3f:e5:1f:14:6f:25:e6:
         ff:92:75:aa:42:ba:65:e5:7b:01:ab:67:d0:89:ac:e9:f4:3d:
         6f:e0:2c:34:1c:52:ad:83:b8:8b:64:7e:39:09:5c:6e:62:8b:
         12:7c:5e:4e:74:ca:28:99:44:a8:64:55:2f:1c:3d:71:24:80:
         35:a6:fc:d8:f9:db:29:d1:20:51:be:c0:05:23:df:3a:44:03:
         7f:0c:d6:0e:6a:a6:27:de:95:b3:c6:30:f7:ff:61:15:84:b8:
         a9:47:ce:a4:da:95:ab:32:e6:66:e0:01:49:72:d7:df:49:f8:
         a1:06:2a:18:a9:cb:ec:cb:69:97:5d:39:5f:11:9b:48:61:0c:
         9c:13:b4:6b:b7:6f:36:04:80:53:cb:dc:7d:7a:78:4c:50:95:
         f2:f2:56:14
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfjzrscrI77Ts4PhNpWZDQ+YE/WIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE2MTU0MTM3WhcNMjUwNzIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMmFkZjI4ZTE2MTE5ZjI3NzE5ZTE0Njg1OGVjOGFhNTlk
M2M1NDEyNDMwYWI0ZjBmNGM3MGRmNTg0ODYzM2FkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBodDJ4mJiUeppPo12rFEvOvb37KaKU+8I9uNU5hqb/Mqu
R0FE8WqdnqYywlTtvmpDGY08ClZ3K42FcgUsJuGQhsi/a6pOAJ0upMO5Py1dmqTE
QFcV61SWEKt/2RTheWhcH+NfYiz+8H791jfkXO+Yxn7HVQfuU/72kYm3BWFxhm48
BtsHq9CXV2u/YhIc3Mx9nkkDEyqR7/QOAOAk75THzkc0NlIrGGhgmtKA6qp8wP+L
jZ6U/oRtgIKaS1ooT12p4ZS4p+XdSWv/f4U/Cdi5fRYIl/vUGmTlxwBcUWyi0DSU
HQcFcqkm2ykrIE1QMzdEau1mRA0uXqI03GKJc38FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUq9SGbJttq7IubmuwAjLbkmn7eg8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VhOGJkYjIxLTEzZWYtNGZjYi1iZDU0LTZlMzQ1YzhlMzIzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJG4MQwDQYJKoZIhvcNAQELBQADggEBABTx4fhm8iEpUe3YeY7dgZL0/zOC
DfpQ+j2fXXGveXDOUbInpQ2bfSVQul9QMyyrKTZWU9qHVm3TIZQsIDbhnw7fToyl
+P+gZBGHiROA47T4d3iAurIKv4buNSX0o3fy7xgOd6GWP+UfFG8l5v+SdapCumXl
ewGrZ9CJrOn0PW/gLDQcUq2DuItkfjkJXG5iixJ8Xk50yiiZRKhkVS8cPXEkgDWm
/Nj52ynRIFG+wAUj3zpEA38M1g5qpifelbPGMPf/YRWEuKlHzqTalasy5mbgAUly
199J+KEGKhipy+zLaZddOV8Rm0hhDJwTtGu3bzYEgFPL3H16eExQlfLyVhQ=
-----END CERTIFICATE-----