Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f9bf2bef-cff8-4737-98d7-b24a45489a28.roa
File:                     f9bf2bef-cff8-4737-98d7-b24a45489a28.roa (raw, json)
Hash identifier:          1HGY0XiEuTvleUbmzIJPVvLnZAtFdwcv8zNSOcICoDU=
Subject key identifier:   3B:C1:25:F5:3C:5A:59:D6:CC:BA:09:34:EB:6F:71:14:7B:4D:F8:96
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       14001926EC36A2E49097217C2947CE3D9FFF70F2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f9bf2bef-cff8-4737-98d7-b24a45489a28.roa
Signing time:             Fri 18 Apr 2025 00:31:14 +0000
ROA not before:           Fri 18 Apr 2025 00:31:14 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.157.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:00:19:26:ec:36:a2:e4:90:97:21:7c:29:47:ce:3d:9f:ff:70:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 18 00:31:14 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=d447f8b34712d29f101d6ba0cc34c2d6b4c239be2828c375fa49802d5a0db3e9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ef:7f:5d:14:ae:e5:b7:30:cf:d3:40:c5:dd:
                    3b:01:c7:80:33:6d:24:01:98:f1:72:ac:c1:3e:c7:
                    a3:e0:ee:80:80:0c:39:0d:3a:f3:a8:8c:22:e7:ea:
                    2f:a0:1c:d5:3d:a6:e1:8f:5a:87:cd:f6:f0:2e:e1:
                    0a:61:55:b7:e5:6e:cc:e6:b4:65:98:a2:b1:1d:99:
                    ea:0d:6d:59:00:1e:40:ee:9b:1d:1b:5f:28:5a:f6:
                    cf:5a:f3:01:66:bb:8a:7d:be:9a:13:45:30:3f:93:
                    68:a1:a2:9a:1b:2a:0f:e6:52:90:10:78:49:8a:6e:
                    ea:9b:9a:59:ce:c2:57:76:45:bf:a4:8e:d4:46:79:
                    61:03:de:bd:26:fb:fa:a1:20:bc:da:89:9c:43:e8:
                    5b:d1:82:4e:04:f5:17:f1:f8:7d:8b:09:b1:9a:5d:
                    57:5d:d9:0c:4b:f1:f0:bf:c8:72:b2:96:3d:26:74:
                    6a:b8:1f:95:96:92:21:02:c2:69:9b:5f:c0:e5:31:
                    c8:3d:1b:e6:46:04:b7:38:26:fd:d2:30:ab:c9:6f:
                    ce:dc:34:38:02:df:f0:88:39:9c:07:09:43:33:aa:
                    e1:00:1d:9d:d7:41:4f:8b:3c:98:73:8c:47:a1:fc:
                    15:1f:c6:99:fa:85:ed:9e:7f:55:ce:a4:3f:03:a5:
                    14:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:C1:25:F5:3C:5A:59:D6:CC:BA:09:34:EB:6F:71:14:7B:4D:F8:96
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f9bf2bef-cff8-4737-98d7-b24a45489a28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.157.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:f8:12:e9:e3:12:20:1a:c8:3f:2a:d6:09:b8:8f:59:2b:b3:
         e0:5e:f4:83:f8:31:5d:75:3f:2d:9c:36:1f:90:45:90:af:fa:
         9c:c4:e4:a2:64:b2:d3:55:10:78:2b:f0:66:c4:eb:cf:52:e3:
         a6:3e:09:f1:61:59:cf:7b:e6:45:83:c1:03:07:67:85:1e:12:
         4f:51:56:18:4f:f1:5d:0d:c6:78:52:f7:1b:5c:f9:c7:00:96:
         b8:8c:81:6e:83:17:f8:07:dc:1d:0f:06:54:57:16:21:af:ad:
         9f:86:d7:ac:df:f3:22:9c:44:00:b5:e8:75:53:85:79:ce:97:
         49:52:1c:45:5e:90:0e:23:05:45:23:6e:2b:03:75:50:c7:8d:
         27:f6:fa:ae:66:72:fe:ac:a3:74:92:f9:00:5c:95:59:4d:78:
         c5:f3:05:6d:db:62:7a:5d:0c:01:a3:0a:17:a8:cb:1e:3d:67:
         39:ac:a9:b2:f0:b9:be:b6:0f:0e:2d:49:c6:f8:fc:21:ef:28:
         65:12:37:ab:d1:b0:95:13:8d:09:ab:85:3a:f2:78:2f:01:e2:
         07:84:bb:03:3a:8b:ab:7d:35:38:d9:41:10:75:9c:cf:5b:a2:
         4d:d6:fd:06:39:a5:f8:45:a5:e2:40:5b:66:fe:a0:f0:92:97:
         ec:0a:71:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFAAZJuw2ouSQlyF8KUfOPZ//cPIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE4MDAzMTE0WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNDQ3ZjhiMzQ3MTJkMjlmMTAxZDZiYTBjYzM0YzJkNmI0
YzIzOWJlMjgyOGMzNzVmYTQ5ODAyZDVhMGRiM2U5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCp739dFK7ltzDP00DF3TsBx4AzbSQBmPFyrME+x6Pg7oCA
DDkNOvOojCLn6i+gHNU9puGPWofN9vAu4QphVbflbszmtGWYorEdmeoNbVkAHkDu
mx0bXyha9s9a8wFmu4p9vpoTRTA/k2ihopobKg/mUpAQeEmKbuqbmlnOwld2Rb+k
jtRGeWED3r0m+/qhILzaiZxD6FvRgk4E9Rfx+H2LCbGaXVdd2QxL8fC/yHKylj0m
dGq4H5WWkiECwmmbX8DlMcg9G+ZGBLc4Jv3SMKvJb87cNDgC3/CIOZwHCUMzquEA
HZ3XQU+LPJhzjEeh/BUfxpn6he2ef1XOpD8DpRQHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUO8El9TxaWdbMugk0629xFHtN+JYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y5YmYyYmVmLWNmZjgtNDczNy05OGQ3LWIyNGE0NTQ4OWEyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALYnQwwDQYJKoZIhvcNAQELBQADggEBAGn4EunjEiAayD8q1gm4j1krs+Be
9IP4MV11Py2cNh+QRZCv+pzE5KJkstNVEHgr8GbE689S46Y+CfFhWc975kWDwQMH
Z4UeEk9RVhhP8V0NxnhS9xtc+ccAlriMgW6DF/gH3B0PBlRXFiGvrZ+G16zf8yKc
RAC16HVThXnOl0lSHEVekA4jBUUjbisDdVDHjSf2+q5mcv6so3SS+QBclVlNeMXz
BW3bYnpdDAGjCheoyx49ZzmsqbLwub62Dw4tScb4/CHvKGUSN6vRsJUTjQmrhTry
eC8B4geEuwM6i6t9NTjZQRB1nM9bok3W/QY5pfhFpeJAW2b+oPCSl+wKca8=
-----END CERTIFICATE-----