Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec792006-3ad4-432c-bc6d-ecaf9f2f840b.roa
File:                     ec792006-3ad4-432c-bc6d-ecaf9f2f840b.roa (raw, json)
Hash identifier:          KrMxIPT6jvuWU4fSJNQMbMw9oSLSmaYsyQaWkI8ZkDE=
Subject key identifier:   40:00:69:07:C7:D0:7E:5C:26:53:68:9D:D3:19:34:07:48:A4:D5:95
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68F9CB5A4F56DE13F8432638DBD3E462E91DE1A1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec792006-3ad4-432c-bc6d-ecaf9f2f840b.roa
Signing time:             Wed 23 Apr 2025 00:20:11 +0000
ROA not before:           Wed 23 Apr 2025 00:20:11 +0000
ROA not after:            Wed 28 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.21.224.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:f9:cb:5a:4f:56:de:13:f8:43:26:38:db:d3:e4:62:e9:1d:e1:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 23 00:20:11 2025 GMT
            Not After : May 28 23:59:59 2025 GMT
        Subject: serialNumber=260c541c21c7c815fba94700dbabe10c87ea6999779e0e5303f2cf4d5753b93f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:a6:25:05:54:cf:8a:e7:9d:e7:cb:8d:57:b1:
                    a8:9e:2a:ab:57:e6:ed:f8:95:1f:5b:96:ed:5b:14:
                    0e:1d:2a:ac:ca:2f:57:4b:32:15:4b:fd:e1:3c:78:
                    5e:d2:67:3c:91:72:21:a6:25:03:53:a0:86:de:b9:
                    a4:6b:4d:36:5c:58:7b:8f:32:75:af:d3:b9:cc:ba:
                    48:40:d4:f3:35:2f:3b:b0:84:01:1b:b0:7e:a2:fc:
                    85:f6:a0:86:e6:a7:15:dd:d2:7e:f3:4b:03:b4:15:
                    cc:01:e9:27:22:00:0a:b5:c0:87:92:b7:50:cd:87:
                    ec:dc:35:55:85:f4:75:ea:20:1e:7b:55:72:5b:ab:
                    94:0b:f2:04:b4:b9:8f:3b:7a:16:77:02:f3:c3:2a:
                    68:f5:ea:67:37:aa:ba:5b:73:8a:9f:75:3b:fe:0e:
                    db:21:80:2d:45:e8:fd:ac:e5:0a:3f:cb:c8:0b:83:
                    d6:8c:92:3f:c1:04:67:1d:0f:76:52:8d:8e:8c:9f:
                    f5:68:50:46:8a:3e:cb:62:ea:ce:bc:06:74:80:70:
                    b4:38:4e:ea:ac:d5:cd:79:54:ad:d7:76:6a:cc:f3:
                    2a:7d:bd:b8:38:e7:0a:9c:a6:0b:d9:fb:5f:6d:b4:
                    62:fa:67:90:c2:a9:1a:21:c9:2a:a0:8a:aa:9d:7e:
                    06:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:00:69:07:C7:D0:7E:5C:26:53:68:9D:D3:19:34:07:48:A4:D5:95
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec792006-3ad4-432c-bc6d-ecaf9f2f840b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.21.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         5c:61:2c:f7:46:ee:0f:b9:92:65:f2:aa:32:d6:97:83:e1:ac:
         03:56:66:f2:89:ec:04:af:cb:96:8d:47:13:3c:fa:b6:ee:26:
         c8:c1:18:45:3d:5c:57:84:da:b2:c2:a0:31:e5:fa:40:49:c9:
         06:ff:ef:7b:f3:68:db:b9:fe:81:31:5b:68:62:7b:b7:a9:cd:
         44:57:50:9f:9c:c4:2e:ae:72:46:0d:2b:6d:17:fb:bc:96:7f:
         78:e9:8b:f9:24:68:6b:b6:92:73:db:83:3f:e2:47:45:2e:25:
         b0:13:e1:97:51:c0:29:f4:37:00:32:b7:0b:f7:d0:c1:ef:4e:
         a7:cd:19:23:b7:62:4c:56:df:e4:ff:d9:a1:eb:25:4b:45:61:
         42:91:68:d4:d1:29:eb:9a:85:a0:b6:0d:d2:c3:62:b5:c3:26:
         af:17:63:97:5a:dc:33:bd:38:a0:01:2a:3a:1f:69:bc:35:e2:
         3f:f8:f0:74:6a:9f:28:36:6c:e9:43:26:49:d0:ea:be:bb:6e:
         7b:79:cb:e6:c6:8e:60:32:d1:07:cc:ca:13:39:ea:45:f9:1d:
         e2:ef:76:7b:96:13:4f:9b:67:d5:7c:9c:da:13:9d:fe:7c:d2:
         5d:ca:6e:91:81:26:5a:de:4c:a1:4b:b3:52:92:ef:72:53:6b:
         69:81:cc:55
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaPnLWk9W3hP4QyY429PkYukd4aEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIzMDAyMDExWhcNMjUwNTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNjBjNTQxYzIxYzdjODE1ZmJhOTQ3MDBkYmFiZTEwYzg3
ZWE2OTk5Nzc5ZTBlNTMwM2YyY2Y0ZDU3NTNiOTNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvpiUFVM+K553ny41XsaieKqtX5u34lR9blu1bFA4dKqzK
L1dLMhVL/eE8eF7SZzyRciGmJQNToIbeuaRrTTZcWHuPMnWv07nMukhA1PM1Lzuw
hAEbsH6i/IX2oIbmpxXd0n7zSwO0FcwB6SciAAq1wIeSt1DNh+zcNVWF9HXqIB57
VXJbq5QL8gS0uY87ehZ3AvPDKmj16mc3qrpbc4qfdTv+DtshgC1F6P2s5Qo/y8gL
g9aMkj/BBGcdD3ZSjY6Mn/VoUEaKPsti6s68BnSAcLQ4Tuqs1c15VK3XdmrM8yp9
vbg45wqcpgvZ+19ttGL6Z5DCqRohySqgiqqdfgaHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQABpB8fQflwmU2id0xk0B0ik1ZUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VjNzkyMDA2LTNhZDQtNDMyYy1iYzZkLWVjYWY5ZjJmODQwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVrFeAwDQYJKoZIhvcNAQELBQADggEBAFxhLPdG7g+5kmXyqjLWl4PhrANW
ZvKJ7ASvy5aNRxM8+rbuJsjBGEU9XFeE2rLCoDHl+kBJyQb/73vzaNu5/oExW2hi
e7epzURXUJ+cxC6uckYNK20X+7yWf3jpi/kkaGu2knPbgz/iR0UuJbAT4ZdRwCn0
NwAytwv30MHvTqfNGSO3YkxW3+T/2aHrJUtFYUKRaNTRKeuahaC2DdLDYrXDJq8X
Y5da3DO9OKABKjofabw14j/48HRqnyg2bOlDJknQ6r67bnt5y+bGjmAy0QfMyhM5
6kX5HeLvdnuWE0+bZ9V8nNoTnf580l3KbpGBJlreTKFLs1KS73JTa2mBzFU=
-----END CERTIFICATE-----