Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52e698cb-7ef2-4f07-b77c-1efce483dab4.roa
File:                     52e698cb-7ef2-4f07-b77c-1efce483dab4.roa (raw, json)
Hash identifier:          KTTyZ2CFPyQZ8zB9L80W4CKJBQGWAxz9XvyK5KIhcsk=
Subject key identifier:   02:E2:B8:1A:A4:26:D4:E3:91:B9:56:D3:7D:45:4A:D2:65:FD:90:F3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       30B50803573672B68826CA84BFE8AFD42E675FC6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52e698cb-7ef2-4f07-b77c-1efce483dab4.roa
Signing time:             Mon 18 Aug 2025 15:00:33 +0000
ROA not before:           Mon 18 Aug 2025 15:00:33 +0000
ROA not after:            Mon 22 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:b5:08:03:57:36:72:b6:88:26:ca:84:bf:e8:af:d4:2e:67:5f:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 18 15:00:33 2025 GMT
            Not After : Sep 22 23:59:59 2025 GMT
        Subject: serialNumber=3b0c5c7df35bce07186f92580921133f69d5d4c0cbf0dc213d531b7314eaf3ae, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:58:64:a9:47:e0:07:af:49:20:48:1e:65:dd:
                    24:e4:b4:08:d8:e8:dc:20:f4:f9:b5:21:33:04:06:
                    14:4f:96:84:60:2d:27:cc:25:4d:22:ab:27:db:41:
                    d6:ee:0e:84:4f:97:a6:a6:43:cd:f3:23:bb:97:98:
                    8d:6b:a4:20:18:a4:bb:6e:b9:b8:fd:9b:27:cb:9e:
                    0e:ab:1b:ca:7c:5a:be:5e:18:8d:0f:0e:f8:f1:46:
                    90:63:e6:1e:6c:82:47:3b:3f:35:ee:db:dd:b5:53:
                    9c:2c:f1:63:c5:94:68:53:e5:7c:8e:f6:cb:7e:c3:
                    87:fa:c8:13:db:fd:5f:69:ea:1b:61:9c:5e:bb:98:
                    88:54:a9:22:dd:3b:93:78:90:0e:d1:78:78:98:44:
                    19:4e:3c:34:a8:b4:a7:74:98:c3:66:79:11:69:56:
                    76:d4:36:21:ad:6d:ff:61:13:2e:e6:b9:53:ee:e0:
                    39:4b:c3:b7:18:f2:39:34:38:5e:a6:82:e5:54:98:
                    49:7e:43:d4:ef:ee:3c:ff:5e:3e:5c:4f:df:35:bf:
                    53:6e:50:3e:61:2a:bb:8c:80:26:06:7c:a5:90:b3:
                    aa:48:89:3b:72:23:f3:64:bd:8f:5c:81:3e:b4:76:
                    ad:40:82:35:39:f7:27:c5:8a:39:5e:50:a8:9a:9d:
                    08:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:E2:B8:1A:A4:26:D4:E3:91:B9:56:D3:7D:45:4A:D2:65:FD:90:F3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52e698cb-7ef2-4f07-b77c-1efce483dab4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:45:4c:69:f6:42:55:75:6a:35:5e:c2:74:4b:37:b5:9c:02:
         e0:4e:a6:57:17:29:48:3d:bd:c1:14:64:72:d0:f8:4c:fb:57:
         70:cf:a3:b8:85:a6:89:55:5c:e8:fd:30:8e:7b:a7:b3:06:fc:
         af:9c:41:1c:ee:da:c7:2b:fd:9e:b2:27:42:67:25:96:bc:75:
         7e:61:2d:dd:63:96:d6:4b:3d:2b:c8:16:39:75:c0:09:1f:4e:
         a9:fd:b6:b2:d8:c9:de:96:7f:ba:1b:4b:22:6d:3b:02:e4:7a:
         80:ff:1a:81:b5:49:45:fd:4b:dd:26:56:a3:ef:1e:bb:6b:3b:
         41:bc:fd:63:e2:f2:26:f9:f9:a1:47:9a:93:86:f1:54:4d:e8:
         6a:c0:60:4a:88:d2:50:b7:1d:48:bf:4f:7d:3e:69:44:b3:02:
         de:86:19:00:66:50:1e:1d:42:72:34:2c:00:c1:b6:2a:bb:97:
         2d:84:2e:0b:98:ea:42:de:43:6f:34:aa:3c:f4:b7:60:08:a8:
         19:cb:40:24:da:97:b7:2d:b7:06:92:34:1a:c4:29:39:9d:03:
         f2:39:51:fc:80:74:1e:0e:45:8b:96:1f:2e:21:dc:8f:37:0a:
         a6:56:ab:dd:70:a3:fe:69:90:ed:00:d0:e0:72:3a:a2:cf:cb:
         54:92:06:d7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMLUIA1c2craIJsqEv+iv1C5nX8YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODE4MTUwMDMzWhcNMjUwOTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYjBjNWM3ZGYzNWJjZTA3MTg2ZjkyNTgwOTIxMTMzZjY5
ZDVkNGMwY2JmMGRjMjEzZDUzMWI3MzE0ZWFmM2FlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWWGSpR+AHr0kgSB5l3STktAjY6Nwg9Pm1ITMEBhRPloRg
LSfMJU0iqyfbQdbuDoRPl6amQ83zI7uXmI1rpCAYpLtuubj9myfLng6rG8p8Wr5e
GI0PDvjxRpBj5h5sgkc7PzXu2921U5ws8WPFlGhT5XyO9st+w4f6yBPb/V9p6hth
nF67mIhUqSLdO5N4kA7ReHiYRBlOPDSotKd0mMNmeRFpVnbUNiGtbf9hEy7muVPu
4DlLw7cY8jk0OF6mguVUmEl+Q9Tv7jz/Xj5cT981v1NuUD5hKruMgCYGfKWQs6pI
iTtyI/NkvY9cgT60dq1AgjU59yfFijleUKianQgzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAuK4GqQm1OORuVbTfUVK0mX9kPMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUyZTY5OGNiLTdlZjItNGYwNy1iNzdjLTFlZmNlNDgzZGFiNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEoMwDQYJKoZIhvcNAQELBQADggEBAE9FTGn2QlV1ajVewnRLN7WcAuBO
plcXKUg9vcEUZHLQ+Ez7V3DPo7iFpolVXOj9MI57p7MG/K+cQRzu2scr/Z6yJ0Jn
JZa8dX5hLd1jltZLPSvIFjl1wAkfTqn9trLYyd6Wf7obSyJtOwLkeoD/GoG1SUX9
S90mVqPvHrtrO0G8/WPi8ib5+aFHmpOG8VRN6GrAYEqI0lC3HUi/T30+aUSzAt6G
GQBmUB4dQnI0LADBtiq7ly2ELguY6kLeQ280qjz0t2AIqBnLQCTal7cttwaSNBrE
KTmdA/I5UfyAdB4ORYuWHy4h3I83CqZWq91wo/5pkO0A0OByOqLPy1SSBtc=
-----END CERTIFICATE-----