Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/659599fd-5231-4a14-b642-c43b71289efa.roa
File:                     659599fd-5231-4a14-b642-c43b71289efa.roa (raw, json)
Hash identifier:          03eNLcZRTclzpncZi8WirJ6LMY/fQpSzYIzALzZRyYE=
Subject key identifier:   86:30:4D:64:4E:BB:DB:5A:39:39:16:9C:EA:2B:2F:23:DF:C7:A6:26
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       754D49417BD83BD58F38EA953B269BE950CEF023
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/659599fd-5231-4a14-b642-c43b71289efa.roa
Signing time:             Wed 23 Apr 2025 00:10:32 +0000
ROA not before:           Wed 23 Apr 2025 00:10:32 +0000
ROA not after:            Wed 28 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        107.22.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:4d:49:41:7b:d8:3b:d5:8f:38:ea:95:3b:26:9b:e9:50:ce:f0:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 23 00:10:32 2025 GMT
            Not After : May 28 23:59:59 2025 GMT
        Subject: serialNumber=959d92b9ecf209e77528a640d56cd274eb8b640f3397ce840a17b4fa81f66c7b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ed:f2:fb:ce:9b:44:1d:32:8a:9d:84:c6:9d:
                    bd:95:9b:40:c0:44:40:65:9f:75:75:c2:81:23:cc:
                    fe:84:6b:95:91:b0:d2:df:e5:7c:84:9c:ae:3e:d6:
                    a7:8b:5e:f9:4e:06:a3:87:a0:d5:6b:09:8f:66:3a:
                    e3:b8:ae:b5:f4:96:c2:40:67:b1:cd:6a:a0:59:28:
                    19:d7:f4:b8:32:b5:93:72:d3:4f:b3:3f:cb:41:34:
                    35:82:fd:8d:9f:e6:ae:b0:4a:40:20:3f:52:a6:e0:
                    d5:4d:22:8c:94:c9:53:36:be:27:cc:79:e3:4d:ed:
                    e5:ef:84:45:da:02:46:9c:72:ea:aa:5a:61:10:2f:
                    48:88:a1:47:93:c5:cd:64:09:93:cd:ec:c1:8c:46:
                    da:fd:38:94:ab:19:65:57:b9:13:10:d5:c3:7d:10:
                    d2:20:22:1c:55:70:7f:b7:90:86:d6:51:a1:95:d3:
                    df:81:ea:ea:29:c0:5e:e1:33:02:bd:e6:2e:d8:ac:
                    8c:45:46:b4:7f:5a:85:01:78:3c:ec:d6:12:ae:7a:
                    d1:7d:e8:71:7a:0c:76:d9:12:13:6d:41:ad:5c:9e:
                    01:bb:f3:9d:19:d4:04:28:c8:e7:e2:85:0c:59:75:
                    6b:53:9f:12:44:77:2b:b7:db:29:d5:80:1b:c5:c7:
                    6a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:30:4D:64:4E:BB:DB:5A:39:39:16:9C:EA:2B:2F:23:DF:C7:A6:26
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/659599fd-5231-4a14-b642-c43b71289efa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.22.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:d9:91:47:3f:d3:17:59:53:27:59:79:aa:04:da:dc:c9:b4:
         78:db:24:4c:35:b2:1a:21:b2:28:ed:c5:44:07:4b:5c:44:c1:
         c7:bc:34:a0:86:11:17:7d:5b:0d:cb:5f:aa:3f:88:18:2c:aa:
         ed:60:d5:2b:72:4d:e7:ec:32:c4:b2:bc:51:76:ad:80:3b:22:
         b5:8d:fb:59:34:6c:35:ba:ff:b9:b2:38:1a:4e:51:79:70:18:
         71:f8:82:ea:8e:60:f5:4a:e9:64:ad:91:a4:6f:d3:b4:d1:8f:
         f5:e4:b0:3a:a2:9e:24:88:3b:75:e1:1f:0b:74:bf:13:59:f7:
         0a:ce:57:fb:b9:3b:b0:fc:46:93:0f:48:d1:47:4f:2f:f7:40:
         c2:58:fc:26:e3:03:5f:0f:d6:c0:0c:67:22:a9:ef:6a:29:1d:
         fa:5b:f8:cb:d9:26:80:cd:60:3f:8f:51:29:9a:05:ea:56:5d:
         67:18:f6:d5:b1:36:b5:1e:99:ac:74:9f:d1:69:a3:7e:d7:a5:
         b1:5c:f2:a0:d1:b9:ed:16:f6:38:cf:c6:88:94:c8:42:a5:92:
         e5:68:19:a2:ae:8d:bb:79:14:ba:26:8b:49:af:23:29:2b:1b:
         27:24:93:a7:02:97:b0:33:21:f4:4d:c9:88:f2:e6:09:79:32:
         e0:40:79:65
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdU1JQXvYO9WPOOqVOyab6VDO8CMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIzMDAxMDMyWhcNMjUwNTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NTlkOTJiOWVjZjIwOWU3NzUyOGE2NDBkNTZjZDI3NGVi
OGI2NDBmMzM5N2NlODQwYTE3YjRmYTgxZjY2YzdiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCt7fL7zptEHTKKnYTGnb2Vm0DAREBln3V1woEjzP6Ea5WR
sNLf5XyEnK4+1qeLXvlOBqOHoNVrCY9mOuO4rrX0lsJAZ7HNaqBZKBnX9LgytZNy
00+zP8tBNDWC/Y2f5q6wSkAgP1Km4NVNIoyUyVM2vifMeeNN7eXvhEXaAkaccuqq
WmEQL0iIoUeTxc1kCZPN7MGMRtr9OJSrGWVXuRMQ1cN9ENIgIhxVcH+3kIbWUaGV
09+B6uopwF7hMwK95i7YrIxFRrR/WoUBeDzs1hKuetF96HF6DHbZEhNtQa1cngG7
850Z1AQoyOfihQxZdWtTnxJEdyu32ynVgBvFx2ojAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhjBNZE6721o5ORac6isvI9/HpiYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1OTU5OWZkLTUyMzEtNGExNC1iNjQyLWM0M2I3MTI4OWVmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJrFpgwDQYJKoZIhvcNAQELBQADggEBADnZkUc/0xdZUydZeaoE2tzJtHjb
JEw1shohsijtxUQHS1xEwce8NKCGERd9Ww3LX6o/iBgsqu1g1StyTefsMsSyvFF2
rYA7IrWN+1k0bDW6/7myOBpOUXlwGHH4guqOYPVK6WStkaRv07TRj/XksDqiniSI
O3XhHwt0vxNZ9wrOV/u5O7D8RpMPSNFHTy/3QMJY/CbjA18P1sAMZyKp72opHfpb
+MvZJoDNYD+PUSmaBepWXWcY9tWxNrUemax0n9Fpo37XpbFc8qDRue0W9jjPxoiU
yEKlkuVoGaKujbt5FLomi0mvIykrGyckk6cCl7AzIfRNyYjy5gl5MuBAeWU=
-----END CERTIFICATE-----