Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b05ff04-a050-4f23-a421-c71257af8dbd.roa
File:                     3b05ff04-a050-4f23-a421-c71257af8dbd.roa (raw, json)
Hash identifier:          7PhClkGIDSMp6Kq4i1RWa1GotHowcYT7KRzss8TeJGI=
Subject key identifier:   C1:93:A6:C6:D3:1C:32:74:62:7A:19:AC:8F:EA:36:BE:9A:71:7A:8F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       72DECEB97F5CA4F2FA21156ED794D4FEC64A0D87
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b05ff04-a050-4f23-a421-c71257af8dbd.roa
Signing time:             Fri 11 Apr 2025 17:36:43 +0000
ROA not before:           Fri 11 Apr 2025 17:36:43 +0000
ROA not after:            Fri 16 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.33.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:de:ce:b9:7f:5c:a4:f2:fa:21:15:6e:d7:94:d4:fe:c6:4a:0d:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 11 17:36:43 2025 GMT
            Not After : May 16 23:59:59 2025 GMT
        Subject: serialNumber=0f550eec4c4138fbf01ba02024edd874fdc933c5bb811305bfcc8249fcf46e3a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b3:87:4e:82:ac:e3:c3:6a:a0:4b:46:15:4f:
                    c9:56:81:c0:43:8c:c9:d8:78:83:76:e3:1c:35:19:
                    e4:fd:22:9e:06:6c:d3:87:be:38:6c:78:34:bd:63:
                    a1:4f:09:fc:3f:85:02:69:8a:3b:8c:90:c2:87:40:
                    87:39:34:a9:81:25:af:01:82:7a:99:0e:e8:83:76:
                    51:5c:5b:dd:6b:59:b0:6a:6e:25:1d:50:a1:54:dd:
                    6c:6f:2e:e0:05:fb:41:ff:00:39:44:fb:3a:bd:4b:
                    94:fe:0e:06:87:c0:a2:c3:5b:be:41:ea:a3:82:1d:
                    70:44:9f:c7:52:fb:d2:07:db:a0:aa:bb:ed:5e:31:
                    ad:42:9e:a5:2a:3d:9b:2c:a2:79:8b:67:65:97:2e:
                    34:f2:0b:a4:99:46:d3:cf:0d:5d:35:f5:2c:ff:82:
                    2d:6c:a9:68:64:fb:2e:b7:f7:25:43:4d:de:d8:18:
                    d0:16:30:76:31:ba:d1:e2:cf:e0:98:eb:c8:de:ed:
                    d9:c5:08:54:75:c6:c1:5c:fa:3a:26:37:7a:46:6f:
                    b2:40:c9:4a:be:2c:07:76:43:de:e9:a4:6c:fd:6d:
                    58:73:9f:35:0d:3b:80:cf:c4:98:ca:8d:ef:03:81:
                    82:e4:22:2f:dc:88:ad:ab:48:41:42:48:2a:e1:e3:
                    5f:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:93:A6:C6:D3:1C:32:74:62:7A:19:AC:8F:EA:36:BE:9A:71:7A:8F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b05ff04-a050-4f23-a421-c71257af8dbd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.33.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6d:88:7c:58:24:55:08:d6:9f:18:67:a1:1d:eb:e0:57:48:62:
         1d:30:5f:6f:ad:42:62:0a:e7:52:1c:0b:97:81:65:82:92:39:
         74:48:33:1b:85:0c:11:59:e8:72:de:a4:c6:97:45:aa:8f:a7:
         39:a2:e3:47:5d:4a:49:2a:22:a4:ea:fd:e3:87:36:dc:76:f3:
         39:04:b6:c2:8b:3e:7e:ca:b5:a7:71:e8:b7:e5:83:c9:9f:11:
         97:e1:f4:ab:92:74:85:1f:04:a2:17:f8:81:2b:80:72:8a:85:
         e6:d0:5e:3c:f4:91:d9:68:f6:d3:00:ee:92:19:83:9f:14:46:
         39:58:e2:66:f6:70:14:02:45:3e:dd:db:bb:c3:97:5d:bc:96:
         02:98:d2:24:68:8b:89:cb:14:ca:5d:75:c6:ae:21:cb:8a:6d:
         21:44:1f:ca:89:62:60:b1:6c:ce:63:cc:2b:b3:48:91:93:10:
         5f:6c:0b:ab:14:dc:0f:f8:3a:17:0a:22:aa:c7:1c:32:00:4e:
         06:27:2f:d5:25:88:05:55:0e:ec:9a:60:e4:93:31:f0:4e:27:
         45:51:0c:15:fe:21:6f:ca:34:a5:78:58:f2:f4:f7:fb:8d:0f:
         39:18:53:69:45:60:48:dd:b2:f6:23:7a:73:54:db:e3:44:35:
         22:92:11:50
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUct7OuX9cpPL6IRVu15TU/sZKDYcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDExMTczNjQzWhcNMjUwNTE2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZjU1MGVlYzRjNDEzOGZiZjAxYmEwMjAyNGVkZDg3NGZk
YzkzM2M1YmI4MTEzMDViZmNjODI0OWZjZjQ2ZTNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8s4dOgqzjw2qgS0YVT8lWgcBDjMnYeIN24xw1GeT9Ip4G
bNOHvjhseDS9Y6FPCfw/hQJpijuMkMKHQIc5NKmBJa8BgnqZDuiDdlFcW91rWbBq
biUdUKFU3WxvLuAF+0H/ADlE+zq9S5T+DgaHwKLDW75B6qOCHXBEn8dS+9IH26Cq
u+1eMa1CnqUqPZssonmLZ2WXLjTyC6SZRtPPDV019Sz/gi1sqWhk+y639yVDTd7Y
GNAWMHYxutHiz+CY68je7dnFCFR1xsFc+jomN3pGb7JAyUq+LAd2Q97ppGz9bVhz
nzUNO4DPxJjKje8DgYLkIi/ciK2rSEFCSCrh418ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwZOmxtMcMnRiehmsj+o2vppxeo8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNiMDVmZjA0LWEwNTAtNGYyMy1hNDIxLWM3MTI1N2FmOGRiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXMIWAwDQYJKoZIhvcNAQELBQADggEBAG2IfFgkVQjWnxhnoR3r4FdIYh0w
X2+tQmIK51IcC5eBZYKSOXRIMxuFDBFZ6HLepMaXRaqPpzmi40ddSkkqIqTq/eOH
Ntx28zkEtsKLPn7Ktadx6Lflg8mfEZfh9KuSdIUfBKIX+IErgHKKhebQXjz0kdlo
9tMA7pIZg58URjlY4mb2cBQCRT7d27vDl128lgKY0iRoi4nLFMpddcauIcuKbSFE
H8qJYmCxbM5jzCuzSJGTEF9sC6sU3A/4OhcKIqrHHDIATgYnL9UliAVVDuyaYOST
MfBOJ0VRDBX+IW/KNKV4WPL09/uNDzkYU2lFYEjdsvYjenNU2+NENSKSEVA=
-----END CERTIFICATE-----