Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb56cb92-b2af-486c-8e14-550871fce8cf.roa
File:                     cb56cb92-b2af-486c-8e14-550871fce8cf.roa (raw, json)
Hash identifier:          0lxcvGxXSfkOPkLlpEA8i7IBp4+7pJsK3rss0VhGbqc=
Subject key identifier:   92:B5:BC:A5:A9:73:BC:74:C0:6E:0A:77:AF:87:26:E7:37:C8:B0:9E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       17FE83F2B1933BC19DE8FA83266CB63002D3907E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb56cb92-b2af-486c-8e14-550871fce8cf.roa
Signing time:             Wed 18 Jun 2025 00:20:28 +0000
ROA not before:           Wed 18 Jun 2025 00:20:28 +0000
ROA not after:            Wed 23 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.131.192.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 02 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:fe:83:f2:b1:93:3b:c1:9d:e8:fa:83:26:6c:b6:30:02:d3:90:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 18 00:20:28 2025 GMT
            Not After : Jul 23 23:59:59 2025 GMT
        Subject: serialNumber=bd7ddc775b55bcd275f42679452f5ae304c2c4796ddbf37cf1e3a4298b9fd25e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:61:c8:75:f1:e6:53:d0:7b:39:48:03:b5:f6:
                    e6:9f:c9:57:5a:1d:ba:00:77:c4:45:08:c4:3d:c1:
                    da:1f:4c:3b:83:95:3b:73:72:9e:4b:ab:4a:2a:6d:
                    2f:0d:83:74:4c:e3:49:b6:80:1a:8e:d7:56:33:d1:
                    30:22:1e:20:44:2d:5c:30:0b:86:09:41:b6:a7:d1:
                    48:54:e2:62:25:4e:71:e8:b9:31:95:b2:91:83:25:
                    9f:e3:14:34:96:03:51:e0:c2:af:7b:f9:aa:fa:ff:
                    bc:fe:08:b9:99:6e:fb:e5:1a:dd:d7:f6:31:f5:7d:
                    df:df:df:4b:f7:d3:8f:26:e1:6d:a6:97:14:c2:6b:
                    6d:ff:03:c6:29:76:c0:97:97:aa:ab:ea:01:b0:c6:
                    4a:b7:e6:e1:6d:13:17:bc:7e:f6:03:01:22:fa:a6:
                    21:d2:f1:a5:89:63:1f:60:16:e8:61:4c:88:35:79:
                    3a:c2:c0:1b:1b:bd:e6:fc:20:1d:22:3a:73:72:7b:
                    31:18:1c:f7:f6:f6:70:16:e5:ab:ac:43:b1:28:b7:
                    92:2a:0e:47:3f:78:07:a9:c1:89:42:69:8c:92:0b:
                    1d:67:a9:c3:2b:81:56:e9:b2:71:f1:ea:0c:9a:82:
                    2e:1d:df:83:b7:7a:7f:4d:44:30:42:1c:a2:31:76:
                    ab:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:B5:BC:A5:A9:73:BC:74:C0:6E:0A:77:AF:87:26:E7:37:C8:B0:9E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb56cb92-b2af-486c-8e14-550871fce8cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.131.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         49:12:ed:f4:b2:56:c6:1f:ae:15:24:1a:d9:34:43:16:08:75:
         09:c5:1a:eb:c8:6e:dd:b3:2f:ec:20:71:f3:2d:eb:e5:77:6c:
         da:07:b8:de:12:7d:af:b6:ef:09:40:35:18:b1:b4:da:e7:38:
         01:cc:e8:15:2e:c8:a4:9f:f9:5c:c1:b1:7b:04:d7:d0:f2:fd:
         05:d0:91:c3:a6:9e:67:70:9f:de:33:bc:58:a5:e9:59:c0:6d:
         b4:f6:9d:4b:5a:90:6f:5d:8d:67:b2:a3:3c:f3:03:67:11:6d:
         36:e4:0e:84:30:3a:ff:b3:a9:15:37:f4:91:f3:7a:97:72:05:
         8e:62:82:68:3b:b6:bc:58:fe:ef:e0:61:07:54:1f:05:61:8d:
         98:23:be:a8:c4:0a:75:0c:b8:a3:aa:c4:b3:d0:f6:3d:2e:02:
         30:dd:fb:59:1c:77:7f:9b:ee:1a:25:44:76:93:a5:ec:80:47:
         00:32:49:1a:f9:42:40:6b:36:31:82:d4:62:e3:e4:29:f3:59:
         76:2d:dd:24:d7:6a:80:85:50:b7:6e:7d:39:85:d2:94:74:bd:
         69:29:ca:39:14:5b:94:ca:16:e4:fc:50:90:df:c2:ea:5c:99:
         03:0c:54:b9:9a:ef:5b:b0:ba:30:f3:6a:af:15:b1:59:58:7b:
         65:12:1e:9d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF/6D8rGTO8Gd6PqDJmy2MALTkH4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE4MDAyMDI4WhcNMjUwNzIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZDdkZGM3NzViNTViY2QyNzVmNDI2Nzk0NTJmNWFlMzA0
YzJjNDc5NmRkYmYzN2NmMWUzYTQyOThiOWZkMjVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZYch18eZT0Hs5SAO19uafyVdaHboAd8RFCMQ9wdofTDuD
lTtzcp5Lq0oqbS8Ng3RM40m2gBqO11Yz0TAiHiBELVwwC4YJQban0UhU4mIlTnHo
uTGVspGDJZ/jFDSWA1Hgwq97+ar6/7z+CLmZbvvlGt3X9jH1fd/f30v3048m4W2m
lxTCa23/A8YpdsCXl6qr6gGwxkq35uFtExe8fvYDASL6piHS8aWJYx9gFuhhTIg1
eTrCwBsbveb8IB0iOnNyezEYHPf29nAW5ausQ7Eot5IqDkc/eAepwYlCaYySCx1n
qcMrgVbpsnHx6gyagi4d34O3en9NRDBCHKIxdqvNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkrW8palzvHTAbgp3r4cm5zfIsJ4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NiNTZjYjkyLWIyYWYtNDg2Yy04ZTE0LTU1MDg3MWZjZThjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZGg8AwDQYJKoZIhvcNAQELBQADggEBAEkS7fSyVsYfrhUkGtk0QxYIdQnF
GuvIbt2zL+wgcfMt6+V3bNoHuN4Sfa+27wlANRixtNrnOAHM6BUuyKSf+VzBsXsE
19Dy/QXQkcOmnmdwn94zvFil6VnAbbT2nUtakG9djWeyozzzA2cRbTbkDoQwOv+z
qRU39JHzepdyBY5igmg7trxY/u/gYQdUHwVhjZgjvqjECnUMuKOqxLPQ9j0uAjDd
+1kcd3+b7holRHaTpeyARwAySRr5QkBrNjGC1GLj5CnzWXYt3STXaoCFULdufTmF
0pR0vWkpyjkUW5TKFuT8UJDfwupcmQMMVLma71uwujDzaq8VsVlYe2USHp0=
-----END CERTIFICATE-----