Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e0677c68-3681-4e3c-b63a-e2dfdd5e0779.roa
File:                     e0677c68-3681-4e3c-b63a-e2dfdd5e0779.roa (raw, json)
Hash identifier:          JfIMMrL5FTS6vpzdv3BGo3kag7bAMCHj7BgO947S4Fg=
Subject key identifier:   D4:42:C0:34:8C:CA:01:F9:BB:5C:C1:D8:4E:5F:FE:E4:DD:C3:4E:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5CEC0C1EB1E86837934881461F3F2D93E8B67CD8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e0677c68-3681-4e3c-b63a-e2dfdd5e0779.roa
Signing time:             Wed 25 Jun 2025 00:10:44 +0000
ROA not before:           Wed 25 Jun 2025 00:10:44 +0000
ROA not after:            Wed 30 Jul 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        64.252.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:ec:0c:1e:b1:e8:68:37:93:48:81:46:1f:3f:2d:93:e8:b6:7c:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 25 00:10:44 2025 GMT
            Not After : Jul 30 23:59:59 2025 GMT
        Subject: serialNumber=87510f6527a5870a78cd1681e8b146de02ad49f08a31d06657a1f212edfb32eb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d3:e4:ac:9c:31:57:26:b8:58:2d:42:58:3c:
                    e0:0b:1a:81:5e:e2:f2:3a:c5:7e:02:55:35:f6:7a:
                    81:8d:98:a1:7c:87:2f:3f:8d:ff:24:37:28:4b:38:
                    0b:04:99:ac:28:b4:3c:88:8e:75:ca:52:3a:bf:78:
                    ab:b7:b4:a3:ea:f0:b4:d4:ef:2c:55:f2:5e:70:48:
                    59:51:2a:9f:2f:ca:bb:f8:af:8b:60:18:d7:cd:9f:
                    0c:de:d3:f8:4e:28:9c:a5:65:82:c5:73:b5:75:53:
                    66:d6:59:60:8f:76:2d:f5:73:dc:53:f9:32:50:a4:
                    74:02:e4:41:3f:27:21:71:0a:6b:ce:85:b2:29:8a:
                    4d:50:1c:9a:88:e2:88:e6:39:28:b3:58:fa:36:54:
                    d3:0c:30:0d:d5:82:0e:cd:ce:5d:ff:6c:7d:87:c3:
                    1c:96:63:72:3d:c7:39:0d:5c:b9:5d:51:bb:de:eb:
                    65:be:18:97:a7:34:8d:69:8c:c6:32:5f:a8:e6:2c:
                    53:8a:55:4d:9d:96:70:53:3d:8a:2f:5f:04:92:a5:
                    87:9e:dc:e1:b3:84:37:d9:ff:8d:19:f1:8c:20:ce:
                    13:53:43:61:5a:d8:12:a3:85:08:03:08:7f:82:ca:
                    85:af:24:79:76:9d:76:af:45:4e:97:07:e2:7a:ca:
                    a9:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:42:C0:34:8C:CA:01:F9:BB:5C:C1:D8:4E:5F:FE:E4:DD:C3:4E:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e0677c68-3681-4e3c-b63a-e2dfdd5e0779.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:89:45:68:65:83:a9:47:c1:fe:ba:9f:e9:d9:ef:c1:29:e6:
         22:d1:15:e2:1d:2d:d5:81:82:6f:44:3b:81:07:e5:00:8d:92:
         93:59:11:81:03:ad:8a:e0:18:a6:dd:5c:59:11:27:41:01:7c:
         95:28:38:c9:df:39:7a:29:6c:aa:ca:f5:3d:44:e3:0c:02:a8:
         c5:01:90:c9:32:90:97:e5:5a:c0:c5:8d:58:5b:ff:e2:22:1b:
         c3:5d:c8:b7:3f:83:ed:f2:30:ab:a8:47:01:d5:2d:b7:53:71:
         dc:e4:95:97:92:28:ca:6c:f5:af:a6:b4:ae:3b:0e:0f:3d:6c:
         cd:db:33:eb:72:d5:6d:1a:f5:11:ad:ca:2c:2b:32:20:db:ee:
         2d:74:3f:78:73:44:2f:57:b4:1e:e7:f2:02:bd:16:23:6a:3d:
         46:d9:82:ae:3d:13:2d:66:41:33:45:9b:6f:2c:d5:08:2a:60:
         8f:84:f1:1c:5b:18:3a:45:6f:dc:72:12:2c:33:36:c7:14:49:
         f5:c1:c0:2c:89:c4:13:26:5b:a0:32:7c:8e:97:1e:79:e7:19:
         62:7d:05:cf:1e:71:74:c6:b5:55:bc:32:14:0c:7b:82:34:d7:
         d8:b3:78:51:91:79:ff:94:d3:82:57:13:8e:e2:c3:20:7e:d8:
         40:5a:82:0a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXOwMHrHoaDeTSIFGHz8tk+i2fNgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjI1MDAxMDQ0WhcNMjUwNzMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NzUxMGY2NTI3YTU4NzBhNzhjZDE2ODFlOGIxNDZkZTAy
YWQ0OWYwOGEzMWQwNjY1N2ExZjIxMmVkZmIzMmViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs0+SsnDFXJrhYLUJYPOALGoFe4vI6xX4CVTX2eoGNmKF8
hy8/jf8kNyhLOAsEmawotDyIjnXKUjq/eKu3tKPq8LTU7yxV8l5wSFlRKp8vyrv4
r4tgGNfNnwze0/hOKJylZYLFc7V1U2bWWWCPdi31c9xT+TJQpHQC5EE/JyFxCmvO
hbIpik1QHJqI4ojmOSizWPo2VNMMMA3Vgg7Nzl3/bH2HwxyWY3I9xzkNXLldUbve
62W+GJenNI1pjMYyX6jmLFOKVU2dlnBTPYovXwSSpYee3OGzhDfZ/40Z8YwgzhNT
Q2Fa2BKjhQgDCH+CyoWvJHl2nXavRU6XB+J6yqnzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1ELANIzKAfm7XMHYTl/+5N3DTjgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UwNjc3YzY4LTM2ODEtNGUzYy1iNjNhLWUyZGZkZDVlMDc3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/H0wDQYJKoZIhvcNAQELBQADggEBAL6JRWhlg6lHwf66n+nZ78Ep5iLR
FeIdLdWBgm9EO4EH5QCNkpNZEYEDrYrgGKbdXFkRJ0EBfJUoOMnfOXopbKrK9T1E
4wwCqMUBkMkykJflWsDFjVhb/+IiG8NdyLc/g+3yMKuoRwHVLbdTcdzklZeSKMps
9a+mtK47Dg89bM3bM+ty1W0a9RGtyiwrMiDb7i10P3hzRC9XtB7n8gK9FiNqPUbZ
gq49Ey1mQTNFm28s1QgqYI+E8RxbGDpFb9xyEiwzNscUSfXBwCyJxBMmW6AyfI6X
HnnnGWJ9Bc8ecXTGtVW8MhQMe4I019izeFGRef+U04JXE47iwyB+2EBaggo=
-----END CERTIFICATE-----