Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03dd229f-85c7-4158-82b5-da756c839c84.roa
File:                     03dd229f-85c7-4158-82b5-da756c839c84.roa (raw, json)
Hash identifier:          NzlO3Af+Mk0N6wSZvMCNcYuvF0ErimYZo141uSscVwA=
Subject key identifier:   0E:B2:DB:10:6D:77:AE:70:67:1D:20:72:10:1E:37:D5:D2:96:B0:06
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1416E5290D4DBE2F8739F4182141873717EB74A9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03dd229f-85c7-4158-82b5-da756c839c84.roa
Signing time:             Sat 12 Jul 2025 00:10:29 +0000
ROA not before:           Sat 12 Jul 2025 00:10:29 +0000
ROA not after:            Sat 16 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.249.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 22 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:16:e5:29:0d:4d:be:2f:87:39:f4:18:21:41:87:37:17:eb:74:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul 12 00:10:29 2025 GMT
            Not After : Aug 16 23:59:59 2025 GMT
        Subject: serialNumber=43b28b21b276a38790fa2be5e46cd296fee666bcf50eab96bc099d863cfe4a86, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:a6:e4:99:cc:d7:b8:77:09:6b:23:e0:c7:c9:
                    b5:7c:00:1a:9c:09:8a:fe:9c:0b:6b:6f:49:f6:34:
                    70:34:c2:5c:ae:d6:f5:65:62:0c:1f:b8:74:54:04:
                    36:39:e4:f1:b3:97:93:d4:65:a5:a7:ea:ae:87:48:
                    d9:fb:24:18:27:68:de:c2:47:48:76:cb:9e:75:82:
                    af:af:d3:ff:cc:39:cb:5a:51:fe:2c:b1:5c:6c:06:
                    31:9e:8e:2f:ff:77:52:23:bd:d2:97:80:75:a8:f5:
                    41:fe:ce:c5:2d:8b:ed:96:00:4e:61:de:36:ec:01:
                    57:1c:65:17:1b:06:b5:67:af:6b:a6:78:c8:05:66:
                    2b:e3:dd:47:42:0d:73:65:50:4c:b1:20:42:c8:6d:
                    4a:ab:3f:36:25:0a:3f:ab:01:c9:27:f0:49:e0:b7:
                    63:23:f0:a6:9f:b6:3a:e6:68:9c:cd:35:b5:ae:3a:
                    cb:6f:5e:df:9b:f2:fd:c0:ca:0d:05:a8:28:13:17:
                    4c:48:3f:5a:88:bd:2a:72:d6:c8:d2:38:8a:39:7c:
                    9c:20:9e:a6:f4:68:48:57:ab:96:f9:1f:b3:d5:4c:
                    ed:88:c2:05:b3:db:8c:f8:d9:09:47:d0:d4:12:4b:
                    76:bd:8c:96:4f:18:d5:ff:c8:6c:e8:93:ce:21:35:
                    a9:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:B2:DB:10:6D:77:AE:70:67:1D:20:72:10:1E:37:D5:D2:96:B0:06
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03dd229f-85c7-4158-82b5-da756c839c84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.249.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bb:98:25:63:2e:c4:8e:1d:4e:ee:7c:40:ff:2e:38:ea:ca:43:
         40:eb:f0:d5:2b:aa:4b:1e:b4:06:0b:71:0d:f2:14:35:cd:6b:
         b6:69:23:b3:05:a1:05:b8:1a:0b:01:6e:35:02:63:10:46:ef:
         f6:29:95:03:27:e5:de:75:03:74:b5:ab:60:8f:01:20:5e:02:
         55:58:c3:04:69:58:01:ec:8b:c6:49:33:23:50:35:f1:bf:89:
         85:b2:44:12:d2:73:bd:a7:e7:c1:7a:41:fb:07:f7:79:63:1a:
         b3:1f:50:91:7e:8e:ef:e2:d6:14:e5:1a:05:93:7e:29:9c:47:
         61:47:d1:58:f2:f8:b6:27:d3:3c:91:a8:00:d8:8c:b6:c9:91:
         11:ab:79:8a:1b:a0:d9:24:ee:1b:b1:99:f8:75:6d:c5:90:8c:
         a4:7a:c2:f9:ec:1a:4b:6e:7e:d2:d8:0e:ac:54:43:31:81:e7:
         8c:9f:49:b4:3b:fe:e2:91:65:c4:b5:b7:41:e4:8f:cf:14:81:
         60:ce:ec:4d:f3:c7:a8:6b:38:35:90:54:8a:c5:90:69:f8:04:
         b7:56:88:64:cd:fd:5e:82:ab:9d:2e:fd:b5:08:15:06:21:37:
         39:5c:79:96:42:39:b7:48:4c:00:05:60:b9:33:2e:64:72:3b:
         60:54:ee:c4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFBblKQ1Nvi+HOfQYIUGHNxfrdKkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzEyMDAxMDI5WhcNMjUwODE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A0M2IyOGIyMWIyNzZhMzg3OTBmYTJiZTVlNDZjZDI5NmZl
ZTY2NmJjZjUwZWFiOTZiYzA5OWQ4NjNjZmU0YTg2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgpuSZzNe4dwlrI+DHybV8ABqcCYr+nAtrb0n2NHA0wlyu
1vVlYgwfuHRUBDY55PGzl5PUZaWn6q6HSNn7JBgnaN7CR0h2y551gq+v0//MOcta
Uf4ssVxsBjGeji//d1IjvdKXgHWo9UH+zsUti+2WAE5h3jbsAVccZRcbBrVnr2um
eMgFZivj3UdCDXNlUEyxIELIbUqrPzYlCj+rAckn8Engt2Mj8KaftjrmaJzNNbWu
OstvXt+b8v3Ayg0FqCgTF0xIP1qIvSpy1sjSOIo5fJwgnqb0aEhXq5b5H7PVTO2I
wgWz24z42QlH0NQSS3a9jJZPGNX/yGzok84hNak7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUDrLbEG13rnBnHSByEB431dKWsAYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzZGQyMjlmLTg1YzctNDE1OC04MmI1LWRhNzU2YzgzOWM4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP+TANBgkqhkiG9w0BAQsFAAOCAQEAu5glYy7Ejh1O7nxA/y446spDQOvw
1SuqSx60BgtxDfIUNc1rtmkjswWhBbgaCwFuNQJjEEbv9imVAyfl3nUDdLWrYI8B
IF4CVVjDBGlYAeyLxkkzI1A18b+JhbJEEtJzvafnwXpB+wf3eWMasx9QkX6O7+LW
FOUaBZN+KZxHYUfRWPL4tifTPJGoANiMtsmREat5ihug2STuG7GZ+HVtxZCMpHrC
+ewaS25+0tgOrFRDMYHnjJ9JtDv+4pFlxLW3QeSPzxSBYM7sTfPHqGs4NZBUisWQ
afgEt1aIZM39XoKrnS79tQgVBiE3OVx5lkI5t0hMAAVguTMuZHI7YFTuxA==
-----END CERTIFICATE-----