Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/70eb0b36-5a6b-4553-808b-0006fc6be8e0.roa
File:                     70eb0b36-5a6b-4553-808b-0006fc6be8e0.roa (raw, json)
Hash identifier:          gNlR0yrPRlTk14rHNP2JnL8TyHorhcn20xXEEkk3Gng=
Subject key identifier:   65:A0:12:C9:D1:9B:F4:E7:3F:35:1C:DE:F6:E8:85:C1:DF:E7:48:78
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0A1F19F2F917636EC0691B11CF38ECA88655B00A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/70eb0b36-5a6b-4553-808b-0006fc6be8e0.roa
Signing time:             Sat 14 Jun 2025 00:30:22 +0000
ROA not before:           Sat 14 Jun 2025 00:30:22 +0000
ROA not after:            Sat 19 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.21.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:1f:19:f2:f9:17:63:6e:c0:69:1b:11:cf:38:ec:a8:86:55:b0:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 14 00:30:22 2025 GMT
            Not After : Jul 19 23:59:59 2025 GMT
        Subject: serialNumber=b6849571d7c7db4d33bae15e4d08b9caa8c89e39293399cdad9930121bc25f0e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:c6:01:51:00:45:9e:20:6b:79:b5:7b:1d:2f:
                    f1:d9:f4:e0:24:61:8b:73:de:d7:19:d1:26:93:b6:
                    1a:5d:24:1d:0c:bd:11:cf:f3:72:48:f1:8a:e2:38:
                    93:c2:b7:8b:78:75:64:1d:d9:f1:cc:9a:d6:44:b1:
                    58:9a:d0:2a:f4:7d:a5:0b:82:38:e9:d4:a0:86:00:
                    2c:0d:0e:ab:d0:87:77:07:a3:55:70:ec:76:e8:40:
                    6f:e9:1b:99:1b:19:0b:a1:9c:fc:44:bc:cb:e2:6b:
                    21:ce:5b:c9:5d:76:02:0c:29:47:1f:8f:1e:b3:d1:
                    11:97:cc:5a:1f:94:ef:fe:dd:32:7a:ad:73:f4:5f:
                    3a:f7:3d:8e:ec:85:7f:32:be:ff:f3:ae:01:8c:a4:
                    bf:e3:f2:da:be:44:3f:ec:a9:76:61:5a:40:ee:74:
                    e2:d6:a7:05:9e:44:5a:b7:74:ca:13:5e:49:40:ac:
                    dc:fd:7c:9b:26:65:ca:5b:12:be:0f:71:41:07:19:
                    60:15:92:44:18:03:93:b3:91:0c:d2:02:e7:42:d9:
                    0b:8a:e4:d1:90:e1:f5:3d:78:04:9e:9c:f9:a5:31:
                    dd:2b:02:fd:34:71:39:6a:8b:09:af:50:b9:4a:92:
                    8b:96:f4:d9:08:cb:d8:25:b7:d5:48:4f:b7:0a:58:
                    aa:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:A0:12:C9:D1:9B:F4:E7:3F:35:1C:DE:F6:E8:85:C1:DF:E7:48:78
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/70eb0b36-5a6b-4553-808b-0006fc6be8e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.21.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         c1:08:85:3a:8c:1f:4c:73:47:a6:2d:36:36:69:9c:2d:ab:d9:
         52:bf:52:65:e3:25:df:44:71:33:3a:49:50:65:53:78:3c:5d:
         bf:56:18:68:89:ed:0d:b7:c6:6f:5e:51:c6:77:6f:3a:51:c6:
         db:2d:84:c3:dc:c8:bf:51:a0:56:f9:3f:9a:4c:47:f6:23:00:
         e3:21:5b:2b:9d:0e:c3:f0:c8:b4:74:63:77:0c:59:8b:84:14:
         91:ab:6e:ec:06:90:5a:a5:02:4b:d9:95:8a:85:5d:48:3e:89:
         90:d4:4f:bd:08:e1:ee:83:a7:fd:81:a3:7d:3e:ea:50:43:9b:
         16:8d:ce:57:cf:da:6a:5a:0e:01:fc:25:58:82:2c:61:a3:61:
         4e:86:f7:50:03:bc:aa:29:17:d7:05:e5:eb:87:4b:81:ef:9a:
         88:32:84:5b:65:ca:6e:b7:a4:42:b7:ac:08:8f:99:2c:00:0a:
         19:a1:f7:35:86:c3:f3:16:d4:18:60:99:31:f6:e1:69:8a:62:
         ea:71:31:3d:49:39:ef:cc:8f:f1:24:90:de:07:e7:0c:f8:5d:
         73:33:85:f5:aa:c7:d1:29:d4:80:d2:f9:13:34:36:37:b3:ab:
         31:14:a1:0e:69:b4:95:3e:80:44:3c:bb:06:b8:cf:8f:73:0c:
         85:db:cc:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCh8Z8vkXY27AaRsRzzjsqIZVsAowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE0MDAzMDIyWhcNMjUwNzE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNjg0OTU3MWQ3YzdkYjRkMzNiYWUxNWU0ZDA4YjljYWE4
Yzg5ZTM5MjkzMzk5Y2RhZDk5MzAxMjFiYzI1ZjBlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDxgFRAEWeIGt5tXsdL/HZ9OAkYYtz3tcZ0SaTthpdJB0M
vRHP83JI8YriOJPCt4t4dWQd2fHMmtZEsVia0Cr0faULgjjp1KCGACwNDqvQh3cH
o1Vw7HboQG/pG5kbGQuhnPxEvMviayHOW8lddgIMKUcfjx6z0RGXzFoflO/+3TJ6
rXP0Xzr3PY7shX8yvv/zrgGMpL/j8tq+RD/sqXZhWkDudOLWpwWeRFq3dMoTXklA
rNz9fJsmZcpbEr4PcUEHGWAVkkQYA5OzkQzSAudC2QuK5NGQ4fU9eASenPmlMd0r
Av00cTlqiwmvULlKkouW9NkIy9glt9VIT7cKWKqjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZaASydGb9Oc/NRze9uiFwd/nSHgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcwZWIwYjM2LTVhNmItNDU1My04MDhiLTAwMDZmYzZiZThlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcXFYAwDQYJKoZIhvcNAQELBQADggEBAMEIhTqMH0xzR6YtNjZpnC2r2VK/
UmXjJd9EcTM6SVBlU3g8Xb9WGGiJ7Q23xm9eUcZ3bzpRxtsthMPcyL9RoFb5P5pM
R/YjAOMhWyudDsPwyLR0Y3cMWYuEFJGrbuwGkFqlAkvZlYqFXUg+iZDUT70I4e6D
p/2Bo30+6lBDmxaNzlfP2mpaDgH8JViCLGGjYU6G91ADvKopF9cF5euHS4Hvmogy
hFtlym63pEK3rAiPmSwAChmh9zWGw/MW1BhgmTH24WmKYupxMT1JOe/Mj/EkkN4H
5wz4XXMzhfWqx9Ep1IDS+RM0NjezqzEUoQ5ptJU+gEQ8uwa4z49zDIXbzHk=
-----END CERTIFICATE-----