Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/09979197-79c0-48b0-823a-0eb71a344290.roa
File:                     09979197-79c0-48b0-823a-0eb71a344290.roa (raw, json)
Hash identifier:          Z4m0Ms81kPhmu2mrua/3Kh9ZN7jwd1/xJNlzx7Vq9/M=
Subject key identifier:   0D:EA:EF:A8:59:AC:DA:76:A3:7E:84:45:2A:E0:EF:4E:B6:51:F6:57
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2D4DCAA50F1B633A6C60F63E390975612B0CC27F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/09979197-79c0-48b0-823a-0eb71a344290.roa
Signing time:             Tue 12 Aug 2025 00:01:05 +0000
ROA not before:           Tue 12 Aug 2025 00:01:05 +0000
ROA not after:            Tue 16 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.175.48.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:4d:ca:a5:0f:1b:63:3a:6c:60:f6:3e:39:09:75:61:2b:0c:c2:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 12 00:01:05 2025 GMT
            Not After : Sep 16 23:59:59 2025 GMT
        Subject: serialNumber=5cef351b034cb626cd54247ba11b8d78bf41d8a8d6c40fc567c74dfd12872664, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ed:58:30:69:a2:d9:ac:73:52:9d:cc:e6:0d:
                    14:66:df:fe:86:ca:4b:fe:6d:93:a8:fd:3d:79:00:
                    74:43:1a:c5:f0:7d:1b:85:6f:d1:a6:e5:2b:5b:09:
                    f6:31:64:39:6e:e7:c0:b7:a9:34:99:25:14:48:42:
                    ed:d6:07:d2:69:d5:ab:52:c5:27:4d:35:52:bb:e3:
                    70:66:b1:bf:52:4a:16:41:f3:46:0f:ec:08:86:6a:
                    b5:32:f4:c3:14:61:9d:46:bf:a0:73:40:e9:9e:3e:
                    53:38:db:45:fc:3a:3c:68:8b:88:35:29:ac:84:bd:
                    85:3f:04:60:97:d1:ba:0b:45:a2:ff:ec:ed:7a:d3:
                    59:ad:55:6b:9b:3f:50:94:b8:07:7e:9e:18:09:77:
                    e4:ed:d2:78:dd:72:12:5f:4c:31:78:81:48:6c:4b:
                    a2:47:07:10:24:cf:8c:5d:fc:e3:a2:b7:63:57:fc:
                    e4:d1:f6:1e:b9:3c:cf:fd:67:b3:9e:b4:76:ef:4e:
                    f4:d0:86:10:59:dd:8e:b5:41:fa:ba:4c:17:b0:90:
                    5b:fd:73:a4:ba:fc:30:09:d1:c6:0c:82:cb:27:d0:
                    67:ec:48:34:1e:20:b2:48:e5:af:4a:4f:fa:47:eb:
                    ec:48:91:f7:62:5b:7a:19:ee:9a:cd:0e:49:bd:cc:
                    bf:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:EA:EF:A8:59:AC:DA:76:A3:7E:84:45:2A:E0:EF:4E:B6:51:F6:57
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/09979197-79c0-48b0-823a-0eb71a344290.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.175.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1f:b2:58:19:02:fc:73:f8:19:d3:5e:b5:98:74:97:85:34:e4:
         44:f5:e1:61:0d:39:30:70:49:ea:20:12:68:26:5e:69:0d:7c:
         7d:93:18:c1:17:a4:e4:47:13:eb:f0:b5:88:fc:61:55:57:eb:
         33:0c:01:d7:e7:40:39:a2:9d:79:0c:3b:cf:0a:81:e6:1f:6c:
         6c:3d:66:6c:a2:e0:2a:84:96:1e:33:98:85:14:39:9e:c2:a0:
         22:ae:59:e0:64:d3:06:71:a4:38:8c:dd:27:22:29:6f:b3:ee:
         aa:a4:80:dd:87:72:ea:85:ac:aa:36:e0:ef:fd:a0:89:9f:ee:
         99:80:10:96:4d:ef:b4:05:9a:01:b3:5c:7c:51:d2:39:0a:ef:
         bb:a0:b9:4a:6b:a3:4d:cc:18:b8:69:ed:3a:2a:eb:21:59:4b:
         cc:f9:8f:06:b6:01:43:ba:71:50:f8:1d:e8:31:52:62:f6:c8:
         69:64:e5:a3:a8:0a:99:c4:2e:6c:6b:60:d3:46:35:95:d5:ea:
         2f:05:6c:ac:8d:e7:0d:92:65:38:9d:b6:3e:f8:d2:be:66:f7:
         29:81:16:54:57:41:0a:57:49:e9:5a:35:92:bd:5e:f5:d5:c9:
         a9:1b:8c:a9:30:62:5c:94:64:dd:77:ab:76:31:6c:6d:6a:b5:
         13:ca:7d:fc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULU3KpQ8bYzpsYPY+OQl1YSsMwn8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODEyMDAwMTA1WhcNMjUwOTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Y2VmMzUxYjAzNGNiNjI2Y2Q1NDI0N2JhMTFiOGQ3OGJm
NDFkOGE4ZDZjNDBmYzU2N2M3NGRmZDEyODcyNjY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCS7VgwaaLZrHNSnczmDRRm3/6Gykv+bZOo/T15AHRDGsXw
fRuFb9Gm5StbCfYxZDlu58C3qTSZJRRIQu3WB9Jp1atSxSdNNVK743Bmsb9SShZB
80YP7AiGarUy9MMUYZ1Gv6BzQOmePlM420X8Ojxoi4g1KayEvYU/BGCX0boLRaL/
7O1601mtVWubP1CUuAd+nhgJd+Tt0njdchJfTDF4gUhsS6JHBxAkz4xd/OOit2NX
/OTR9h65PM/9Z7OetHbvTvTQhhBZ3Y61Qfq6TBewkFv9c6S6/DAJ0cYMgssn0Gfs
SDQeILJI5a9KT/pH6+xIkfdiW3oZ7prNDkm9zL9pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDervqFms2najfoRFKuDvTrZR9lcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA5OTc5MTk3LTc5YzAtNDhiMC04MjNhLTBlYjcxYTM0NDI5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARsrzAwDQYJKoZIhvcNAQELBQADggEBAB+yWBkC/HP4GdNetZh0l4U05ET1
4WENOTBwSeogEmgmXmkNfH2TGMEXpORHE+vwtYj8YVVX6zMMAdfnQDminXkMO88K
geYfbGw9Zmyi4CqElh4zmIUUOZ7CoCKuWeBk0wZxpDiM3SciKW+z7qqkgN2HcuqF
rKo24O/9oImf7pmAEJZN77QFmgGzXHxR0jkK77uguUpro03MGLhp7Toq6yFZS8z5
jwa2AUO6cVD4HegxUmL2yGlk5aOoCpnELmxrYNNGNZXV6i8FbKyN5w2SZTidtj74
0r5m9ymBFlRXQQpXSelaNZK9XvXVyakbjKkwYlyUZN13q3YxbG1qtRPKffw=
-----END CERTIFICATE-----