Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14996511-1a61-4837-b7ab-8a30bfda5d5e.roa
File:                     14996511-1a61-4837-b7ab-8a30bfda5d5e.roa (raw, json)
Hash identifier:          h12CcEjvoSGqTqemmzHS2Td5r4o98lVPOecUl/lIHUQ=
Subject key identifier:   D5:EA:8D:B7:46:A5:12:08:D6:A9:2A:7F:78:A5:D6:94:AA:F3:49:D7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0F254A5385E195B583610160F7B37E7800C4050B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14996511-1a61-4837-b7ab-8a30bfda5d5e.roa
Signing time:             Wed 09 Apr 2025 00:21:21 +0000
ROA not before:           Wed 09 Apr 2025 00:21:21 +0000
ROA not after:            Wed 14 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        63.243.0.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:25:4a:53:85:e1:95:b5:83:61:01:60:f7:b3:7e:78:00:c4:05:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  9 00:21:21 2025 GMT
            Not After : May 14 23:59:59 2025 GMT
        Subject: serialNumber=7568cc1c512256faccf88f934275d80cfe1e30e177665dc0d06e09496700bbd7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c1:04:a4:2c:bf:fd:d8:14:d8:5a:df:eb:67:
                    bc:9b:9b:3e:f8:40:7f:48:00:64:ae:28:8f:6c:ba:
                    72:c9:8d:ad:0b:49:82:6d:59:94:4b:f4:7f:65:cf:
                    42:b6:e4:f9:13:a5:ea:96:b0:a4:91:64:42:94:01:
                    a7:5a:cf:69:fb:de:ad:c5:23:37:22:86:30:68:3d:
                    91:a0:b6:12:a3:12:34:ba:31:61:f7:64:79:bb:07:
                    76:ac:b3:6c:2f:37:9f:ac:93:6c:dd:a2:82:fe:4b:
                    bb:82:06:54:0a:0a:80:69:a1:f5:3b:a8:67:c0:8f:
                    6d:63:7e:ed:55:c0:45:92:ed:ea:8e:38:77:3f:d3:
                    ba:5a:3f:c9:16:81:91:7e:1e:e8:86:1d:59:4e:6f:
                    25:cb:4a:2c:95:58:0e:80:1a:a0:91:46:07:29:51:
                    9f:3f:49:c9:2f:a3:55:c2:02:1d:f0:81:3e:8a:0b:
                    14:50:58:d2:f1:b1:78:ec:f5:4d:38:8f:98:42:b1:
                    9c:7e:63:78:b3:3b:24:61:ce:91:7b:2a:67:9b:e7:
                    fd:95:99:07:23:9b:21:33:29:8c:5d:6f:ea:c3:c6:
                    5e:a9:b0:57:1c:34:cb:f2:ca:42:e1:99:ab:50:0d:
                    1e:6e:4d:f5:bd:92:e5:2e:db:4f:ee:73:4e:bb:0e:
                    22:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:EA:8D:B7:46:A5:12:08:D6:A9:2A:7F:78:A5:D6:94:AA:F3:49:D7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/14996511-1a61-4837-b7ab-8a30bfda5d5e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.243.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         b1:72:af:5c:d1:15:0e:a3:f4:d0:4e:50:80:2b:88:a1:82:df:
         0a:e5:c1:66:6e:36:57:98:97:5c:39:cc:22:f0:fd:f4:db:40:
         e2:58:02:34:61:48:2b:52:18:19:e9:11:8f:a0:e7:01:a7:14:
         31:5d:1c:6a:fd:5f:da:31:4a:f8:3f:70:8f:3c:27:6e:f7:56:
         71:b9:45:0c:40:e6:bd:c2:5c:b9:a3:bd:82:98:f3:ac:61:6e:
         ae:aa:b6:76:af:f5:90:71:b4:61:57:a5:07:78:a5:00:99:1a:
         c0:e1:99:3c:52:0f:b5:6c:08:82:94:1b:8d:83:8c:97:22:b6:
         fb:fb:46:b8:41:2c:81:98:bf:b9:b9:8b:d8:6c:ef:69:f4:92:
         7a:d3:a1:ed:f5:8b:03:f9:ab:ac:5c:b8:bc:98:66:88:b0:d7:
         64:09:1c:dd:a2:6a:5d:5b:a6:9f:f2:45:0d:90:79:11:01:13:
         72:42:61:88:4c:2d:b3:6a:c6:ca:19:20:f8:99:20:9a:32:bb:
         9a:f5:f3:48:d9:28:61:89:e9:71:28:4d:34:92:bd:13:05:e7:
         25:a4:e8:f1:5b:39:42:6d:9a:54:26:79:45:1e:e0:d8:5c:35:
         2f:65:3c:21:f0:b6:83:b9:8d:15:52:fb:89:ad:59:97:14:ef:
         2d:4c:21:bd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDyVKU4XhlbWDYQFg97N+eADEBQswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA5MDAyMTIxWhcNMjUwNTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTY4Y2MxYzUxMjI1NmZhY2NmODhmOTM0Mjc1ZDgwY2Zl
MWUzMGUxNzc2NjVkYzBkMDZlMDk0OTY3MDBiYmQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbwQSkLL/92BTYWt/rZ7ybmz74QH9IAGSuKI9sunLJja0L
SYJtWZRL9H9lz0K25PkTpeqWsKSRZEKUAadaz2n73q3FIzcihjBoPZGgthKjEjS6
MWH3ZHm7B3ass2wvN5+sk2zdooL+S7uCBlQKCoBpofU7qGfAj21jfu1VwEWS7eqO
OHc/07paP8kWgZF+HuiGHVlObyXLSiyVWA6AGqCRRgcpUZ8/Sckvo1XCAh3wgT6K
CxRQWNLxsXjs9U04j5hCsZx+Y3izOyRhzpF7Kmeb5/2VmQcjmyEzKYxdb+rDxl6p
sFccNMvyykLhmatQDR5uTfW9kuUu20/uc067DiKdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1eqNt0alEgjWqSp/eKXWlKrzSdcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE0OTk2NTExLTFhNjEtNDgzNy1iN2FiLThhMzBiZmRhNWQ1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc/8wAwDQYJKoZIhvcNAQELBQADggEBALFyr1zRFQ6j9NBOUIAriKGC3wrl
wWZuNleYl1w5zCLw/fTbQOJYAjRhSCtSGBnpEY+g5wGnFDFdHGr9X9oxSvg/cI88
J273VnG5RQxA5r3CXLmjvYKY86xhbq6qtnav9ZBxtGFXpQd4pQCZGsDhmTxSD7Vs
CIKUG42DjJcitvv7RrhBLIGYv7m5i9hs72n0knrToe31iwP5q6xcuLyYZoiw12QJ
HN2ial1bpp/yRQ2QeREBE3JCYYhMLbNqxsoZIPiZIJoyu5r180jZKGGJ6XEoTTSS
vRMF5yWk6PFbOUJtmlQmeUUe4NhcNS9lPCHwtoO5jRVS+4mtWZcU7y1MIb0=
-----END CERTIFICATE-----