Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/436af8e8-480b-485b-a232-f1503410322c.roa
File:                     436af8e8-480b-485b-a232-f1503410322c.roa (raw, json)
Hash identifier:          v80kSkZ7KTi+PJ9uB5c2HZhnFmmjAUm6VUzJADe5o68=
Subject key identifier:   6F:B2:EF:2F:01:5B:87:27:9B:39:BA:49:74:57:72:E2:FA:DC:4A:EB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1FB298E46B9B1D8E6CDEB1E55E243FA083894546
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/436af8e8-480b-485b-a232-f1503410322c.roa
Signing time:             Fri 13 Jun 2025 00:11:04 +0000
ROA not before:           Fri 13 Jun 2025 00:11:04 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.20.128.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:b2:98:e4:6b:9b:1d:8e:6c:de:b1:e5:5e:24:3f:a0:83:89:45:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 13 00:11:04 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=cce5dcf75e7a45411eebcf3468a672ef0de51aa140b678dca5d59a760ffff04b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f1:9a:6c:32:1c:83:73:a0:10:29:c9:d8:a8:
                    ad:ac:e5:6b:33:30:f5:fb:c5:87:7e:6c:a1:22:56:
                    45:ab:c8:dc:fa:fa:17:3d:7a:61:99:93:88:bd:d7:
                    1b:6d:45:4c:63:dc:0e:c9:a3:6c:1d:19:06:20:36:
                    8d:eb:14:b9:1b:99:65:92:0e:e2:8f:3b:26:fb:cb:
                    45:12:4c:3c:4f:df:c9:3c:b5:32:1d:36:62:94:be:
                    1e:14:4c:17:a4:a7:5d:be:f0:d0:29:f5:c5:cd:f0:
                    e6:e1:de:b2:32:67:fa:2e:4d:2d:94:11:9f:5a:b4:
                    01:48:57:20:35:2d:fc:42:04:a0:dc:64:bc:00:eb:
                    23:51:6a:da:f4:3b:02:2e:f5:96:09:53:86:34:5c:
                    a2:a1:af:39:b6:de:e4:b9:1f:17:45:f9:ba:d0:7b:
                    4d:3c:39:dd:06:4f:fc:fd:e0:8e:84:7d:b1:b5:95:
                    c2:90:04:ae:d5:6a:f1:a0:73:eb:d2:56:ca:0f:67:
                    db:6a:52:7e:96:10:18:d8:84:fd:77:ae:31:fd:e1:
                    e0:fc:90:a1:d5:12:47:dd:f4:50:3e:2e:61:de:99:
                    45:bd:30:5d:d0:cf:08:27:75:d8:24:ed:6f:b7:4e:
                    7f:e7:12:67:be:da:80:3e:95:e7:5f:98:3a:48:98:
                    a6:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:B2:EF:2F:01:5B:87:27:9B:39:BA:49:74:57:72:E2:FA:DC:4A:EB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/436af8e8-480b-485b-a232-f1503410322c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.20.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:98:fa:92:63:98:10:11:cc:81:2b:e8:23:74:51:6b:6e:06:
         38:9c:a9:df:c6:40:68:7f:f3:f5:89:54:5e:cc:37:4e:c9:f7:
         a8:9f:f4:2e:96:1c:a4:d7:04:74:fb:72:d7:58:8c:ca:12:6c:
         13:24:f4:8d:0a:b3:b8:25:d6:34:27:fc:a0:70:cf:1b:8b:60:
         b2:f3:e5:5f:90:b7:fd:30:0f:de:db:c6:3a:70:4f:03:28:d8:
         f5:39:e6:3c:e9:be:c3:31:82:21:ee:ad:12:3c:4b:25:6e:87:
         89:fd:b6:44:ea:a7:f9:d2:aa:cc:16:2c:15:15:44:bc:d4:1b:
         d5:f4:62:ec:86:b6:f9:b1:ec:e6:25:e7:62:e0:39:54:03:4f:
         55:5c:6d:32:05:16:bd:66:16:74:67:53:90:03:d2:af:a2:b5:
         0b:e9:6e:ac:02:c8:b6:a8:c1:0e:85:b3:2f:57:68:ac:63:6d:
         1a:d8:cd:1d:ac:fa:8c:5e:7c:6c:7d:e3:ff:67:60:79:11:13:
         7e:49:99:0a:c5:15:33:79:4d:a7:b4:4d:7d:74:2d:9d:51:ba:
         7c:7d:8d:dd:b8:61:ce:8b:b6:20:2f:2f:75:41:29:6f:4b:f5:
         38:1b:3d:f8:ab:f9:27:3f:50:c1:64:45:57:de:77:57:5e:1d:
         b9:ad:8d:a7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH7KY5GubHY5s3rHlXiQ/oIOJRUYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjEzMDAxMTA0WhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjY2U1ZGNmNzVlN2E0NTQxMWVlYmNmMzQ2OGE2NzJlZjBk
ZTUxYWExNDBiNjc4ZGNhNWQ1OWE3NjBmZmZmMDRiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDR8ZpsMhyDc6AQKcnYqK2s5WszMPX7xYd+bKEiVkWryNz6
+hc9emGZk4i91xttRUxj3A7Jo2wdGQYgNo3rFLkbmWWSDuKPOyb7y0USTDxP38k8
tTIdNmKUvh4UTBekp12+8NAp9cXN8Obh3rIyZ/ouTS2UEZ9atAFIVyA1LfxCBKDc
ZLwA6yNRatr0OwIu9ZYJU4Y0XKKhrzm23uS5HxdF+brQe008Od0GT/z94I6EfbG1
lcKQBK7VavGgc+vSVsoPZ9tqUn6WEBjYhP13rjH94eD8kKHVEkfd9FA+LmHemUW9
MF3Qzwgnddgk7W+3Tn/nEme+2oA+ledfmDpImKY9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUb7LvLwFbhyebObpJdFdy4vrcSuswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzNmFmOGU4LTQ4MGItNDg1Yi1hMjMyLWYxNTAzNDEwMzIyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJrFIAwDQYJKoZIhvcNAQELBQADggEBAIeY+pJjmBARzIEr6CN0UWtuBjic
qd/GQGh/8/WJVF7MN07J96if9C6WHKTXBHT7ctdYjMoSbBMk9I0Ks7gl1jQn/KBw
zxuLYLLz5V+Qt/0wD97bxjpwTwMo2PU55jzpvsMxgiHurRI8SyVuh4n9tkTqp/nS
qswWLBUVRLzUG9X0YuyGtvmx7OYl52LgOVQDT1VcbTIFFr1mFnRnU5AD0q+itQvp
bqwCyLaowQ6Fsy9XaKxjbRrYzR2s+oxefGx94/9nYHkRE35JmQrFFTN5Tae0TX10
LZ1Runx9jd24Yc6LtiAvL3VBKW9L9TgbPfir+Sc/UMFkRVfed1deHbmtjac=
-----END CERTIFICATE-----