Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1519bd4-803a-4d79-9743-3ed1df6ffb69.roa
File:                     c1519bd4-803a-4d79-9743-3ed1df6ffb69.roa (raw, json)
Hash identifier:          3omI4NQ7gNkPs7dGhUDz60Ny1+QZDXeuugAYl5qv110=
Subject key identifier:   A8:12:FF:45:7B:DA:0B:C4:8E:32:48:D4:55:F5:67:4E:ED:92:3C:86
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3BA320F39062841C0B5FD7AACAC969EE95E1EFE3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1519bd4-803a-4d79-9743-3ed1df6ffb69.roa
Signing time:             Tue 24 Jun 2025 00:01:38 +0000
ROA not before:           Tue 24 Jun 2025 00:01:38 +0000
ROA not after:            Tue 29 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        162.250.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:a3:20:f3:90:62:84:1c:0b:5f:d7:aa:ca:c9:69:ee:95:e1:ef:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 24 00:01:38 2025 GMT
            Not After : Jul 29 23:59:59 2025 GMT
        Subject: serialNumber=3ae931402e25c515cb7d426186e8028b5bf6307e00ad1c2b0506a6fc895cc8be, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:35:30:dd:26:53:b1:c8:dd:8a:75:ff:66:5f:
                    d4:b6:9e:f5:eb:3e:a5:0f:09:9c:b3:58:c5:dd:da:
                    15:7d:42:b4:34:b8:4a:d1:9c:e2:92:a9:76:a7:47:
                    c8:a8:53:e7:46:d0:4c:ba:08:db:18:63:76:48:0a:
                    e2:94:d5:77:b5:01:bc:00:02:54:8a:64:a4:cf:82:
                    75:cf:3a:35:d2:05:3c:23:2d:57:ac:6e:dc:3e:9d:
                    ff:69:40:9d:36:11:54:e6:32:81:4c:b0:11:39:e7:
                    e0:f0:bd:94:30:fc:b0:5a:1e:45:63:3e:f8:e4:0d:
                    51:d1:bc:2c:1e:1e:f6:6d:e6:18:f6:9b:41:e7:1b:
                    a7:c5:a6:58:2e:c2:94:a8:e7:72:c3:11:89:54:12:
                    dc:84:01:5e:b0:61:1f:53:50:c5:2e:c9:ab:ab:ed:
                    60:65:35:0a:8d:e8:6c:c1:32:e3:bf:9f:2e:50:29:
                    92:88:cc:0e:dd:a1:1f:60:1a:b9:38:ab:64:9a:fd:
                    e5:1e:93:41:b2:3b:a1:68:84:3a:93:63:be:eb:34:
                    ec:89:b3:f9:53:16:fe:11:77:8d:97:79:84:53:22:
                    43:6d:21:c6:7f:2c:35:2a:29:91:8a:9f:31:5a:6e:
                    b9:bb:ef:91:f4:e5:80:84:3f:60:97:0d:6a:68:bc:
                    9c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:12:FF:45:7B:DA:0B:C4:8E:32:48:D4:55:F5:67:4E:ED:92:3C:86
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c1519bd4-803a-4d79-9743-3ed1df6ffb69.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.250.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:92:00:8d:ee:2a:ab:b2:08:35:1a:51:63:3b:de:7c:d8:06:
         f0:cd:9d:db:a7:72:f1:12:6a:80:1c:f5:d3:b9:91:b2:a5:83:
         e7:c7:8b:c3:f3:ac:c1:8c:e4:63:9f:4d:69:5e:10:5e:c0:b2:
         55:72:00:e9:5b:cf:fc:cf:3e:cf:6b:43:a7:a3:4d:ad:45:71:
         ee:d0:82:9d:52:2d:5f:16:b5:e2:93:4d:5e:4d:eb:aa:8e:d9:
         56:0b:3b:cd:40:e0:3d:7d:44:ee:5b:15:47:54:51:56:96:17:
         97:51:e5:1c:58:99:e9:46:fb:87:99:26:d1:9a:02:f0:7b:82:
         4f:0f:71:25:71:fc:b0:a9:ec:76:dc:1a:ea:cb:2a:bc:5f:9e:
         eb:5a:84:92:8e:60:66:78:bb:e7:15:be:d2:4f:ce:4a:a7:7b:
         24:14:e3:4d:3c:93:0c:ac:2f:dc:c1:e7:52:ee:7e:82:8d:ba:
         45:c3:0a:fa:52:76:20:8e:ce:08:5b:a2:8c:ff:ec:66:d7:76:
         6f:fa:5b:59:ed:4a:7f:14:8f:01:92:8a:5f:f4:3a:ab:93:c1:
         91:30:64:67:7d:fc:cf:44:0d:db:17:fd:0e:35:ee:49:7f:23:
         f8:e7:db:69:90:06:e7:e8:62:48:68:4c:f2:2e:4e:f7:18:88:
         72:fd:64:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO6Mg85BihBwLX9eqyslp7pXh7+MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjI0MDAwMTM4WhcNMjUwNzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYWU5MzE0MDJlMjVjNTE1Y2I3ZDQyNjE4NmU4MDI4YjVi
ZjYzMDdlMDBhZDFjMmIwNTA2YTZmYzg5NWNjOGJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoNTDdJlOxyN2Kdf9mX9S2nvXrPqUPCZyzWMXd2hV9QrQ0
uErRnOKSqXanR8ioU+dG0Ey6CNsYY3ZICuKU1Xe1AbwAAlSKZKTPgnXPOjXSBTwj
LVesbtw+nf9pQJ02EVTmMoFMsBE55+DwvZQw/LBaHkVjPvjkDVHRvCweHvZt5hj2
m0HnG6fFplguwpSo53LDEYlUEtyEAV6wYR9TUMUuyaur7WBlNQqN6GzBMuO/ny5Q
KZKIzA7doR9gGrk4q2Sa/eUek0GyO6FohDqTY77rNOyJs/lTFv4Rd42XeYRTIkNt
IcZ/LDUqKZGKnzFabrm775H05YCEP2CXDWpovJw1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqBL/RXvaC8SOMkjUVfVnTu2SPIYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MxNTE5YmQ0LTgwM2EtNGQ3OS05NzQzLTNlZDFkZjZmZmI2OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKi+uwwDQYJKoZIhvcNAQELBQADggEBAAWSAI3uKquyCDUaUWM73nzYBvDN
nduncvESaoAc9dO5kbKlg+fHi8PzrMGM5GOfTWleEF7AslVyAOlbz/zPPs9rQ6ej
Ta1Fce7Qgp1SLV8WteKTTV5N66qO2VYLO81A4D19RO5bFUdUUVaWF5dR5RxYmelG
+4eZJtGaAvB7gk8PcSVx/LCp7HbcGurLKrxfnutahJKOYGZ4u+cVvtJPzkqneyQU
4008kwysL9zB51LufoKNukXDCvpSdiCOzghbooz/7GbXdm/6W1ntSn8UjwGSil/0
OquTwZEwZGd9/M9EDdsX/Q417kl/I/jn22mQBufoYkhoTPIuTvcYiHL9ZHI=
-----END CERTIFICATE-----