Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87751506-109d-4e47-bab8-88c4bb79ada9.roa
File:                     87751506-109d-4e47-bab8-88c4bb79ada9.roa (raw, json)
Hash identifier:          1P/soflWO7pIbyot3hJguJvnSUSpjBEfR/HygG13neY=
Subject key identifier:   8D:8D:F2:1F:19:05:74:C0:2C:68:7B:32:EC:9B:D9:22:92:93:01:4E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1ACC18FDA0579E075EE8584AA26BA1E4F16D4E76
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87751506-109d-4e47-bab8-88c4bb79ada9.roa
Signing time:             Sat 16 Aug 2025 00:22:20 +0000
ROA not before:           Sat 16 Aug 2025 00:22:20 +0000
ROA not after:            Sat 20 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        24.110.0.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:cc:18:fd:a0:57:9e:07:5e:e8:58:4a:a2:6b:a1:e4:f1:6d:4e:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Aug 16 00:22:20 2025 GMT
            Not After : Sep 20 23:59:59 2025 GMT
        Subject: serialNumber=4a252281c05f00b1209dca32df6afb3d984480e5ece919f530af485c3b0f1808, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:43:04:32:18:53:08:b3:5d:0f:37:2c:39:ad:
                    33:2d:9a:97:1c:52:7d:2d:11:84:e4:6f:13:22:a5:
                    55:17:ae:ef:d5:41:7e:75:b9:7a:95:ac:41:5b:79:
                    28:ff:b2:5c:ae:3f:1e:ae:54:6c:43:6e:f0:9a:66:
                    fe:42:9b:71:1d:c9:8b:5b:cc:d3:c3:24:5c:cc:ee:
                    e6:e4:51:88:9b:48:13:87:7e:5a:07:c2:b5:08:8a:
                    8b:db:09:dd:16:56:12:50:c6:ce:9f:4c:8f:4b:a4:
                    08:5b:8e:6d:46:13:7b:f5:85:01:9c:67:9b:ef:6a:
                    15:17:7c:b0:a5:3c:be:5f:6c:8f:98:c8:65:b8:a9:
                    8b:02:1f:5a:27:9b:9b:0c:70:f7:08:97:92:d6:dd:
                    e0:07:75:65:75:b7:45:58:ef:c6:c2:f9:4b:52:b9:
                    27:23:3f:4d:4b:54:d2:c9:6a:75:23:d3:d7:7a:6c:
                    f0:a0:1f:f4:81:86:23:52:9c:d7:4e:ce:46:62:67:
                    2e:db:ca:f0:29:f6:6f:4a:05:83:82:33:70:58:b4:
                    3d:bf:98:93:c5:70:3c:c1:2a:2b:79:18:eb:b4:c5:
                    b9:30:66:ed:c6:b3:e7:e6:4a:71:6f:fb:63:25:25:
                    a2:49:02:23:79:34:30:b6:5d:5d:17:b2:8e:92:d9:
                    cc:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:8D:F2:1F:19:05:74:C0:2C:68:7B:32:EC:9B:D9:22:92:93:01:4E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/87751506-109d-4e47-bab8-88c4bb79ada9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  24.110.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         93:b0:dd:14:77:71:e2:97:e7:2f:b7:60:53:fb:d9:35:bb:aa:
         fb:67:8c:2b:48:a7:86:9b:a7:d1:89:e9:c6:34:60:79:88:52:
         14:68:4c:dd:9f:df:ed:d1:3b:e8:19:db:f9:d7:1e:66:45:87:
         3d:d0:1a:ad:2e:a1:61:b2:d6:de:af:11:43:ce:8c:29:78:19:
         d2:15:82:3b:1f:95:bd:c4:3c:cf:3b:c1:ba:3b:2e:97:9e:df:
         f4:1b:8e:67:ca:d9:0c:6c:b5:db:d6:11:1f:77:a1:11:66:02:
         79:91:f7:39:2d:b3:28:e9:57:6d:17:8a:0f:42:73:85:ae:c4:
         bd:f1:35:14:28:3b:bd:12:87:47:49:4b:6a:e6:ac:47:51:41:
         97:95:f8:5e:6b:99:f3:55:24:fd:cd:56:86:05:c6:98:7f:f5:
         ee:08:8a:bb:62:84:25:7d:fb:16:78:99:25:5e:08:1b:d5:5b:
         fe:f0:31:c4:d1:60:ef:1c:60:d3:bf:23:e6:e9:d1:b2:f7:62:
         85:bf:73:ca:d1:b9:2e:11:0e:40:b3:63:7a:92:f2:68:30:2b:
         b2:34:e1:71:42:3d:97:36:8b:22:93:90:09:69:89:85:3e:79:
         68:0d:41:ad:69:33:35:3e:41:e3:19:40:0a:19:8e:9d:ee:35:
         78:de:ec:dc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGswY/aBXngde6FhKomuh5PFtTnYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwODE2MDAyMjIwWhcNMjUwOTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YTI1MjI4MWMwNWYwMGIxMjA5ZGNhMzJkZjZhZmIzZDk4
NDQ4MGU1ZWNlOTE5ZjUzMGFmNDg1YzNiMGYxODA4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEQwQyGFMIs10PNyw5rTMtmpccUn0tEYTkbxMipVUXru/V
QX51uXqVrEFbeSj/slyuPx6uVGxDbvCaZv5Cm3EdyYtbzNPDJFzM7ubkUYibSBOH
floHwrUIiovbCd0WVhJQxs6fTI9LpAhbjm1GE3v1hQGcZ5vvahUXfLClPL5fbI+Y
yGW4qYsCH1onm5sMcPcIl5LW3eAHdWV1t0VY78bC+UtSuScjP01LVNLJanUj09d6
bPCgH/SBhiNSnNdOzkZiZy7byvAp9m9KBYOCM3BYtD2/mJPFcDzBKit5GOu0xbkw
Zu3Gs+fmSnFv+2MlJaJJAiN5NDC2XV0Xso6S2cwJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjY3yHxkFdMAsaHsy7JvZIpKTAU4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg3NzUxNTA2LTEwOWQtNGU0Ny1iYWI4LTg4YzRiYjc5YWRhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMYbgAwDQYJKoZIhvcNAQELBQADggEBAJOw3RR3ceKX5y+3YFP72TW7qvtn
jCtIp4abp9GJ6cY0YHmIUhRoTN2f3+3RO+gZ2/nXHmZFhz3QGq0uoWGy1t6vEUPO
jCl4GdIVgjsflb3EPM87wbo7Lpee3/QbjmfK2QxstdvWER93oRFmAnmR9zktsyjp
V20Xig9Cc4WuxL3xNRQoO70Sh0dJS2rmrEdRQZeV+F5rmfNVJP3NVoYFxph/9e4I
irtihCV9+xZ4mSVeCBvVW/7wMcTRYO8cYNO/I+bp0bL3YoW/c8rRuS4RDkCzY3qS
8mgwK7I04XFCPZc2iyKTkAlpiYU+eWgNQa1pMzU+QeMZQAoZjp3uNXje7Nw=
-----END CERTIFICATE-----