Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3d45680f-6785-471f-931a-167f976fcaa3.roa
File:                     3d45680f-6785-471f-931a-167f976fcaa3.roa (raw, json)
Hash identifier:          Q+1k1Z+M27ED1kBQsTsUnX6h+OkVtRAy9I6tko3fY28=
Subject key identifier:   09:D6:68:09:CE:B3:46:3F:BC:9C:F3:15:1E:1F:15:22:E0:D0:BC:72
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       129A3C69FA030A068EC477C4B1D3AB5151076658
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3d45680f-6785-471f-931a-167f976fcaa3.roa
Signing time:             Sat 26 Apr 2025 00:01:03 +0000
ROA not before:           Sat 26 Apr 2025 00:01:03 +0000
ROA not after:            Sat 31 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        129.220.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:9a:3c:69:fa:03:0a:06:8e:c4:77:c4:b1:d3:ab:51:51:07:66:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 26 00:01:03 2025 GMT
            Not After : May 31 23:59:59 2025 GMT
        Subject: serialNumber=b5066dfbcdf9a6f12eb505ad47857ba10375697b05c7356ae63518c2d7d2d74d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:91:31:ba:83:55:a4:3d:59:40:d2:95:52:c1:
                    1e:21:c2:6a:4e:a1:09:f8:5b:74:72:75:f8:2b:b5:
                    04:25:6b:7f:cc:b7:9b:a9:f5:19:9e:73:88:9b:2d:
                    23:97:e7:89:6b:39:f6:38:c1:7c:70:4a:e2:8f:67:
                    35:bf:13:67:b8:03:c9:66:54:14:6b:74:d4:86:d5:
                    b8:12:81:55:2f:bf:bd:fa:f4:60:75:d9:7b:69:4a:
                    87:3f:2d:cc:07:83:de:01:38:25:af:84:fc:8c:76:
                    de:99:a3:af:e1:19:98:52:83:c5:bd:b9:3a:b2:71:
                    fe:3c:fc:d9:c3:7d:5c:9d:98:58:24:90:ea:04:13:
                    5e:c9:d8:90:41:e1:7b:f1:8c:54:97:1b:d7:eb:ff:
                    fe:80:de:8b:dc:cb:c7:6b:0a:2e:25:a6:00:58:27:
                    fa:67:29:02:59:c2:82:6e:99:cd:df:7b:4b:ca:ba:
                    b6:7a:88:a7:25:e9:19:6d:0c:f5:35:8f:6f:79:99:
                    ec:c8:2d:e2:6f:e9:89:4a:57:4b:da:3c:a3:5b:cd:
                    46:39:6e:21:ad:03:93:b6:2d:c7:f6:63:56:ed:6e:
                    fb:94:3d:e5:9e:93:b0:22:c2:79:90:d7:cb:22:ae:
                    e8:f5:59:12:bf:99:b8:6c:42:2f:06:2d:da:e3:a0:
                    6f:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D6:68:09:CE:B3:46:3F:BC:9C:F3:15:1E:1F:15:22:E0:D0:BC:72
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3d45680f-6785-471f-931a-167f976fcaa3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.220.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6a:c2:2a:61:c5:a7:9d:31:8d:d5:d1:49:d8:22:39:a7:a2:8e:
         41:06:43:d0:67:db:e8:3e:c7:97:f3:ca:89:83:20:c3:b4:cc:
         73:e4:c4:9c:9e:59:cc:0b:b9:41:48:53:77:46:c5:32:ce:00:
         44:e0:9d:09:a3:ea:f7:ed:12:e9:26:e5:dd:99:5c:75:7c:39:
         cd:57:2b:90:56:24:8e:e4:69:8f:bc:eb:b2:57:1b:02:7e:5e:
         cf:27:af:7c:82:d4:37:09:b2:d2:51:10:2a:be:36:10:1e:01:
         d4:78:c2:88:57:56:62:a0:54:c5:ea:b8:79:68:e0:f7:a9:25:
         c0:37:24:b2:a1:f5:73:b9:d2:4a:77:ff:24:30:1e:79:59:a2:
         a0:b3:c7:75:53:a4:6e:13:a7:24:b3:11:3d:99:e9:d1:21:cb:
         84:7b:28:15:9a:58:9b:53:80:ff:8e:29:6d:47:83:0a:05:7e:
         dd:b7:9d:c7:e4:3f:ef:7e:63:93:35:fc:29:1e:6e:63:64:e4:
         de:9e:c3:df:aa:a9:90:34:7e:cc:1e:fd:d3:dd:ea:42:33:dd:
         a7:38:5e:66:35:b4:e3:62:3f:e9:9f:a4:68:aa:61:b3:74:6c:
         29:f9:bd:5f:f9:b0:0e:fe:2d:d2:04:6f:b4:40:70:c5:18:b2:
         7d:35:e8:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEpo8afoDCgaOxHfEsdOrUVEHZlgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI2MDAwMTAzWhcNMjUwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNTA2NmRmYmNkZjlhNmYxMmViNTA1YWQ0Nzg1N2JhMTAz
NzU2OTdiMDVjNzM1NmFlNjM1MThjMmQ3ZDJkNzRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwkTG6g1WkPVlA0pVSwR4hwmpOoQn4W3RydfgrtQQla3/M
t5up9Rmec4ibLSOX54lrOfY4wXxwSuKPZzW/E2e4A8lmVBRrdNSG1bgSgVUvv736
9GB12XtpSoc/LcwHg94BOCWvhPyMdt6Zo6/hGZhSg8W9uTqycf48/NnDfVydmFgk
kOoEE17J2JBB4XvxjFSXG9fr//6A3ovcy8drCi4lpgBYJ/pnKQJZwoJumc3fe0vK
urZ6iKcl6RltDPU1j295mezILeJv6YlKV0vaPKNbzUY5biGtA5O2Lcf2Y1btbvuU
PeWek7AiwnmQ18siruj1WRK/mbhsQi8GLdrjoG/JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCdZoCc6zRj+8nPMVHh8VIuDQvHIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNkNDU2ODBmLTY3ODUtNDcxZi05MzFhLTE2N2Y5NzZmY2FhMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWB3GAwDQYJKoZIhvcNAQELBQADggEBAGrCKmHFp50xjdXRSdgiOaeijkEG
Q9Bn2+g+x5fzyomDIMO0zHPkxJyeWcwLuUFIU3dGxTLOAETgnQmj6vftEukm5d2Z
XHV8Oc1XK5BWJI7kaY+867JXGwJ+Xs8nr3yC1DcJstJRECq+NhAeAdR4wohXVmKg
VMXquHlo4PepJcA3JLKh9XO50kp3/yQwHnlZoqCzx3VTpG4TpySzET2Z6dEhy4R7
KBWaWJtTgP+OKW1HgwoFft23ncfkP+9+Y5M1/CkebmNk5N6ew9+qqZA0fswe/dPd
6kIz3ac4XmY1tONiP+mfpGiqYbN0bCn5vV/5sA7+LdIEb7RAcMUYsn016MQ=
-----END CERTIFICATE-----