Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a2fbad4-ef20-49dd-9b21-8abbc46cef31.roa
File:                     0a2fbad4-ef20-49dd-9b21-8abbc46cef31.roa (raw, json)
Hash identifier:          kAvBuFJPt6gisCtLxOb/QE70JSdjUXuvhgXMT1rmC8g=
Subject key identifier:   41:B7:9A:07:3D:34:61:A0:B5:03:86:0C:1C:03:CA:F8:96:D3:10:B1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18A5777B02A03F56B57C3035FC8FF4ED913B8B64
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a2fbad4-ef20-49dd-9b21-8abbc46cef31.roa
Signing time:             Fri 25 Apr 2025 00:51:11 +0000
ROA not before:           Fri 25 Apr 2025 00:51:11 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.25.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:a5:77:7b:02:a0:3f:56:b5:7c:30:35:fc:8f:f4:ed:91:3b:8b:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 25 00:51:11 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=3665a9bcda0e068ae1f866683638c74ac96a2c82eff36769c26f6ff46a3b1415, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e7:41:63:ae:01:47:c3:30:0a:c3:fe:2c:84:
                    bf:8e:d9:ea:03:62:52:d2:41:17:9f:fb:6e:45:aa:
                    67:1b:3a:96:a3:4c:6c:31:a1:05:0c:47:44:8a:9f:
                    c2:3a:81:06:08:8b:46:95:d0:ba:63:59:02:e9:e9:
                    f2:53:38:00:21:45:30:cf:97:d7:ac:bf:f3:7a:65:
                    1c:78:ff:26:c9:a1:9a:7c:f7:bd:07:9a:d4:f0:21:
                    ed:75:a6:13:73:e0:39:56:5e:be:88:a2:63:69:30:
                    37:22:2a:1a:45:7e:5b:92:63:cb:eb:c2:48:67:ad:
                    dd:aa:b9:1b:b7:ae:12:23:e6:44:f0:a6:e2:04:e4:
                    02:40:5e:73:20:0b:c9:21:bc:76:46:a9:ee:a1:ad:
                    8d:2d:e7:13:2e:38:13:dc:eb:ac:62:b2:9a:fa:22:
                    07:9c:f6:25:a2:7f:a9:ea:7e:96:25:e3:88:de:65:
                    fa:9e:a2:aa:17:22:9b:ea:03:d4:11:74:39:b9:74:
                    30:f7:26:c6:9c:4e:17:65:df:24:5d:21:10:6d:3d:
                    3b:12:5b:c6:cc:62:a9:ea:46:5c:78:97:70:c1:5e:
                    bf:4c:32:ec:f4:77:78:a7:3d:94:f2:ab:f0:6b:4f:
                    93:e4:02:d6:8a:ae:c5:a3:ef:8f:e7:9e:46:f5:9e:
                    20:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:B7:9A:07:3D:34:61:A0:B5:03:86:0C:1C:03:CA:F8:96:D3:10:B1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a2fbad4-ef20-49dd-9b21-8abbc46cef31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.25.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:4c:32:60:42:4c:94:db:75:92:d9:c4:3d:66:eb:80:dd:92:
         39:ee:e2:62:b7:70:3a:50:9f:ef:74:d4:20:6d:43:42:72:32:
         17:1f:3c:1f:b4:fa:1c:78:41:aa:bb:41:2a:eb:40:f8:3b:e0:
         b5:f1:a4:30:de:b7:2e:76:76:f0:2b:5c:bf:20:9a:b8:8f:e6:
         80:87:d3:6c:32:c3:dd:67:b3:b3:64:a2:e3:8c:72:fc:6a:d2:
         ed:ad:43:fd:4a:de:de:25:66:85:a2:70:44:c1:ca:46:7f:d6:
         29:7d:05:a1:24:bc:44:04:d3:1d:63:0b:27:25:67:56:a3:0e:
         87:6a:af:ba:1e:3f:34:15:25:57:6a:be:44:d9:61:2e:e2:3e:
         d2:2f:64:23:58:6e:1c:44:67:f1:33:11:a7:f0:49:5b:59:40:
         54:cb:b7:00:3a:0a:95:02:33:0e:22:53:19:52:82:80:61:ec:
         50:72:d6:05:c6:fc:3d:34:19:6e:a5:b0:e1:6b:4f:f7:96:7b:
         2d:9d:54:10:be:2b:0c:25:e4:90:ce:7d:ef:67:52:4f:7e:ac:
         a2:85:05:54:5f:10:06:72:48:32:c1:b6:df:20:e5:5c:c3:52:
         02:66:01:07:4a:eb:1c:a7:00:24:ed:2f:39:65:21:f0:7b:70:
         ea:c5:32:2f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGKV3ewKgP1a1fDA1/I/07ZE7i2QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI1MDA1MTExWhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNjY1YTliY2RhMGUwNjhhZTFmODY2NjgzNjM4Yzc0YWM5
NmEyYzgyZWZmMzY3NjljMjZmNmZmNDZhM2IxNDE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC350FjrgFHwzAKw/4shL+O2eoDYlLSQRef+25FqmcbOpaj
TGwxoQUMR0SKn8I6gQYIi0aV0LpjWQLp6fJTOAAhRTDPl9esv/N6ZRx4/ybJoZp8
970HmtTwIe11phNz4DlWXr6IomNpMDciKhpFfluSY8vrwkhnrd2quRu3rhIj5kTw
puIE5AJAXnMgC8khvHZGqe6hrY0t5xMuOBPc66xispr6Igec9iWif6nqfpYl44je
ZfqeoqoXIpvqA9QRdDm5dDD3JsacThdl3yRdIRBtPTsSW8bMYqnqRlx4l3DBXr9M
Muz0d3inPZTyq/BrT5PkAtaKrsWj74/nnkb1niDpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQbeaBz00YaC1A4YMHAPK+JbTELEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBhMmZiYWQ0LWVmMjAtNDlkZC05YjIxLThhYmJjNDZjZWYzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2GVIwDQYJKoZIhvcNAQELBQADggEBAE1MMmBCTJTbdZLZxD1m64Ddkjnu
4mK3cDpQn+901CBtQ0JyMhcfPB+0+hx4Qaq7QSrrQPg74LXxpDDety52dvArXL8g
mriP5oCH02wyw91ns7NkouOMcvxq0u2tQ/1K3t4lZoWicETBykZ/1il9BaEkvEQE
0x1jCyclZ1ajDodqr7oePzQVJVdqvkTZYS7iPtIvZCNYbhxEZ/EzEafwSVtZQFTL
twA6CpUCMw4iUxlSgoBh7FBy1gXG/D00GW6lsOFrT/eWey2dVBC+Kwwl5JDOfe9n
Uk9+rKKFBVRfEAZySDLBtt8g5VzDUgJmAQdK6xynACTtLzllIfB7cOrFMi8=
-----END CERTIFICATE-----