Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0a77f14-a38d-4604-b636-1ee34be2637a.roa
File:                     d0a77f14-a38d-4604-b636-1ee34be2637a.roa (raw, json)
Hash identifier:          6mg8mERylSu7vMOjJyoJt1V7OqbLnCjCaAHx39uGvb0=
Subject key identifier:   99:F9:80:2A:A4:02:5A:6A:6A:B5:20:17:65:DB:FC:B8:CF:E2:6C:6A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5ED5FF5B5BF816FE014195FB7D0A7F170FBD26C8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0a77f14-a38d-4604-b636-1ee34be2637a.roa
Signing time:             Tue 15 Apr 2025 00:10:11 +0000
ROA not before:           Tue 15 Apr 2025 00:10:11 +0000
ROA not after:            Tue 20 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.10.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:d5:ff:5b:5b:f8:16:fe:01:41:95:fb:7d:0a:7f:17:0f:bd:26:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 15 00:10:11 2025 GMT
            Not After : May 20 23:59:59 2025 GMT
        Subject: serialNumber=da42711d3b6ae79fa37364377b48238004ba5c90b95fc17902d2342c958a0db4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f4:13:c0:a5:9d:19:2d:34:36:8c:c2:7b:13:
                    36:3d:48:de:8b:4e:b6:5b:48:70:cc:7e:d8:47:56:
                    db:51:48:5b:bc:5d:e0:31:c3:bb:5c:8e:3a:53:be:
                    6c:e2:72:f5:b6:d3:00:38:55:62:b7:29:5c:e5:6d:
                    eb:06:6c:d9:89:7f:c9:0c:96:69:53:f9:20:db:82:
                    8b:c4:f2:1e:4c:cc:ac:43:f6:d5:68:d1:46:3d:59:
                    45:c9:90:e9:f8:ce:86:ae:0a:33:2e:87:99:a1:e6:
                    66:3d:45:45:cd:61:83:23:fe:77:f3:9e:98:7b:18:
                    a0:80:34:43:29:f0:86:4e:2c:b3:fe:00:b9:e1:12:
                    6e:b2:4d:5f:da:d6:ab:6c:cc:a5:2e:e7:61:09:4b:
                    f5:58:db:cb:04:94:c1:52:79:f1:cd:bc:ab:32:da:
                    2c:4f:5b:69:c3:78:a3:30:35:f2:fa:0b:12:c2:b3:
                    4f:60:90:04:29:71:46:c2:60:74:36:05:06:cb:86:
                    f5:cc:d5:5a:d8:5b:90:13:4a:e7:36:77:5f:be:33:
                    e4:29:05:28:c8:d3:83:49:74:aa:ec:1c:7c:5b:2a:
                    52:7e:35:97:ee:b2:9d:6a:eb:f8:fb:d5:7a:0a:58:
                    0e:45:a2:3a:8b:98:76:c2:5b:6b:46:32:09:c2:df:
                    2e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:F9:80:2A:A4:02:5A:6A:6A:B5:20:17:65:DB:FC:B8:CF:E2:6C:6A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0a77f14-a38d-4604-b636-1ee34be2637a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.10.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         06:21:41:33:dd:e9:a4:7b:7e:89:10:93:86:d8:dd:05:0e:54:
         95:46:ca:37:38:53:6d:1c:20:ed:1b:53:98:c3:6b:60:5f:e1:
         f1:01:20:4a:d8:23:1d:38:c1:0e:8a:f4:ce:2f:93:47:98:7e:
         50:4f:53:3b:36:48:97:e9:6e:23:5c:e2:de:cd:ef:e6:91:f6:
         c8:f4:4e:9a:9f:e3:a9:e5:17:d2:d4:55:95:61:28:15:0b:53:
         3d:cb:bb:f0:23:55:f8:f8:fd:96:b7:89:61:a7:4d:58:5c:a2:
         52:ba:a2:bb:a4:ac:f7:2c:98:34:75:a4:bb:fa:e9:76:73:68:
         db:c1:9c:f5:f1:61:4d:a2:b5:db:fc:74:81:05:1a:1a:57:9a:
         4a:0b:09:02:2a:f5:17:ba:38:3a:03:2f:c5:1c:66:2d:dd:93:
         a3:a2:67:e4:b9:c9:2b:6f:52:56:65:07:37:52:08:40:6c:c7:
         77:5a:e5:a8:4b:3d:f3:99:e3:92:bb:b1:7c:9c:52:ea:04:9c:
         83:8f:ad:5c:7c:ff:f7:13:c1:09:a4:d8:9b:7d:df:83:6c:a1:
         45:24:65:30:33:ee:90:6b:5e:35:8f:3d:6f:74:34:d5:ee:45:
         20:4f:0e:e9:aa:e8:78:46:ff:e6:22:10:6e:31:7b:01:fd:6c:
         fa:d6:82:78
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXtX/W1v4Fv4BQZX7fQp/Fw+9JsgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE1MDAxMDExWhcNMjUwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYTQyNzExZDNiNmFlNzlmYTM3MzY0Mzc3YjQ4MjM4MDA0
YmE1YzkwYjk1ZmMxNzkwMmQyMzQyYzk1OGEwZGI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDI9BPApZ0ZLTQ2jMJ7EzY9SN6LTrZbSHDMfthHVttRSFu8
XeAxw7tcjjpTvmzicvW20wA4VWK3KVzlbesGbNmJf8kMlmlT+SDbgovE8h5MzKxD
9tVo0UY9WUXJkOn4zoauCjMuh5mh5mY9RUXNYYMj/nfznph7GKCANEMp8IZOLLP+
ALnhEm6yTV/a1qtszKUu52EJS/VY28sElMFSefHNvKsy2ixPW2nDeKMwNfL6CxLC
s09gkAQpcUbCYHQ2BQbLhvXM1VrYW5ATSuc2d1++M+QpBSjI04NJdKrsHHxbKlJ+
NZfusp1q6/j71XoKWA5FojqLmHbCW2tGMgnC3y45AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUmfmAKqQCWmpqtSAXZdv8uM/ibGowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QwYTc3ZjE0LWEzOGQtNDYwNC1iNjM2LTFlZTM0YmUyNjM3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4CjANBgkqhkiG9w0BAQsFAAOCAQEABiFBM93ppHt+iRCThtjdBQ5UlUbK
NzhTbRwg7RtTmMNrYF/h8QEgStgjHTjBDor0zi+TR5h+UE9TOzZIl+luI1zi3s3v
5pH2yPROmp/jqeUX0tRVlWEoFQtTPcu78CNV+Pj9lreJYadNWFyiUrqiu6Ss9yyY
NHWku/rpdnNo28Gc9fFhTaK12/x0gQUaGleaSgsJAir1F7o4OgMvxRxmLd2To6Jn
5LnJK29SVmUHN1IIQGzHd1rlqEs985njkruxfJxS6gScg4+tXHz/9xPBCaTYm33f
g2yhRSRlMDPukGteNY89b3Q01e5FIE8O6aroeEb/5iIQbjF7Af1s+taCeA==
-----END CERTIFICATE-----