Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30347c3e-7f8e-4f8c-bf8a-86186731bca9.roa
File:                     30347c3e-7f8e-4f8c-bf8a-86186731bca9.roa (raw, json)
Hash identifier:          LVdX2sPy7TWL6v7fgHhSMgPB+aJYBLeYKxlWk7MMUbc=
Subject key identifier:   CD:90:D4:36:97:E8:B6:2E:36:33:9D:E1:F9:B4:ED:7E:EE:8F:11:3B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F86FC2B864B3F6720C706E3798626A8A907F8CE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30347c3e-7f8e-4f8c-bf8a-86186731bca9.roa
Signing time:             Sat 26 Apr 2025 00:00:25 +0000
ROA not before:           Sat 26 Apr 2025 00:00:25 +0000
ROA not after:            Sat 31 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.17.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:86:fc:2b:86:4b:3f:67:20:c7:06:e3:79:86:26:a8:a9:07:f8:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 26 00:00:25 2025 GMT
            Not After : May 31 23:59:59 2025 GMT
        Subject: serialNumber=5a10149e13a40376f1a08ee4115161364b24d914418000855022de895318fcfe, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0e:b6:8c:f3:08:9b:9f:69:eb:12:f3:fa:5e:
                    12:90:dd:ea:be:24:2f:0c:8b:34:82:71:d9:d5:5e:
                    72:35:3f:80:f2:cc:fa:5f:06:72:ab:f3:fb:a0:be:
                    f1:7d:e1:9e:5f:03:d0:10:9a:ab:62:10:9d:e9:e3:
                    68:5e:31:b3:09:47:e0:b3:12:18:85:b8:f0:d7:1c:
                    5c:4d:a8:29:64:d0:9c:78:f7:b1:b4:2b:30:06:45:
                    5d:fb:b0:6b:5b:78:76:2d:f0:19:90:2b:7a:71:89:
                    17:24:16:5d:21:28:f1:44:fe:d0:24:a6:da:6a:a6:
                    d0:3b:1f:5e:1d:06:9e:f1:86:5c:7c:77:1e:b7:db:
                    51:17:f6:c2:19:00:eb:37:19:83:7e:5b:77:a1:bc:
                    cd:dc:83:a3:3e:e7:a6:73:c1:87:77:2d:cc:e4:6d:
                    52:fa:16:15:db:d0:15:9f:61:77:d3:34:a2:62:fa:
                    91:00:2a:1e:56:04:94:0e:e4:36:cc:8f:39:a5:ad:
                    96:de:6c:c6:ff:42:62:df:eb:a5:d6:e3:8d:b2:f7:
                    96:d8:ea:56:0a:f1:97:e6:80:73:5f:27:db:50:7e:
                    a9:fd:56:6c:e3:85:d1:bc:9e:64:41:8b:b4:14:dc:
                    3f:2a:e6:4f:e3:51:81:25:0a:34:46:12:45:8e:67:
                    ac:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:90:D4:36:97:E8:B6:2E:36:33:9D:E1:F9:B4:ED:7E:EE:8F:11:3B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30347c3e-7f8e-4f8c-bf8a-86186731bca9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.17.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         92:e9:10:0c:3c:b0:de:6e:91:03:fb:e2:27:23:b2:09:23:10:
         4e:a3:81:4e:bb:cd:c8:62:50:15:7f:74:ae:d0:3d:37:7f:b7:
         4b:f5:a9:03:88:2d:d2:e3:6b:4a:7a:21:f1:6e:21:83:86:90:
         4e:6f:fc:bb:ef:55:24:cf:34:4a:90:40:40:86:6c:b3:ee:9d:
         e4:b2:da:fc:c6:f0:56:0d:eb:da:4e:d8:d1:32:2e:2b:99:5f:
         50:14:66:c3:38:a8:34:96:88:4d:62:5a:ef:b9:63:14:3c:7f:
         68:74:9e:8b:ab:58:7b:7b:25:3e:24:f5:82:71:69:4c:39:d2:
         d0:08:92:a8:ba:8c:63:bc:2e:78:40:b4:cc:41:78:53:35:7a:
         40:3e:19:35:c0:08:51:40:2b:bd:24:74:f5:b5:d4:2d:58:e8:
         14:60:dc:7a:43:89:52:fb:d7:e4:93:81:a4:f0:61:5e:7f:fc:
         ec:86:b5:d2:ce:67:8c:83:f3:5e:62:a5:97:d8:26:39:b3:44:
         68:89:02:12:fb:2f:66:a9:2c:0c:82:4e:f2:80:6a:95:df:85:
         39:e8:32:9c:0b:5c:86:e2:88:52:a0:39:a3:8e:92:fe:b8:a3:
         45:43:64:63:34:55:07:e2:46:9d:fb:5c:77:5a:44:36:c8:30:
         27:7d:9d:8c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb4b8K4ZLP2cgxwbjeYYmqKkH+M4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI2MDAwMDI1WhcNMjUwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTEwMTQ5ZTEzYTQwMzc2ZjFhMDhlZTQxMTUxNjEzNjRi
MjRkOTE0NDE4MDAwODU1MDIyZGU4OTUzMThmY2ZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqDraM8wibn2nrEvP6XhKQ3eq+JC8MizSCcdnVXnI1P4Dy
zPpfBnKr8/ugvvF94Z5fA9AQmqtiEJ3p42heMbMJR+CzEhiFuPDXHFxNqClk0Jx4
97G0KzAGRV37sGtbeHYt8BmQK3pxiRckFl0hKPFE/tAkptpqptA7H14dBp7xhlx8
dx6321EX9sIZAOs3GYN+W3ehvM3cg6M+56ZzwYd3LczkbVL6FhXb0BWfYXfTNKJi
+pEAKh5WBJQO5DbMjzmlrZbebMb/QmLf66XW442y95bY6lYK8ZfmgHNfJ9tQfqn9
VmzjhdG8nmRBi7QU3D8q5k/jUYElCjRGEkWOZ6z5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzZDUNpfoti42M53h+bTtfu6PETswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMwMzQ3YzNlLTdmOGUtNGY4Yy1iZjhhLTg2MTg2NzMxYmNhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfYEYAwDQYJKoZIhvcNAQELBQADggEBAJLpEAw8sN5ukQP74icjsgkjEE6j
gU67zchiUBV/dK7QPTd/t0v1qQOILdLja0p6IfFuIYOGkE5v/LvvVSTPNEqQQECG
bLPuneSy2vzG8FYN69pO2NEyLiuZX1AUZsM4qDSWiE1iWu+5YxQ8f2h0nourWHt7
JT4k9YJxaUw50tAIkqi6jGO8LnhAtMxBeFM1ekA+GTXACFFAK70kdPW11C1Y6BRg
3HpDiVL71+STgaTwYV5//OyGtdLOZ4yD815ipZfYJjmzRGiJAhL7L2apLAyCTvKA
apXfhTnoMpwLXIbiiFKgOaOOkv64o0VDZGM0VQfiRp37XHdaRDbIMCd9nYw=
-----END CERTIFICATE-----