Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef9673ee-774e-4009-855b-63c7e6931b3f.roa
File:                     ef9673ee-774e-4009-855b-63c7e6931b3f.roa (raw, json)
Hash identifier:          E0yBDnloAo2lz7DT4hNsIA1APyoyS8p58BPwKEJTsek=
Subject key identifier:   D3:1A:A3:67:F3:50:99:46:0B:08:15:CB:D8:26:11:40:6C:BC:2D:88
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7E9D372953F30E604DA4AA3902F5490F078EDDD7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef9673ee-774e-4009-855b-63c7e6931b3f.roa
Signing time:             Thu 17 Apr 2025 18:37:03 +0000
ROA not before:           Thu 17 Apr 2025 18:37:03 +0000
ROA not after:            Thu 22 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.158.0.0/15 maxlen: 15
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:9d:37:29:53:f3:0e:60:4d:a4:aa:39:02:f5:49:0f:07:8e:dd:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 17 18:37:03 2025 GMT
            Not After : May 22 23:59:59 2025 GMT
        Subject: serialNumber=d80fcf814a3136d1a671f7c0f2bbfa0c330a7a22b8c77654cf94e35db8885529, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7f:76:38:28:99:c5:51:5f:79:5c:40:4b:9b:
                    95:49:54:ac:9c:a0:e6:d6:ad:15:83:f1:d5:0c:54:
                    68:54:31:0c:48:67:6d:c1:5a:00:57:ba:ba:26:59:
                    3f:42:fd:ed:f4:d8:c1:0d:24:67:77:05:52:3c:be:
                    19:99:fb:01:9a:d5:54:e9:bc:b8:14:b4:65:54:14:
                    e4:ca:fc:5a:1c:99:fa:63:12:3a:a8:56:27:8e:e6:
                    9e:e9:a3:43:d9:85:25:04:5a:4c:b9:d9:78:58:ad:
                    4f:00:5b:7b:b8:ff:30:53:69:c0:b4:97:20:59:83:
                    ec:b8:0d:a3:17:89:b4:00:82:91:3d:09:dd:18:e6:
                    a8:07:4e:fd:16:c2:06:61:1c:77:f0:1c:af:aa:75:
                    aa:ae:56:e9:be:5d:9d:a3:55:1d:fd:e9:12:06:16:
                    fc:8f:78:af:2e:1b:df:ac:3d:0f:64:a9:0e:e3:1a:
                    36:63:70:1f:8e:e9:e0:1e:c9:d4:e5:45:60:a6:e9:
                    3f:95:e7:18:6c:d3:6c:d7:9a:5e:db:31:c4:ac:41:
                    5f:11:4f:0f:51:d2:11:de:a1:fe:4b:93:e6:63:bb:
                    70:2a:20:01:4f:d5:60:9b:21:ab:20:42:93:ba:bb:
                    61:eb:57:af:31:4e:72:25:84:74:6e:45:87:ab:b2:
                    7a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:1A:A3:67:F3:50:99:46:0B:08:15:CB:D8:26:11:40:6C:BC:2D:88
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef9673ee-774e-4009-855b-63c7e6931b3f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.158.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         36:63:14:c6:be:0c:64:b7:72:39:29:12:52:c1:d4:53:1f:d0:
         36:14:d0:e7:4c:d7:c6:46:bc:e9:e3:e1:67:c1:57:eb:7c:ee:
         15:0f:79:32:e2:92:03:7e:ba:a1:d8:82:66:d4:1a:fc:a1:5d:
         41:2d:bd:81:88:e1:95:61:6f:a9:63:59:70:7b:ac:68:bf:7c:
         0d:bd:91:fd:21:90:e3:81:d4:d8:47:52:58:89:db:f2:b9:64:
         d6:54:bf:7f:86:c6:93:ce:0d:fd:10:10:82:49:15:ff:31:c4:
         0b:7f:cf:ba:d1:08:fa:16:dd:bd:5a:e4:a3:66:17:12:ee:02:
         27:98:49:3f:79:0f:bf:3a:5a:7c:f1:b6:eb:4e:ba:62:c2:4f:
         ff:e1:1c:00:a2:18:fe:7b:b8:7b:00:a5:e8:21:54:62:4a:d4:
         b8:f5:ec:66:1d:f2:62:0b:41:b3:7a:62:0f:2d:9f:53:f3:8f:
         41:33:59:8b:81:03:66:8b:04:d1:c8:01:a9:40:3e:fe:b5:0a:
         8c:6f:cf:13:92:2c:01:ad:24:99:22:0e:44:cf:43:01:5c:64:
         5f:11:e3:ea:4c:fd:4d:91:07:eb:98:d9:d5:ae:77:39:47:04:
         1a:62:bb:6a:ef:7d:b8:87:bd:4b:dc:0c:61:1d:cd:32:c1:90:
         9f:79:5f:8f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfp03KVPzDmBNpKo5AvVJDweO3dcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE3MTgzNzAzWhcNMjUwNTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkODBmY2Y4MTRhMzEzNmQxYTY3MWY3YzBmMmJiZmEwYzMz
MGE3YTIyYjhjNzc2NTRjZjk0ZTM1ZGI4ODg1NTI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJf3Y4KJnFUV95XEBLm5VJVKycoObWrRWD8dUMVGhUMQxI
Z23BWgBXuromWT9C/e302MENJGd3BVI8vhmZ+wGa1VTpvLgUtGVUFOTK/Focmfpj
EjqoVieO5p7po0PZhSUEWky52XhYrU8AW3u4/zBTacC0lyBZg+y4DaMXibQAgpE9
Cd0Y5qgHTv0WwgZhHHfwHK+qdaquVum+XZ2jVR396RIGFvyPeK8uG9+sPQ9kqQ7j
GjZjcB+O6eAeydTlRWCm6T+V5xhs02zXml7bMcSsQV8RTw9R0hHeof5Lk+Zju3Aq
IAFP1WCbIasgQpO6u2HrV68xTnIlhHRuRYersnrdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU0xqjZ/NQmUYLCBXL2CYRQGy8LYgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmOTY3M2VlLTc3NGUtNDAwOS04NTViLTYzYzdlNjkzMWIzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwENnjANBgkqhkiG9w0BAQsFAAOCAQEANmMUxr4MZLdyOSkSUsHUUx/QNhTQ
50zXxka86ePhZ8FX63zuFQ95MuKSA366odiCZtQa/KFdQS29gYjhlWFvqWNZcHus
aL98Db2R/SGQ44HU2EdSWInb8rlk1lS/f4bGk84N/RAQgkkV/zHEC3/PutEI+hbd
vVrko2YXEu4CJ5hJP3kPvzpafPG26066YsJP/+EcAKIY/nu4ewCl6CFUYkrUuPXs
Zh3yYgtBs3piDy2fU/OPQTNZi4EDZosE0cgBqUA+/rUKjG/PE5IsAa0kmSIORM9D
AVxkXxHj6kz9TZEH65jZ1a53OUcEGmK7au99uIe9S9wMYR3NMsGQn3lfjw==
-----END CERTIFICATE-----