Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2edf8204-bf2c-49e4-b210-cc2b92b584ed.roa
File:                     2edf8204-bf2c-49e4-b210-cc2b92b584ed.roa (raw, json)
Hash identifier:          0g5FnfymVWnxIzXHCBIBE+sXlUs/KBy1pMKStCMmUAc=
Subject key identifier:   2B:FF:6F:D1:7F:8F:00:27:28:F9:D7:8B:C4:7D:7D:52:38:E8:76:AD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       721BC3FAA2187E6A05264E2AD2D38999EEF022AD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2edf8204-bf2c-49e4-b210-cc2b92b584ed.roa
Signing time:             Fri 18 Apr 2025 00:31:05 +0000
ROA not before:           Fri 18 Apr 2025 00:31:05 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        207.21.240.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:1b:c3:fa:a2:18:7e:6a:05:26:4e:2a:d2:d3:89:99:ee:f0:22:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 18 00:31:05 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=ded7b1b5a80ff4e940aa81b54da8051cffb8e58eac5fd33a3608cc067c7853a3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:fb:12:86:5e:65:f6:7b:6c:38:54:52:a5:08:
                    d1:53:a2:b3:1d:29:ed:e2:7e:ea:ec:f8:4f:28:fc:
                    6f:4b:3b:59:76:62:8b:b4:23:ed:31:72:af:31:1d:
                    53:33:e5:81:a8:71:b7:de:b5:c5:70:27:5f:0e:66:
                    50:17:be:4d:1a:3a:9e:67:94:94:55:9c:b0:3b:63:
                    75:87:6f:c8:35:7f:73:d2:34:71:b9:b3:23:86:9a:
                    87:5d:0a:0c:e1:a3:a6:8d:a7:80:02:02:f0:5a:5b:
                    b5:25:c0:3b:e2:b0:ff:c4:9c:c5:d0:5a:b5:96:dd:
                    d2:24:ec:cc:e9:83:6a:1c:07:de:11:cb:d4:8b:4d:
                    17:c5:8c:79:55:87:f4:f5:44:cb:05:e4:92:01:60:
                    a6:cb:23:7b:19:4d:f2:c8:ce:a9:7b:77:80:bd:53:
                    2c:63:e6:d4:a7:29:ea:7d:58:2b:f7:f7:20:69:cc:
                    dd:2a:bf:14:aa:f6:6c:d9:26:b8:63:05:22:14:b4:
                    59:b4:f4:cb:35:cd:15:61:8f:f5:2f:06:e6:2b:10:
                    3d:29:0b:34:13:9f:0b:0a:6a:77:8d:5a:1c:05:9f:
                    e2:6d:2e:a3:5f:11:d9:e2:54:c1:d8:9f:4b:1f:4f:
                    74:44:10:89:57:c1:a7:4e:a9:1b:27:cd:65:c1:a2:
                    df:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:FF:6F:D1:7F:8F:00:27:28:F9:D7:8B:C4:7D:7D:52:38:E8:76:AD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2edf8204-bf2c-49e4-b210-cc2b92b584ed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.21.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:b4:21:fc:ff:c7:c5:b7:9d:e9:2e:27:98:84:53:f4:23:18:
         ee:1f:dc:2a:4e:78:25:8f:eb:eb:a8:0d:01:e6:44:d0:a2:6f:
         f6:41:83:37:f4:39:e9:d6:b6:92:2b:65:9b:29:31:4b:98:d8:
         3f:0b:1d:17:a0:aa:c0:b0:92:c3:a0:c4:6a:2c:78:c3:25:f3:
         3f:39:c8:3c:36:e7:e0:bb:ec:24:b2:76:46:c0:e0:56:e4:e5:
         68:16:85:64:97:31:c5:5b:4b:70:db:f0:c4:cf:88:02:67:33:
         a8:a0:ee:e2:56:60:ed:cf:11:e8:74:20:9d:da:26:d7:a4:c3:
         79:d5:5f:33:63:8d:a7:54:43:87:99:07:48:26:72:d4:2b:34:
         10:9c:a7:0a:a3:ff:c4:20:4c:fb:2e:91:54:af:f7:5c:76:ff:
         64:ff:3f:f5:da:db:d2:d4:78:d3:7d:38:f5:cb:de:2d:30:2c:
         00:35:f7:5f:12:99:4d:29:16:10:cd:16:5b:1b:53:d1:07:63:
         8c:d6:c5:b0:c7:11:1d:be:89:e3:e7:30:6a:b1:f6:d4:f1:14:
         7d:53:13:44:c2:57:26:90:5c:dd:41:76:44:e9:87:5c:ce:dc:
         da:d4:f2:11:5c:76:d6:74:55:85:ef:a3:c4:7b:79:ed:5d:72:
         96:7a:71:53
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUchvD+qIYfmoFJk4q0tOJme7wIq0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE4MDAzMTA1WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZWQ3YjFiNWE4MGZmNGU5NDBhYTgxYjU0ZGE4MDUxY2Zm
YjhlNThlYWM1ZmQzM2EzNjA4Y2MwNjdjNzg1M2EzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZ+xKGXmX2e2w4VFKlCNFTorMdKe3ifurs+E8o/G9LO1l2
You0I+0xcq8xHVMz5YGocbfetcVwJ18OZlAXvk0aOp5nlJRVnLA7Y3WHb8g1f3PS
NHG5syOGmoddCgzho6aNp4ACAvBaW7UlwDvisP/EnMXQWrWW3dIk7Mzpg2ocB94R
y9SLTRfFjHlVh/T1RMsF5JIBYKbLI3sZTfLIzql7d4C9Uyxj5tSnKep9WCv39yBp
zN0qvxSq9mzZJrhjBSIUtFm09Ms1zRVhj/UvBuYrED0pCzQTnwsKaneNWhwFn+Jt
LqNfEdniVMHYn0sfT3REEIlXwadOqRsnzWXBot8xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUK/9v0X+PACco+deLxH19Ujjodq0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJlZGY4MjA0LWJmMmMtNDllNC1iMjEwLWNjMmI5MmI1ODRlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALPFfAwDQYJKoZIhvcNAQELBQADggEBABa0Ifz/x8W3nekuJ5iEU/QjGO4f
3CpOeCWP6+uoDQHmRNCib/ZBgzf0OenWtpIrZZspMUuY2D8LHRegqsCwksOgxGos
eMMl8z85yDw25+C77CSydkbA4Fbk5WgWhWSXMcVbS3Db8MTPiAJnM6ig7uJWYO3P
Eeh0IJ3aJtekw3nVXzNjjadUQ4eZB0gmctQrNBCcpwqj/8QgTPsukVSv91x2/2T/
P/Xa29LUeNN9OPXL3i0wLAA1918SmU0pFhDNFlsbU9EHY4zWxbDHER2+iePnMGqx
9tTxFH1TE0TCVyaQXN1BdkTph1zO3NrU8hFcdtZ0VYXvo8R7ee1dcpZ6cVM=
-----END CERTIFICATE-----