Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/436af8e8-480b-485b-a232-f1503410322c.roa
File:                     436af8e8-480b-485b-a232-f1503410322c.roa (raw, json)
Hash identifier:          fPA2EYYDlUpjNuI+td3w+A3xdiL/rQyzrVT2isClKiY=
Subject key identifier:   FD:D4:64:73:F8:7E:B8:30:6D:87:64:32:DF:A2:94:AC:F7:84:6D:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4CD47645FB0C48DE301D207F4B182FDBE50834DD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/436af8e8-480b-485b-a232-f1503410322c.roa
Signing time:             Wed 23 Apr 2025 00:10:35 +0000
ROA not before:           Wed 23 Apr 2025 00:10:35 +0000
ROA not after:            Wed 28 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.20.128.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:d4:76:45:fb:0c:48:de:30:1d:20:7f:4b:18:2f:db:e5:08:34:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 23 00:10:35 2025 GMT
            Not After : May 28 23:59:59 2025 GMT
        Subject: serialNumber=809a72fa6658050622445cb95a04fcbc83ca051d34f08872727b1e3e64e4c2a6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:81:bf:05:3d:f6:dd:ce:0c:64:4d:aa:6c:29:
                    8f:d2:71:96:e3:00:30:ef:ea:07:26:ed:a1:63:53:
                    60:97:45:3f:0b:95:69:b8:12:2f:18:13:8e:68:2a:
                    c3:0e:7f:d1:9e:f2:bd:ef:a6:71:4e:9a:25:07:83:
                    5f:55:c0:03:f2:e1:e5:da:f4:8b:aa:7b:00:f6:88:
                    c5:b6:a5:8e:3d:a8:af:c8:e7:92:6c:b9:d7:91:b3:
                    55:cf:63:2e:39:06:3d:b4:b5:d4:a7:b0:8a:21:da:
                    47:d3:d4:dd:19:d0:76:88:9f:d5:75:f2:6d:ab:7d:
                    ec:d2:0c:74:cb:62:ca:4f:c5:bd:82:3b:97:de:72:
                    2b:99:1a:57:40:41:a1:71:26:39:a5:8a:8e:9b:97:
                    05:98:b8:98:22:2e:bc:f7:4f:2d:c1:48:11:af:e8:
                    a0:fc:92:14:55:b5:70:57:09:ec:f8:61:ea:aa:ef:
                    d1:12:c8:bc:a5:80:12:b8:1f:fe:94:e7:cb:c4:74:
                    2b:64:ff:89:ea:a5:c1:a5:62:fa:53:cd:e7:2e:9e:
                    65:05:16:fd:0e:4e:c9:01:02:e0:8d:8b:04:e9:b0:
                    04:32:da:36:b2:73:82:8c:be:a2:38:ab:d8:50:d6:
                    9f:11:d0:4a:b0:f2:52:0d:61:a8:c0:42:55:e8:75:
                    76:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:D4:64:73:F8:7E:B8:30:6D:87:64:32:DF:A2:94:AC:F7:84:6D:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/436af8e8-480b-485b-a232-f1503410322c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.20.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:15:cd:ac:2d:3d:22:dd:d2:e9:c1:7b:b2:c2:82:bf:b9:3f:
         51:d7:a8:8c:de:45:05:c0:6a:df:dc:d6:90:18:a4:00:3d:ab:
         a6:e0:c6:6b:dc:ed:5c:d9:a3:18:36:d6:2c:8f:3c:61:ea:67:
         5f:4a:80:24:1f:f3:2b:c5:f3:e5:77:5e:4e:ee:ad:23:78:28:
         23:c3:04:6a:38:18:d3:d3:c8:a1:f2:bf:1d:45:1e:d9:aa:68:
         a1:28:d9:bd:1f:66:9a:4c:fe:eb:aa:02:fd:60:fb:80:06:dd:
         47:38:bc:da:6f:90:5d:2b:67:1b:62:9b:e6:fe:bb:4b:54:f5:
         88:26:3c:92:f3:2d:f9:3a:0f:fe:75:f7:1f:fe:a3:fb:23:97:
         04:5a:86:38:09:e2:99:7c:00:4f:b2:bc:9c:76:30:5d:87:9b:
         e6:97:06:c6:85:47:3f:71:35:80:56:8f:45:46:90:92:68:78:
         6b:cb:f5:7d:3a:eb:4a:e4:fe:1c:3e:1e:3e:c2:08:51:5b:b0:
         ae:94:1c:d7:0d:0a:6a:68:aa:65:24:ac:89:1c:67:05:da:fb:
         21:a7:7b:59:35:f9:aa:ed:df:72:32:4e:15:32:cf:a0:2a:f9:
         95:09:b0:2b:9c:83:ee:e4:50:bc:e5:0b:17:28:ec:bf:93:e3:
         e0:c3:63:ad
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTNR2RfsMSN4wHSB/Sxgv2+UINN0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIzMDAxMDM1WhcNMjUwNTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDlhNzJmYTY2NTgwNTA2MjI0NDVjYjk1YTA0ZmNiYzgz
Y2EwNTFkMzRmMDg4NzI3MjdiMWUzZTY0ZTRjMmE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSgb8FPfbdzgxkTapsKY/ScZbjADDv6gcm7aFjU2CXRT8L
lWm4Ei8YE45oKsMOf9Ge8r3vpnFOmiUHg19VwAPy4eXa9IuqewD2iMW2pY49qK/I
55JsudeRs1XPYy45Bj20tdSnsIoh2kfT1N0Z0HaIn9V18m2rfezSDHTLYspPxb2C
O5feciuZGldAQaFxJjmlio6blwWYuJgiLrz3Ty3BSBGv6KD8khRVtXBXCez4Yeqq
79ESyLylgBK4H/6U58vEdCtk/4nqpcGlYvpTzecunmUFFv0OTskBAuCNiwTpsAQy
2jayc4KMvqI4q9hQ1p8R0Eqw8lINYajAQlXodXbXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/dRkc/h+uDBth2Qy36KUrPeEbeYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzNmFmOGU4LTQ4MGItNDg1Yi1hMjMyLWYxNTAzNDEwMzIyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJrFIAwDQYJKoZIhvcNAQELBQADggEBAJ4VzawtPSLd0unBe7LCgr+5P1HX
qIzeRQXAat/c1pAYpAA9q6bgxmvc7VzZoxg21iyPPGHqZ19KgCQf8yvF8+V3Xk7u
rSN4KCPDBGo4GNPTyKHyvx1FHtmqaKEo2b0fZppM/uuqAv1g+4AG3Uc4vNpvkF0r
Zxtim+b+u0tU9YgmPJLzLfk6D/519x/+o/sjlwRahjgJ4pl8AE+yvJx2MF2Hm+aX
BsaFRz9xNYBWj0VGkJJoeGvL9X0660rk/hw+Hj7CCFFbsK6UHNcNCmpoqmUkrIkc
ZwXa+yGne1k1+art33IyThUyz6Aq+ZUJsCucg+7kULzlCxco7L+T4+DDY60=
-----END CERTIFICATE-----