Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c88f27e-36bd-4da7-8797-ef971cd2b167.roa
File:                     2c88f27e-36bd-4da7-8797-ef971cd2b167.roa (raw, json)
Hash identifier:          BA2HoH1vE6uWaU2Y5PSC56C5S8j/OSUwV+ZxToEH4zQ=
Subject key identifier:   14:B0:B9:D7:1C:86:2A:B1:D6:FD:2C:42:D9:FE:1D:20:A3:F5:06:CD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       27A49CBB3C0F4F1E4EE8F47E0C654A0F46AE8D56
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c88f27e-36bd-4da7-8797-ef971cd2b167.roa
Signing time:             Tue 05 Aug 2025 00:52:12 +0000
ROA not before:           Tue 05 Aug 2025 00:52:12 +0000
ROA not after:            Tue 09 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        75.2.128.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:a4:9c:bb:3c:0f:4f:1e:4e:e8:f4:7e:0c:65:4a:0f:46:ae:8d:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug  5 00:52:12 2025 GMT
            Not After : Sep  9 23:59:59 2025 GMT
        Subject: serialNumber=9b15a884f8aea109e4dceecc40fdd5b2bada3a8349d2625d8537cbd46dc710e8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f6:d5:98:da:e4:b9:b0:f5:cb:83:86:f1:2b:
                    d0:11:91:0c:6b:9c:cb:16:bf:96:71:1a:1e:50:f1:
                    31:cc:72:cf:ad:03:22:77:87:1c:ba:4f:17:e9:f0:
                    7f:dc:07:4c:c2:12:57:cf:48:1d:eb:b1:ff:32:00:
                    7f:e6:02:f9:5a:94:b6:20:ae:eb:d9:30:21:34:17:
                    8e:1b:3d:b0:95:a5:8c:70:fc:e0:f6:d3:7b:ab:8b:
                    7a:4b:f1:d7:a3:0a:07:76:c8:ae:a4:13:f9:d8:a5:
                    f9:88:fd:fc:cc:b4:da:b0:cf:f9:af:21:e9:bf:bb:
                    7a:d7:0b:5f:7b:af:6c:88:ca:bc:5a:5d:6a:b7:c9:
                    b0:52:c4:af:ea:ed:a6:b9:29:5c:21:bd:9c:9e:21:
                    0a:3c:c8:05:88:b0:00:1e:84:20:52:e3:4e:ea:11:
                    b2:9e:5f:a5:30:35:58:37:d9:80:2b:3c:35:92:73:
                    fa:bb:3e:13:0b:03:fb:66:98:98:d8:ac:84:c6:8a:
                    94:64:8c:46:b2:66:e6:b6:03:a8:6c:6f:0b:fd:19:
                    7a:fd:cd:66:4e:45:35:90:f4:bd:59:9e:ea:cb:98:
                    b8:cb:41:dc:f3:72:e1:e3:ab:b8:ad:b2:99:14:ce:
                    ff:a4:dd:e2:f7:ef:96:ab:e5:b5:ba:51:7d:e0:46:
                    e9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:B0:B9:D7:1C:86:2A:B1:D6:FD:2C:42:D9:FE:1D:20:A3:F5:06:CD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2c88f27e-36bd-4da7-8797-ef971cd2b167.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.2.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         25:c5:b3:e3:5d:37:68:a7:d9:6d:ef:4b:10:b4:75:11:5a:cb:
         64:9e:4d:80:58:63:a9:c4:69:ba:92:f5:8a:e2:db:2d:eb:dc:
         d1:3b:32:07:bf:5a:f6:a2:28:4d:1a:63:28:3b:5f:75:4a:1f:
         3c:69:1a:40:4b:00:ca:94:dd:ff:48:8a:13:b2:68:ca:aa:f7:
         26:04:97:d7:95:dc:9a:76:c5:54:3c:42:ee:d2:3d:87:3c:27:
         09:9e:a3:01:1b:3c:46:18:e9:1f:bd:18:ab:da:69:33:bf:8a:
         4c:c3:c4:36:3b:38:cb:2b:64:15:b4:17:61:6b:ad:f5:ba:ab:
         da:56:fa:e2:9b:ac:b5:0d:af:ff:51:a3:f0:19:99:1f:f2:a6:
         42:b4:e6:a8:2e:47:69:3f:dc:94:3e:9f:1f:19:73:4f:f3:48:
         1a:02:79:4f:49:a6:ea:8a:4c:6e:6b:cb:ad:e7:51:4b:f4:4e:
         28:e0:39:a2:6b:9f:ab:df:2b:9b:47:e4:7d:06:5d:d5:26:57:
         58:3a:df:41:10:ac:bb:7d:ac:e1:05:23:e4:72:5a:ad:a4:3c:
         7a:ad:06:bc:17:ae:6b:ea:d5:71:4c:b3:84:3a:9d:96:7e:b6:
         78:11:65:26:57:4c:47:d6:95:69:1d:4f:e2:b0:6a:68:e3:40:
         b8:d1:52:c7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJ6ScuzwPTx5O6PR+DGVKD0aujVYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODA1MDA1MjEyWhcNMjUwOTA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjE1YTg4NGY4YWVhMTA5ZTRkY2VlY2M0MGZkZDViMmJh
ZGEzYTgzNDlkMjYyNWQ4NTM3Y2JkNDZkYzcxMGU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCT9tWY2uS5sPXLg4bxK9ARkQxrnMsWv5ZxGh5Q8THMcs+t
AyJ3hxy6Txfp8H/cB0zCElfPSB3rsf8yAH/mAvlalLYgruvZMCE0F44bPbCVpYxw
/OD203uri3pL8dejCgd2yK6kE/nYpfmI/fzMtNqwz/mvIem/u3rXC197r2yIyrxa
XWq3ybBSxK/q7aa5KVwhvZyeIQo8yAWIsAAehCBS407qEbKeX6UwNVg32YArPDWS
c/q7PhMLA/tmmJjYrITGipRkjEayZua2A6hsbwv9GXr9zWZORTWQ9L1ZnurLmLjL
QdzzcuHjq7itspkUzv+k3eL375ar5bW6UX3gRun3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFLC51xyGKrHW/SxC2f4dIKP1Bs0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJjODhmMjdlLTM2YmQtNGRhNy04Nzk3LWVmOTcxY2QyYjE2Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVLAoAwDQYJKoZIhvcNAQELBQADggEBACXFs+NdN2in2W3vSxC0dRFay2Se
TYBYY6nEabqS9Yri2y3r3NE7Mge/WvaiKE0aYyg7X3VKHzxpGkBLAMqU3f9IihOy
aMqq9yYEl9eV3Jp2xVQ8Qu7SPYc8JwmeowEbPEYY6R+9GKvaaTO/ikzDxDY7OMsr
ZBW0F2FrrfW6q9pW+uKbrLUNr/9Ro/AZmR/ypkK05qguR2k/3JQ+nx8Zc0/zSBoC
eU9JpuqKTG5ry63nUUv0TijgOaJrn6vfK5tH5H0GXdUmV1g630EQrLt9rOEFI+Ry
Wq2kPHqtBrwXrmvq1XFMs4Q6nZZ+tngRZSZXTEfWlWkdT+KwamjjQLjRUsc=
-----END CERTIFICATE-----