Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/896417db-6a40-401f-a216-b1bd144effa3.roa
File:                     896417db-6a40-401f-a216-b1bd144effa3.roa (raw, json)
Hash identifier:          kGcYr56uEEttI9G8mW07pEwcIJ9+SWmrb6c/AvqInI4=
Subject key identifier:   EC:02:5F:AD:80:A1:8A:F3:0E:14:54:BC:70:2D:AF:5A:0B:D9:70:1D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6EC63FC8DD5393E24C879DE6144E78686ADFD266
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/896417db-6a40-401f-a216-b1bd144effa3.roa
Signing time:             Tue 08 Apr 2025 00:31:26 +0000
ROA not before:           Tue 08 Apr 2025 00:31:26 +0000
ROA not after:            Tue 13 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:c6:3f:c8:dd:53:93:e2:4c:87:9d:e6:14:4e:78:68:6a:df:d2:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  8 00:31:26 2025 GMT
            Not After : May 13 23:59:59 2025 GMT
        Subject: serialNumber=d54524103ae37c79b03ab213998a5f0c889dd56e384d4b3d7c59f98336530add, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:6a:d5:6a:d4:4b:45:18:1a:4a:a4:9b:ca:f5:
                    0d:b2:dc:a5:54:e8:67:82:cc:f8:20:40:2e:d3:d1:
                    29:2a:8e:e5:51:6b:d9:4a:d7:72:af:1c:d3:1d:2b:
                    08:86:7f:ce:d5:24:6d:73:a0:37:c0:7e:88:ae:08:
                    dd:1d:da:92:9d:03:52:9a:b8:a3:7b:4d:11:b4:61:
                    4b:c4:51:7e:24:c5:39:53:f5:32:1e:b4:58:87:31:
                    fd:31:36:31:aa:3f:bf:a5:14:03:48:93:3c:3c:92:
                    b6:c9:50:c6:0a:28:d7:62:30:46:e1:40:51:c3:7f:
                    70:44:3d:65:21:91:ef:65:a1:97:cb:85:38:96:0b:
                    81:de:cf:10:10:dc:b0:9b:43:3d:b7:8f:ed:06:de:
                    0a:de:df:55:02:bb:e5:4d:b9:b5:f3:04:78:d8:ff:
                    83:e3:2a:86:e4:d9:a1:a0:81:4c:f4:ab:9b:c2:aa:
                    99:03:00:23:cd:a3:84:eb:6b:48:60:62:c5:3d:38:
                    76:4d:7c:a2:15:53:21:a6:c6:3e:7a:b4:c9:f9:8d:
                    a1:5f:38:5c:42:94:61:a4:ca:e4:52:5f:a0:1d:fe:
                    fd:83:00:0f:6b:7c:29:e1:25:b8:2b:77:51:23:fc:
                    bd:bd:04:49:f6:8e:23:2a:b3:1e:d4:0c:9a:de:21:
                    9a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:02:5F:AD:80:A1:8A:F3:0E:14:54:BC:70:2D:AF:5A:0B:D9:70:1D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/896417db-6a40-401f-a216-b1bd144effa3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:e4:71:37:1a:84:0e:ce:74:b5:d4:80:53:c5:07:74:db:61:
         ce:38:4f:a3:1f:89:46:39:72:c9:ee:dd:19:c6:68:26:c1:75:
         39:1b:ec:dc:f9:e1:e2:d2:f2:36:ec:ab:49:af:78:ab:62:b6:
         e9:fc:f6:68:b1:5c:c5:01:30:4b:4d:fa:95:85:16:65:05:31:
         08:83:d9:ae:a9:15:be:2f:5a:78:c9:70:10:d7:d6:88:2b:52:
         1e:ac:64:b7:c4:4a:88:55:2a:16:f6:b7:38:80:56:de:d3:7e:
         1b:ec:81:8d:a4:73:73:df:50:62:70:ab:2c:c0:40:df:4a:86:
         ee:d6:72:0b:34:54:1c:29:30:fb:19:5a:b4:4b:04:b6:c3:da:
         c3:b4:3c:87:1b:e4:37:b3:0e:bf:9f:68:6e:10:67:55:8e:e7:
         a5:9c:9a:32:33:01:14:f3:80:0a:34:63:7f:e6:26:fc:7a:a3:
         59:e4:c7:aa:14:83:52:04:71:08:3f:58:ee:cd:fd:50:54:10:
         ca:b4:33:b5:b3:74:f1:37:6d:d6:7b:f6:e7:a0:03:53:2b:f5:
         26:bf:40:35:1a:4a:4b:bd:f9:ce:00:73:66:33:7f:ac:0d:34:
         1d:23:cb:aa:1a:19:56:e0:03:26:bd:bd:11:d5:9d:45:bf:5e:
         d2:97:24:d1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbsY/yN1Tk+JMh53mFE54aGrf0mYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA4MDAzMTI2WhcNMjUwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNTQ1MjQxMDNhZTM3Yzc5YjAzYWIyMTM5OThhNWYwYzg4
OWRkNTZlMzg0ZDRiM2Q3YzU5Zjk4MzM2NTMwYWRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDnatVq1EtFGBpKpJvK9Q2y3KVU6GeCzPggQC7T0SkqjuVR
a9lK13KvHNMdKwiGf87VJG1zoDfAfoiuCN0d2pKdA1KauKN7TRG0YUvEUX4kxTlT
9TIetFiHMf0xNjGqP7+lFANIkzw8krbJUMYKKNdiMEbhQFHDf3BEPWUhke9loZfL
hTiWC4HezxAQ3LCbQz23j+0G3gre31UCu+VNubXzBHjY/4PjKobk2aGggUz0q5vC
qpkDACPNo4Tra0hgYsU9OHZNfKIVUyGmxj56tMn5jaFfOFxClGGkyuRSX6Ad/v2D
AA9rfCnhJbgrd1Ej/L29BEn2jiMqsx7UDJreIZq/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7AJfrYChivMOFFS8cC2vWgvZcB0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5NjQxN2RiLTZhNDAtNDAxZi1hMjE2LWIxYmQxNDRlZmZhMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/GMwDQYJKoZIhvcNAQELBQADggEBAAzkcTcahA7OdLXUgFPFB3TbYc44
T6MfiUY5csnu3RnGaCbBdTkb7Nz54eLS8jbsq0mveKtitun89mixXMUBMEtN+pWF
FmUFMQiD2a6pFb4vWnjJcBDX1ogrUh6sZLfESohVKhb2tziAVt7TfhvsgY2kc3Pf
UGJwqyzAQN9Khu7Wcgs0VBwpMPsZWrRLBLbD2sO0PIcb5DezDr+faG4QZ1WO56Wc
mjIzARTzgAo0Y3/mJvx6o1nkx6oUg1IEcQg/WO7N/VBUEMq0M7WzdPE3bdZ79ueg
A1Mr9Sa/QDUaSku9+c4Ac2Yzf6wNNB0jy6oaGVbgAya9vRHVnUW/XtKXJNE=
-----END CERTIFICATE-----