Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ede4bc93-765b-4420-aea5-e75807664a32.roa
File:                     ede4bc93-765b-4420-aea5-e75807664a32.roa (raw, json)
Hash identifier:          iuFpENqa9nHPblmd3xtVmNGB4xCzlXIWCdHizZGxGqE=
Subject key identifier:   51:D7:09:67:3B:2A:8C:5E:E4:CF:34:C7:9F:9B:5A:E3:57:EB:21:55
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       43CAD00FB59564EC70B283FFAAA222A885EC39B6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ede4bc93-765b-4420-aea5-e75807664a32.roa
Signing time:             Fri 25 Apr 2025 17:08:16 +0000
ROA not before:           Fri 25 Apr 2025 17:08:16 +0000
ROA not after:            Fri 30 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.24.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:ca:d0:0f:b5:95:64:ec:70:b2:83:ff:aa:a2:22:a8:85:ec:39:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 25 17:08:16 2025 GMT
            Not After : May 30 23:59:59 2025 GMT
        Subject: serialNumber=a143bb15994baf61db86a86f0b3f2b99f29f870c7d2bfbbe646f6f146ea07486, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7c:71:9c:0e:c5:a5:63:03:ce:21:7e:c5:f6:
                    2a:20:84:a9:f7:df:b9:3e:d3:2e:fd:d4:83:6a:9e:
                    87:73:41:6d:9a:8d:66:c4:7c:26:67:7f:ec:e8:6a:
                    e8:d8:d4:9a:89:8a:26:5c:79:e2:8e:02:8b:e9:7e:
                    3e:b4:5c:64:17:90:cb:d2:97:13:b4:27:ad:39:1a:
                    d5:99:e0:aa:11:34:2b:d2:f9:02:59:6f:16:3d:e4:
                    89:83:5c:d2:48:1c:0a:28:30:47:2d:ad:4e:93:7e:
                    d4:c2:63:69:c6:3e:9d:44:f5:4a:e3:f3:87:9e:b4:
                    62:85:19:2b:cd:5b:49:d1:40:bb:cc:73:1c:e9:70:
                    a3:38:a5:23:b5:55:fc:d4:b4:b2:59:2e:74:6a:57:
                    0f:63:3f:4d:99:9d:d5:22:c7:76:a7:79:24:14:50:
                    3f:e5:84:be:9d:70:c5:3a:3f:78:36:80:50:18:2f:
                    2b:3b:ac:33:1c:70:20:f4:c3:ab:9a:31:fd:8a:76:
                    35:a4:70:23:1b:70:57:a8:d2:1c:8a:ea:c6:55:53:
                    03:9c:b1:11:49:13:b7:64:57:f0:3f:1f:d7:6b:be:
                    98:d5:ce:1c:41:3b:b8:61:4b:1f:fc:18:5c:b5:1e:
                    8a:0a:51:82:0f:0f:27:d9:b8:65:cb:4e:c9:45:6c:
                    e6:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D7:09:67:3B:2A:8C:5E:E4:CF:34:C7:9F:9B:5A:E3:57:EB:21:55
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ede4bc93-765b-4420-aea5-e75807664a32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.24.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         17:a9:23:ee:af:38:fa:64:3c:72:c8:36:98:6c:2a:2e:dd:d3:
         a9:4f:22:0e:cb:66:8c:a2:73:ec:a1:2f:a8:a1:65:54:5b:84:
         69:59:03:56:d1:d9:1d:38:b8:63:87:b0:0b:7f:b2:f5:00:5e:
         85:bf:fc:f0:32:f6:44:cf:13:ac:23:f9:46:a5:3e:bd:1c:4e:
         03:e9:9b:26:3e:6b:a8:e7:98:45:4d:96:b1:12:ef:a2:e0:a7:
         e3:7b:58:00:5e:df:e6:86:14:7b:30:df:1e:05:4d:03:fe:63:
         d7:f7:c5:5a:41:3c:f9:1d:11:9e:64:b3:b5:9d:d4:0b:39:37:
         58:01:07:e8:b2:06:ac:dc:2b:69:fb:67:ce:75:24:84:19:c0:
         1e:e8:ac:bc:98:40:08:37:d2:60:61:b5:9c:9f:21:3b:21:ad:
         85:32:cb:dc:19:cb:01:b5:09:36:04:30:34:8a:89:cc:2b:cb:
         bf:03:c0:85:af:e1:a3:20:75:13:5a:e3:d4:54:71:21:2e:20:
         48:18:5e:fb:5f:16:10:3d:68:8e:c0:b2:27:fa:ee:12:33:28:
         5c:86:fd:4e:77:5f:30:a8:20:d6:47:fd:97:2d:4e:20:12:fd:
         16:51:28:03:0d:cf:66:5a:18:e9:17:b2:8f:85:aa:aa:b4:a6:
         b8:96:a5:4b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQ8rQD7WVZOxwsoP/qqIiqIXsObYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI1MTcwODE2WhcNMjUwNTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTQzYmIxNTk5NGJhZjYxZGI4NmE4NmYwYjNmMmI5OWYy
OWY4NzBjN2QyYmZiYmU2NDZmNmYxNDZlYTA3NDg2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLfHGcDsWlYwPOIX7F9ioghKn337k+0y791INqnodzQW2a
jWbEfCZnf+zoaujY1JqJiiZceeKOAovpfj60XGQXkMvSlxO0J605GtWZ4KoRNCvS
+QJZbxY95ImDXNJIHAooMEctrU6TftTCY2nGPp1E9Urj84eetGKFGSvNW0nRQLvM
cxzpcKM4pSO1VfzUtLJZLnRqVw9jP02ZndUix3aneSQUUD/lhL6dcMU6P3g2gFAY
Lys7rDMccCD0w6uaMf2KdjWkcCMbcFeo0hyK6sZVUwOcsRFJE7dkV/A/H9drvpjV
zhxBO7hhSx/8GFy1HooKUYIPDyfZuGXLTslFbOZtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUUdcJZzsqjF7kzzTHn5ta41frIVUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VkZTRiYzkzLTc2NWItNDQyMC1hZWE1LWU3NTgwNzY2NGEzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4GDANBgkqhkiG9w0BAQsFAAOCAQEAF6kj7q84+mQ8csg2mGwqLt3TqU8i
DstmjKJz7KEvqKFlVFuEaVkDVtHZHTi4Y4ewC3+y9QBehb/88DL2RM8TrCP5RqU+
vRxOA+mbJj5rqOeYRU2WsRLvouCn43tYAF7f5oYUezDfHgVNA/5j1/fFWkE8+R0R
nmSztZ3UCzk3WAEH6LIGrNwraftnznUkhBnAHuisvJhACDfSYGG1nJ8hOyGthTLL
3BnLAbUJNgQwNIqJzCvLvwPAha/hoyB1E1rj1FRxIS4gSBhe+18WED1ojsCyJ/ru
EjMoXIb9TndfMKgg1kf9ly1OIBL9FlEoAw3PZloY6Reyj4WqqrSmuJalSw==
-----END CERTIFICATE-----