Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af2b29ee-eb9b-4b98-8632-62271a0714e4.roa
File:                     af2b29ee-eb9b-4b98-8632-62271a0714e4.roa (raw, json)
Hash identifier:          HAEep1PsEZaMI2BWr1spXR2TTjTCR93VCEMDm4v0RmA=
Subject key identifier:   27:FB:87:BD:7C:2E:32:AB:3B:88:97:66:06:12:01:8F:2B:F7:AC:70
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7828280A811F3DEC41AD47CA62A972867CBB64FE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af2b29ee-eb9b-4b98-8632-62271a0714e4.roa
Signing time:             Tue 17 Jun 2025 00:11:17 +0000
ROA not before:           Tue 17 Jun 2025 00:11:17 +0000
ROA not after:            Tue 22 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        202.174.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 02 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:28:28:0a:81:1f:3d:ec:41:ad:47:ca:62:a9:72:86:7c:bb:64:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 17 00:11:17 2025 GMT
            Not After : Jul 22 23:59:59 2025 GMT
        Subject: serialNumber=9b91a06f23f612fca94ee0b64d4eb9b640d14965a0d5728e07ca8fd6ece54b1f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:f1:8e:7f:f6:5f:97:b0:af:74:b8:2a:54:e2:
                    c7:57:de:e5:7a:f2:8d:30:3c:f5:c2:8f:7e:13:51:
                    47:3b:58:5d:c7:fd:d1:da:aa:ca:59:87:56:a4:db:
                    94:61:4a:f8:7c:79:97:b8:6d:11:c5:13:7b:5a:5a:
                    9e:e1:23:c0:e7:da:31:a8:13:3c:44:7b:16:3f:ad:
                    b3:a6:18:3f:3e:75:4f:10:db:6a:62:56:9d:e9:56:
                    59:d8:87:de:14:e4:ce:c4:c8:26:be:3c:05:9b:4b:
                    12:a1:e1:2f:0f:c3:25:65:ea:20:3f:c2:53:cc:09:
                    d6:b6:88:f8:55:70:55:e9:8d:44:4e:81:6a:9f:c4:
                    bb:33:be:6e:a6:ff:b4:23:80:01:04:d7:60:b1:ae:
                    17:91:e8:fd:9c:ad:b2:e8:d1:a5:53:a7:48:9e:84:
                    23:3b:2c:d6:39:f8:f5:4a:d9:5d:39:82:0a:27:0c:
                    15:f2:d6:b7:b5:16:0f:7f:72:11:1c:f1:98:e4:f1:
                    3f:70:b1:07:9c:a7:7b:87:97:d7:b5:cc:fc:a5:7d:
                    7e:bf:ea:27:da:76:c1:18:a3:79:02:4e:6a:df:58:
                    b2:b4:48:e5:43:28:e6:a4:e9:98:aa:69:98:c9:d0:
                    f7:45:3d:b9:68:7b:cb:69:18:35:86:c4:71:ef:e1:
                    78:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:FB:87:BD:7C:2E:32:AB:3B:88:97:66:06:12:01:8F:2B:F7:AC:70
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af2b29ee-eb9b-4b98-8632-62271a0714e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.174.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:a6:fa:15:75:70:ca:2c:99:a3:3f:a4:89:ca:32:21:98:07:
         50:61:84:10:1e:43:9c:c1:be:8b:a6:6f:27:d6:e7:77:d1:59:
         dc:b7:b6:a3:ee:f4:cf:68:fb:fc:76:f3:10:3f:7b:b2:e8:7b:
         00:e6:38:2e:77:4a:62:ce:c8:ee:60:e0:34:31:75:8a:6b:b0:
         45:4b:92:19:74:89:71:ba:cf:e8:1e:cb:26:54:22:12:37:4e:
         40:0f:d0:79:69:5a:c3:54:01:29:20:69:be:77:ad:52:6d:53:
         ce:c6:f1:28:e3:80:a5:32:50:aa:94:42:75:01:76:c8:fe:e8:
         22:c2:e5:4f:2e:ac:4f:d5:cd:d5:c3:15:cf:08:70:21:86:8e:
         89:64:4c:fa:10:27:d2:33:d4:03:c5:e0:cc:10:88:3f:66:a8:
         97:ef:be:e9:8f:7c:f1:60:e0:c5:81:77:6d:f8:51:55:0c:86:
         82:68:df:95:c6:8a:bc:b6:8e:b1:28:36:3a:bd:fd:70:d7:67:
         38:ac:87:b4:7b:a8:9c:87:4b:32:c7:12:eb:46:bf:d0:d1:63:
         f5:3d:4f:f1:6f:8f:6c:d9:a2:ee:65:f8:26:18:f6:0f:f1:7d:
         44:ba:63:23:59:fd:a1:f3:2c:4c:ad:83:1e:43:91:02:88:b3:
         49:00:9a:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeCgoCoEfPexBrUfKYqlyhny7ZP4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE3MDAxMTE3WhcNMjUwNzIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjkxYTA2ZjIzZjYxMmZjYTk0ZWUwYjY0ZDRlYjliNjQw
ZDE0OTY1YTBkNTcyOGUwN2NhOGZkNmVjZTU0YjFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC88Y5/9l+XsK90uCpU4sdX3uV68o0wPPXCj34TUUc7WF3H
/dHaqspZh1ak25RhSvh8eZe4bRHFE3taWp7hI8Dn2jGoEzxEexY/rbOmGD8+dU8Q
22piVp3pVlnYh94U5M7EyCa+PAWbSxKh4S8PwyVl6iA/wlPMCda2iPhVcFXpjURO
gWqfxLszvm6m/7QjgAEE12CxrheR6P2crbLo0aVTp0iehCM7LNY5+PVK2V05ggon
DBXy1re1Fg9/chEc8Zjk8T9wsQecp3uHl9e1zPylfX6/6ifadsEYo3kCTmrfWLK0
SOVDKOak6ZiqaZjJ0PdFPbloe8tpGDWGxHHv4XhLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJ/uHvXwuMqs7iJdmBhIBjyv3rHAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmMmIyOWVlLWViOWItNGI5OC04NjMyLTYyMjcxYTA3MTRlNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADKroEwDQYJKoZIhvcNAQELBQADggEBAJim+hV1cMosmaM/pInKMiGYB1Bh
hBAeQ5zBvoumbyfW53fRWdy3tqPu9M9o+/x28xA/e7LoewDmOC53SmLOyO5g4DQx
dYprsEVLkhl0iXG6z+geyyZUIhI3TkAP0HlpWsNUASkgab53rVJtU87G8SjjgKUy
UKqUQnUBdsj+6CLC5U8urE/VzdXDFc8IcCGGjolkTPoQJ9Iz1APF4MwQiD9mqJfv
vumPfPFg4MWBd234UVUMhoJo35XGiry2jrEoNjq9/XDXZzish7R7qJyHSzLHEutG
v9DRY/U9T/Fvj2zZou5l+CYY9g/xfUS6YyNZ/aHzLEytgx5DkQKIs0kAmrk=
-----END CERTIFICATE-----