Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17e1b75e-5428-4ec7-860a-8774e7c6459f.roa
File:                     17e1b75e-5428-4ec7-860a-8774e7c6459f.roa (raw, json)
Hash identifier:          l8zA3xh9zZDElBCkoQmmuw8pWhUnRNQavKdidoEurdA=
Subject key identifier:   6F:23:E0:7E:FA:09:DA:8A:A4:51:8D:09:1A:64:89:F7:2D:BF:AD:20
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       55FA813A443BBEBC9E436B6193146276DF244A93
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17e1b75e-5428-4ec7-860a-8774e7c6459f.roa
Signing time:             Sat 26 Apr 2025 00:00:22 +0000
ROA not before:           Sat 26 Apr 2025 00:00:22 +0000
ROA not after:            Sat 31 May 2025 23:59:59 +0000
asID:                     26982
IP address blocks:        204.87.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:fa:81:3a:44:3b:be:bc:9e:43:6b:61:93:14:62:76:df:24:4a:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 26 00:00:22 2025 GMT
            Not After : May 31 23:59:59 2025 GMT
        Subject: serialNumber=4b16f27f0cdf83451b6f7f2ae977341da940c14899c87b5d91a52dc501fd82b3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f2:36:a9:ab:35:bf:b1:89:29:52:c5:7c:1a:
                    4e:7d:05:d0:2d:55:b5:cb:58:7e:5a:53:54:1d:a8:
                    6d:9f:fa:32:bf:2a:ff:a9:44:0f:11:2e:16:2b:6f:
                    b1:03:9a:26:16:bf:89:ff:53:7d:83:cf:14:55:d7:
                    15:74:fb:30:4d:17:c3:dc:dc:53:2c:a7:72:92:42:
                    db:54:85:bd:f2:1f:ef:f3:71:f5:3c:81:5a:7d:64:
                    bc:0b:fd:fd:4e:87:29:43:aa:37:d8:e0:5f:05:04:
                    7c:58:0e:4d:27:46:67:77:77:da:58:f0:09:11:65:
                    a6:57:47:4a:27:60:92:0d:9d:68:57:5c:12:4a:f5:
                    e2:43:29:3c:33:4f:51:b7:af:6c:41:14:51:f9:b4:
                    cd:5c:45:21:ad:b9:28:b5:c5:13:d6:07:de:34:f8:
                    a2:a2:60:58:37:55:02:fe:c1:a9:90:ef:7a:eb:44:
                    dd:86:7b:87:6c:e8:01:ff:69:e8:00:87:82:05:08:
                    1d:c0:2d:84:a0:ea:a3:9c:56:a3:b2:d9:3a:75:19:
                    ec:c4:f7:70:fa:fc:cc:db:2d:cb:9e:b0:01:58:6f:
                    d2:99:2a:2b:49:17:76:bb:4a:25:9e:f2:59:1a:f6:
                    0b:d0:c5:6a:e3:c4:27:bd:08:08:53:09:cd:49:f1:
                    19:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:23:E0:7E:FA:09:DA:8A:A4:51:8D:09:1A:64:89:F7:2D:BF:AD:20
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/17e1b75e-5428-4ec7-860a-8774e7c6459f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.87.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:eb:48:90:ae:53:00:2e:8f:5e:04:92:25:57:b7:86:22:d7:
         fe:b5:29:ab:97:8a:53:13:48:64:c4:f1:be:c0:bd:b6:01:90:
         d7:c7:73:7f:c9:a7:a9:c3:08:d2:94:dc:7d:44:7f:6c:2b:9c:
         e4:fa:24:b2:bd:77:3d:c8:26:c0:74:e1:78:79:c3:30:69:0c:
         1e:c4:d4:b9:b2:0d:7d:a4:4b:95:51:cc:5e:67:da:c1:4d:97:
         f8:43:66:5b:ce:05:be:e2:f4:0e:5d:0a:25:e3:03:a3:82:e7:
         14:e9:91:f8:99:2e:f7:56:fb:c6:d2:e9:bd:47:42:48:16:5e:
         aa:36:9c:3c:90:26:32:26:66:0b:d0:95:14:45:43:4d:46:98:
         26:ab:d8:d6:a2:d0:f1:bb:58:11:de:c9:1d:e0:55:4d:ea:b2:
         39:24:d9:2f:66:65:f6:68:88:31:20:fc:79:b7:16:39:36:2a:
         ad:7e:1e:2c:f5:b2:84:91:1c:b0:b2:b8:f3:1f:67:0f:af:b3:
         cf:17:d2:ba:f4:85:95:69:1c:84:d5:7e:a1:de:db:b6:06:72:
         ee:43:9a:ad:2c:6f:3c:9c:03:32:75:bf:0a:d4:9e:5b:90:11:
         2d:6e:2f:bd:c7:0a:45:72:84:1e:21:dc:25:75:ab:64:87:b5:
         d6:c2:4a:34
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVfqBOkQ7vryeQ2thkxRidt8kSpMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI2MDAwMDIyWhcNMjUwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YjE2ZjI3ZjBjZGY4MzQ1MWI2ZjdmMmFlOTc3MzQxZGE5
NDBjMTQ4OTljODdiNWQ5MWE1MmRjNTAxZmQ4MmIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz8japqzW/sYkpUsV8Gk59BdAtVbXLWH5aU1QdqG2f+jK/
Kv+pRA8RLhYrb7EDmiYWv4n/U32DzxRV1xV0+zBNF8Pc3FMsp3KSQttUhb3yH+/z
cfU8gVp9ZLwL/f1OhylDqjfY4F8FBHxYDk0nRmd3d9pY8AkRZaZXR0onYJINnWhX
XBJK9eJDKTwzT1G3r2xBFFH5tM1cRSGtuSi1xRPWB940+KKiYFg3VQL+wamQ73rr
RN2Ge4ds6AH/aegAh4IFCB3ALYSg6qOcVqOy2Tp1GezE93D6/MzbLcuesAFYb9KZ
KitJF3a7SiWe8lka9gvQxWrjxCe9CAhTCc1J8RnZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbyPgfvoJ2oqkUY0JGmSJ9y2/rSAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE3ZTFiNzVlLTU0MjgtNGVjNy04NjBhLTg3NzRlN2M2NDU5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADMV7kwDQYJKoZIhvcNAQELBQADggEBAKbrSJCuUwAuj14EkiVXt4Yi1/61
KauXilMTSGTE8b7AvbYBkNfHc3/Jp6nDCNKU3H1Ef2wrnOT6JLK9dz3IJsB04Xh5
wzBpDB7E1LmyDX2kS5VRzF5n2sFNl/hDZlvOBb7i9A5dCiXjA6OC5xTpkfiZLvdW
+8bS6b1HQkgWXqo2nDyQJjImZgvQlRRFQ01GmCar2Nai0PG7WBHeyR3gVU3qsjkk
2S9mZfZoiDEg/Hm3Fjk2Kq1+Hiz1soSRHLCyuPMfZw+vs88X0rr0hZVpHITVfqHe
27YGcu5Dmq0sbzycAzJ1vwrUnluQES1uL73HCkVyhB4h3CV1q2SHtdbCSjQ=
-----END CERTIFICATE-----