Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef8efc10-0ade-4a78-a29d-d3809dd2cadf.roa
File:                     ef8efc10-0ade-4a78-a29d-d3809dd2cadf.roa (raw, json)
Hash identifier:          g3EEFVIqD1ZERlF1ZRDspHHvclypAGH3PE5FUEL7jrI=
Subject key identifier:   3F:28:B5:9B:C4:D5:64:D4:A2:F3:84:E2:FA:3F:93:21:2E:FC:29:B2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F99D27349CF3F952F063A1EF69087BD5440AD13
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef8efc10-0ade-4a78-a29d-d3809dd2cadf.roa
Signing time:             Fri 13 Jun 2025 00:42:13 +0000
ROA not before:           Fri 13 Jun 2025 00:42:13 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        174.129.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 15 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:99:d2:73:49:cf:3f:95:2f:06:3a:1e:f6:90:87:bd:54:40:ad:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 13 00:42:13 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=7ba63d46a10e3884e17ae023f240461037e367e5a38cf0ea73656aab9d89db2f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:68:75:76:cf:21:e4:11:ac:a1:0f:1b:c4:09:
                    a7:c9:e2:3f:0f:cf:17:a0:e5:f8:8d:c0:d5:3f:4d:
                    46:57:db:d4:a9:b7:f8:42:9d:9f:5b:5e:bf:d7:0f:
                    83:f4:b3:2c:1d:a7:31:11:b2:b2:fe:69:b8:84:d3:
                    29:28:eb:3c:a5:f4:5c:99:3e:3e:ed:04:82:26:19:
                    58:d4:18:d2:4a:b2:8b:15:1a:3a:cd:5f:3a:63:47:
                    c4:53:a7:49:94:4a:02:e6:9b:b4:29:ec:17:c2:af:
                    c3:3f:03:b3:ae:a1:7b:67:59:cc:6b:0e:8b:c0:58:
                    92:8a:dd:90:33:4c:d8:24:6c:52:64:38:18:47:bc:
                    72:4a:94:44:7c:0b:47:b6:a6:52:09:86:11:8b:8f:
                    f8:cc:86:37:09:8a:f1:4c:b0:ef:b3:a9:46:b6:b9:
                    b4:45:ab:b8:a5:b6:fd:16:6b:6c:d6:da:cb:a4:41:
                    80:67:16:ae:63:69:b2:11:28:c9:d7:c4:8d:ee:c3:
                    59:4f:1e:37:ee:7c:71:42:6d:a1:cf:b1:f3:c2:c5:
                    28:90:aa:f8:93:d9:e3:99:89:6e:b0:0f:5d:6b:7c:
                    76:2c:57:8d:f3:c5:fc:fb:02:29:33:c1:c5:a1:0d:
                    65:c1:b6:91:e8:1b:09:d3:93:a6:93:32:51:77:1a:
                    12:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:28:B5:9B:C4:D5:64:D4:A2:F3:84:E2:FA:3F:93:21:2E:FC:29:B2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef8efc10-0ade-4a78-a29d-d3809dd2cadf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  174.129.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a9:75:e5:ca:e9:1d:25:e0:20:1c:73:bd:e9:33:25:a2:77:ca:
         47:a6:4b:ee:b1:a2:38:cd:05:b8:fa:12:64:1e:68:23:41:10:
         0d:cc:cd:c8:3b:e1:6b:f5:ed:fe:6d:37:67:9c:69:7f:04:90:
         a5:bb:6e:1a:b2:5d:68:7d:0a:bf:16:75:6b:e4:79:f9:15:df:
         3e:d6:73:86:3b:7d:44:2e:e0:23:5b:e9:77:96:9a:e2:66:23:
         74:a4:c9:8d:2a:2d:28:9d:72:b9:b3:4b:58:58:4a:77:3c:64:
         cd:20:ce:ef:ca:39:c8:e5:9b:43:ce:d8:b2:09:0c:67:30:4a:
         e8:64:f2:f9:bf:5c:e8:fc:ef:58:05:e7:2b:76:11:93:fb:b4:
         d1:45:de:88:3e:56:4c:20:3b:02:ac:da:11:22:03:51:be:fb:
         4f:b3:57:1a:1c:7e:9d:e9:10:f2:0f:57:10:15:bd:09:8c:e2:
         b9:86:cb:d9:98:fd:33:70:95:db:ad:25:c2:57:da:c5:6a:db:
         c7:ad:cd:2a:e4:9e:29:f6:00:a0:06:25:a4:bb:80:f8:2d:33:
         94:02:7a:87:d9:2f:f9:b7:c0:5b:f6:21:f4:b3:4d:3b:26:6f:
         ed:1a:39:6b:7d:50:56:c1:ae:7c:82:5e:b1:f9:57:d7:82:7f:
         e0:ff:dd:e0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb5nSc0nPP5UvBjoe9pCHvVRArRMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjEzMDA0MjEzWhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YmE2M2Q0NmExMGUzODg0ZTE3YWUwMjNmMjQwNDYxMDM3
ZTM2N2U1YTM4Y2YwZWE3MzY1NmFhYjlkODlkYjJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOaHV2zyHkEayhDxvECafJ4j8Pzxeg5fiNwNU/TUZX29Sp
t/hCnZ9bXr/XD4P0sywdpzERsrL+abiE0yko6zyl9FyZPj7tBIImGVjUGNJKsosV
GjrNXzpjR8RTp0mUSgLmm7Qp7BfCr8M/A7OuoXtnWcxrDovAWJKK3ZAzTNgkbFJk
OBhHvHJKlER8C0e2plIJhhGLj/jMhjcJivFMsO+zqUa2ubRFq7iltv0Wa2zW2suk
QYBnFq5jabIRKMnXxI3uw1lPHjfufHFCbaHPsfPCxSiQqviT2eOZiW6wD11rfHYs
V43zxfz7AikzwcWhDWXBtpHoGwnTk6aTMlF3GhK7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPyi1m8TVZNSi84Ti+j+TIS78KbIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmOGVmYzEwLTBhZGUtNGE3OC1hMjlkLWQzODA5ZGQyY2FkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASugTAwDQYJKoZIhvcNAQELBQADggEBAKl15crpHSXgIBxzvekzJaJ3ykem
S+6xojjNBbj6EmQeaCNBEA3Mzcg74Wv17f5tN2ecaX8EkKW7bhqyXWh9Cr8WdWvk
efkV3z7Wc4Y7fUQu4CNb6XeWmuJmI3SkyY0qLSidcrmzS1hYSnc8ZM0gzu/KOcjl
m0PO2LIJDGcwSuhk8vm/XOj871gF5yt2EZP7tNFF3og+VkwgOwKs2hEiA1G++0+z
Vxocfp3pEPIPVxAVvQmM4rmGy9mY/TNwldutJcJX2sVq28etzSrknin2AKAGJaS7
gPgtM5QCeofZL/m3wFv2IfSzTTsmb+0aOWt9UFbBrnyCXrH5V9eCf+D/3eA=
-----END CERTIFICATE-----