Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68f82465-3271-47de-9d93-ef187f7c125b.roa
File:                     68f82465-3271-47de-9d93-ef187f7c125b.roa (raw, json)
Hash identifier:          TRoNLCn3+Mm6aQHRGm6jYPKz8lbgjETHzvfS2Wx377c=
Subject key identifier:   79:FF:4D:05:EA:C5:67:DC:7F:D7:D8:90:1A:35:42:3E:5B:22:7A:E3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5714C0ED30ECB3894A4E17D800633E303FDF917F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68f82465-3271-47de-9d93-ef187f7c125b.roa
Signing time:             Fri 13 Jun 2025 00:22:04 +0000
ROA not before:           Fri 13 Jun 2025 00:22:04 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.21.0.0/18 maxlen: 18
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 16 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:14:c0:ed:30:ec:b3:89:4a:4e:17:d8:00:63:3e:30:3f:df:91:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 13 00:22:04 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=78cdf12b5362cdc4ad8f4009f2786c1cf0568f393ba89ee57096dd6bf81ce530, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3f:32:70:9e:52:ce:8a:19:44:77:23:ea:70:
                    9e:9c:74:4f:0a:d0:43:3c:85:28:32:aa:5a:43:45:
                    f8:d9:93:1b:a4:8e:7f:e7:41:35:cc:fa:74:44:7c:
                    60:73:97:50:a4:52:8f:2a:d6:1d:ab:52:fb:29:f5:
                    b0:d4:dc:ea:40:be:ff:ec:24:73:bf:b0:d5:2d:4d:
                    d9:84:4d:40:c8:6a:0b:66:b6:1e:2f:97:03:ab:19:
                    c6:26:34:5a:28:12:c3:40:2f:dc:26:b2:55:b0:14:
                    d7:41:02:7c:22:b2:86:91:b2:38:bb:49:d2:33:a0:
                    6d:87:a0:cb:bd:1a:19:6d:91:fe:ac:53:8f:c9:12:
                    43:f4:73:30:8e:b8:9c:17:e5:b0:83:2b:08:e9:52:
                    1c:cc:2f:d4:c9:72:16:7d:c9:8a:e6:9d:0d:1b:01:
                    30:5c:b0:97:99:64:98:de:20:0a:2a:86:ca:9d:97:
                    c3:31:9c:4a:fc:43:e5:a9:84:0a:2a:3d:b7:17:ef:
                    2c:06:14:e9:61:f2:61:6a:01:0e:1e:47:6b:da:1b:
                    6e:e6:1b:37:48:92:2f:2b:83:d1:1e:33:3a:05:d3:
                    0f:9b:87:7d:17:65:27:5d:b8:c5:c9:22:57:d1:6b:
                    62:f9:ad:88:b8:d9:f1:bd:85:aa:4f:c6:dc:1c:f5:
                    73:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:FF:4D:05:EA:C5:67:DC:7F:D7:D8:90:1A:35:42:3E:5B:22:7A:E3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68f82465-3271-47de-9d93-ef187f7c125b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.21.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         46:52:09:c0:82:e0:02:3b:a1:c5:d1:b0:ea:ba:96:13:40:d2:
         c4:68:41:53:2d:cf:0b:2a:2e:25:d5:77:9d:00:62:1d:7e:8d:
         f1:ed:8b:09:7d:1e:e8:72:f4:01:e8:ec:b7:64:97:f7:9e:cc:
         f7:51:d4:f4:23:04:73:59:e6:19:a5:5f:30:4e:02:cf:0b:b1:
         06:15:bc:0e:57:6d:34:17:13:a0:41:bf:ca:5f:2d:da:65:b6:
         95:34:4d:60:1f:23:b8:b2:a8:86:2d:5d:16:ff:07:ce:6f:bb:
         80:53:21:6d:79:49:8a:a7:5b:ed:3b:fd:ce:4b:a9:b8:f4:25:
         c0:3f:2b:e5:4a:4e:f7:b5:da:c6:ed:54:cd:f4:7b:cc:6e:65:
         95:90:59:35:d2:9f:95:80:f2:57:98:40:24:a0:e5:26:95:ed:
         16:76:44:a0:52:65:2f:65:52:a7:4c:04:2a:22:e3:a1:d6:e3:
         b4:6f:bb:e0:96:1b:31:7f:56:f6:8b:30:22:c2:f4:5f:2c:98:
         b0:d0:37:93:7b:e7:e2:83:f1:8c:d8:ad:70:a0:0d:d6:cb:e2:
         80:b6:0b:19:23:8b:62:cc:98:f0:94:57:d5:c9:9c:5b:11:1c:
         7d:fa:86:7e:fe:08:5b:ce:bf:f5:e9:9c:f2:68:4e:dc:1f:c5:
         57:e0:67:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVxTA7TDss4lKThfYAGM+MD/fkX8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjEzMDAyMjA0WhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3OGNkZjEyYjUzNjJjZGM0YWQ4ZjQwMDlmMjc4NmMxY2Yw
NTY4ZjM5M2JhODllZTU3MDk2ZGQ2YmY4MWNlNTMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvPzJwnlLOihlEdyPqcJ6cdE8K0EM8hSgyqlpDRfjZkxuk
jn/nQTXM+nREfGBzl1CkUo8q1h2rUvsp9bDU3OpAvv/sJHO/sNUtTdmETUDIagtm
th4vlwOrGcYmNFooEsNAL9wmslWwFNdBAnwisoaRsji7SdIzoG2HoMu9Ghltkf6s
U4/JEkP0czCOuJwX5bCDKwjpUhzML9TJchZ9yYrmnQ0bATBcsJeZZJjeIAoqhsqd
l8MxnEr8Q+WphAoqPbcX7ywGFOlh8mFqAQ4eR2vaG27mGzdIki8rg9EeMzoF0w+b
h30XZSdduMXJIlfRa2L5rYi42fG9hapPxtwc9XPNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUef9NBerFZ9x/19iQGjVCPlsieuMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4ZjgyNDY1LTMyNzEtNDdkZS05ZDkzLWVmMTg3ZjdjMTI1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZrFQAwDQYJKoZIhvcNAQELBQADggEBAEZSCcCC4AI7ocXRsOq6lhNA0sRo
QVMtzwsqLiXVd50AYh1+jfHtiwl9Huhy9AHo7Ldkl/eezPdR1PQjBHNZ5hmlXzBO
As8LsQYVvA5XbTQXE6BBv8pfLdpltpU0TWAfI7iyqIYtXRb/B85vu4BTIW15SYqn
W+07/c5Lqbj0JcA/K+VKTve12sbtVM30e8xuZZWQWTXSn5WA8leYQCSg5SaV7RZ2
RKBSZS9lUqdMBCoi46HW47Rvu+CWGzF/VvaLMCLC9F8smLDQN5N75+KD8YzYrXCg
DdbL4oC2Cxkji2LMmPCUV9XJnFsRHH36hn7+CFvOv/XpnPJoTtwfxVfgZ8A=
-----END CERTIFICATE-----