Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/854b0ccc-21b0-4120-9690-48e4d8492039.roa
File:                     854b0ccc-21b0-4120-9690-48e4d8492039.roa (raw, json)
Hash identifier:          MMYCHAbAfEYM6wrfJ4GUwJdDenLPq+sS8ELIaBVqrt0=
Subject key identifier:   E4:02:0F:62:60:00:8B:48:82:04:29:DE:9F:5C:E2:5A:CA:0B:BE:21
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6386CA04750A9179E4599D56B448E2D1FCAB7CB1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/854b0ccc-21b0-4120-9690-48e4d8492039.roa
Signing time:             Mon 21 Apr 2025 17:11:51 +0000
ROA not before:           Mon 21 Apr 2025 17:11:51 +0000
ROA not after:            Mon 26 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        164.152.228.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:86:ca:04:75:0a:91:79:e4:59:9d:56:b4:48:e2:d1:fc:ab:7c:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 21 17:11:51 2025 GMT
            Not After : May 26 23:59:59 2025 GMT
        Subject: serialNumber=5c838267f4a037393f6cff378bf98d2354d29edafa959fa814aef826306b7597, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:66:95:5b:3a:96:12:de:55:f7:24:90:b0:15:
                    98:f7:cb:59:28:7e:c0:37:b7:9a:4c:95:aa:83:2f:
                    da:4f:90:2f:5e:bb:a6:2b:35:ee:45:eb:b4:04:d3:
                    c8:a1:09:b5:c0:85:49:69:79:95:46:f3:db:ca:f8:
                    91:c9:df:8e:4d:04:b4:4c:7a:93:c3:ba:d3:31:77:
                    ff:cf:87:0c:bb:52:e9:7e:12:e5:a3:0c:f2:ab:c4:
                    1b:9b:c6:6a:ac:e6:ef:96:19:26:1a:7e:31:51:23:
                    7e:dc:fc:b0:fc:7f:41:32:16:46:7e:39:6b:52:ef:
                    02:e0:5c:b1:d0:a3:57:c6:45:28:f2:c2:9a:0c:6e:
                    80:f0:ce:76:52:22:b4:ba:f0:e8:f3:41:39:53:90:
                    9f:0e:5f:37:ae:04:37:55:3b:bf:31:18:0b:bb:96:
                    c7:20:67:ed:8a:ed:ab:49:55:9e:0a:66:94:5a:ad:
                    a9:d8:52:68:a7:40:a8:c1:30:69:29:29:c5:e4:b3:
                    89:0e:20:c3:0a:b2:88:4f:93:03:67:13:20:9f:73:
                    b5:cf:36:c5:1f:9b:5d:14:20:91:ab:36:f3:f9:70:
                    09:eb:61:4b:4f:2d:e2:ce:e8:94:ec:41:81:8a:a0:
                    64:26:78:4b:8e:e1:ea:f5:11:a5:14:c3:74:03:49:
                    5a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:02:0F:62:60:00:8B:48:82:04:29:DE:9F:5C:E2:5A:CA:0B:BE:21
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/854b0ccc-21b0-4120-9690-48e4d8492039.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.152.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:aa:ba:c1:65:d6:f7:ca:7d:9e:71:b5:59:86:2a:30:48:29:
         42:89:8d:53:56:2c:b5:88:f8:d5:9b:9c:14:55:51:df:91:27:
         90:b9:60:e2:0e:1e:a5:17:c7:a3:5c:aa:69:80:69:e8:78:ae:
         20:76:fe:7e:85:02:a9:c0:f2:60:5f:9d:b5:72:c7:03:27:2a:
         fb:d4:a2:6a:6a:c4:b5:f8:e9:4f:05:3c:36:b7:a6:95:46:12:
         29:61:b7:d5:8b:e8:1d:2f:64:cf:8a:b6:ef:29:4d:5a:63:56:
         ba:17:c5:a2:56:47:64:30:e8:e0:c5:c6:f9:52:a5:7f:62:5e:
         c7:f0:ca:fb:54:7f:f4:42:95:5e:cf:44:54:cb:95:c8:06:c4:
         46:b6:17:aa:43:f2:63:49:70:0f:03:7a:ff:52:fc:97:c3:0f:
         d0:3a:49:56:c5:20:5b:f6:c1:4e:3b:29:6d:cd:d6:60:c6:49:
         be:00:68:3c:38:c6:f4:54:89:36:52:7b:66:ce:af:f4:ed:be:
         21:55:37:22:b0:b2:8b:26:63:53:d3:ff:07:c2:f6:24:2d:c2:
         dd:fa:b8:7e:d0:34:9a:a4:3c:c2:6a:99:3b:4a:a2:7f:0e:d7:
         f7:1e:c7:ca:41:42:f7:cd:6a:01:51:f1:05:70:79:76:67:51:
         85:88:ec:74
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY4bKBHUKkXnkWZ1WtEji0fyrfLEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIxMTcxMTUxWhcNMjUwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YzgzODI2N2Y0YTAzNzM5M2Y2Y2ZmMzc4YmY5OGQyMzU0
ZDI5ZWRhZmE5NTlmYTgxNGFlZjgyNjMwNmI3NTk3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJZpVbOpYS3lX3JJCwFZj3y1kofsA3t5pMlaqDL9pPkC9e
u6YrNe5F67QE08ihCbXAhUlpeZVG89vK+JHJ345NBLRMepPDutMxd//Phwy7Uul+
EuWjDPKrxBubxmqs5u+WGSYafjFRI37c/LD8f0EyFkZ+OWtS7wLgXLHQo1fGRSjy
wpoMboDwznZSIrS68OjzQTlTkJ8OXzeuBDdVO78xGAu7lscgZ+2K7atJVZ4KZpRa
ranYUminQKjBMGkpKcXks4kOIMMKsohPkwNnEyCfc7XPNsUfm10UIJGrNvP5cAnr
YUtPLeLO6JTsQYGKoGQmeEuO4er1EaUUw3QDSVphAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5AIPYmAAi0iCBCnen1ziWsoLviEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg1NGIwY2NjLTIxYjAtNDEyMC05NjkwLTQ4ZTRkODQ5MjAzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKkmOQwDQYJKoZIhvcNAQELBQADggEBAJaqusFl1vfKfZ5xtVmGKjBIKUKJ
jVNWLLWI+NWbnBRVUd+RJ5C5YOIOHqUXx6NcqmmAaeh4riB2/n6FAqnA8mBfnbVy
xwMnKvvUompqxLX46U8FPDa3ppVGEilht9WL6B0vZM+Ktu8pTVpjVroXxaJWR2Qw
6ODFxvlSpX9iXsfwyvtUf/RClV7PRFTLlcgGxEa2F6pD8mNJcA8Dev9S/JfDD9A6
SVbFIFv2wU47KW3N1mDGSb4AaDw4xvRUiTZSe2bOr/TtviFVNyKwsosmY1PT/wfC
9iQtwt36uH7QNJqkPMJqmTtKon8O1/cex8pBQvfNagFR8QVweXZnUYWI7HQ=
-----END CERTIFICATE-----