Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2a09846-443b-40e8-960d-92a8061d00c7.roa
File:                     e2a09846-443b-40e8-960d-92a8061d00c7.roa (raw, json)
Hash identifier:          /VyAE9U9rnhU2LkCuHMTy5jnHDXn01zte3yFiaIV/Wg=
Subject key identifier:   7E:5F:EC:F6:D1:65:6E:38:D7:EA:A3:ED:57:45:2D:00:10:A5:B9:A7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2DFB6DCB1D869885DF0823220F9B83C399C35900
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2a09846-443b-40e8-960d-92a8061d00c7.roa
Signing time:             Fri 14 Mar 2025 00:42:08 +0000
ROA not before:           Fri 14 Mar 2025 00:42:08 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 06 Apr 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:fb:6d:cb:1d:86:98:85:df:08:23:22:0f:9b:83:c3:99:c3:59:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:42:08 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:50:97:9b:aa:4f:8d:a4:60:b7:b5:be:09:ee:
                    75:bf:cf:56:70:65:37:6d:fb:ac:b9:9d:0e:fd:a2:
                    6a:43:4c:6e:16:77:67:56:4b:88:b1:02:db:59:9b:
                    08:50:9d:b5:00:4d:65:be:73:99:70:06:63:dc:0e:
                    cd:54:25:74:f6:db:df:f8:11:a4:40:2e:c3:54:e7:
                    cf:26:95:57:1f:bc:98:1d:e7:e6:71:27:fe:3a:2c:
                    f0:5c:b9:c6:3c:71:84:55:31:f8:ff:77:5c:61:50:
                    d7:7b:3b:76:64:c0:42:52:14:7f:8d:45:4f:a2:20:
                    af:8b:b2:f3:de:4d:98:b7:bc:72:a5:13:68:30:d6:
                    f2:88:d2:7d:10:78:4d:99:75:9c:0d:2a:a0:dc:5f:
                    40:29:3c:f8:6b:a2:36:0c:df:90:34:3e:9d:af:df:
                    e1:fc:e0:88:3c:29:54:86:a6:78:ff:b9:83:1e:aa:
                    ce:15:ed:5a:02:84:b3:29:b1:53:76:3e:7e:01:42:
                    99:62:3e:5f:56:7f:83:ed:10:51:8b:49:d0:94:ab:
                    49:8d:08:b3:b8:b5:f1:62:79:1b:53:56:10:28:0d:
                    9d:83:6a:a3:28:9d:2e:fe:c2:d3:b1:5f:f8:56:d7:
                    95:bd:bc:8d:d6:c4:e7:eb:ca:97:ff:44:d7:e5:94:
                    e6:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:5F:EC:F6:D1:65:6E:38:D7:EA:A3:ED:57:45:2D:00:10:A5:B9:A7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2a09846-443b-40e8-960d-92a8061d00c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:94:7e:05:be:09:49:2e:51:ca:bb:89:3c:29:35:7a:45:f3:
         6c:1a:19:5e:27:9b:95:c8:c4:83:6f:7c:d9:c5:cb:30:7b:21:
         92:0e:ea:9e:60:e2:6a:1c:75:ff:f7:da:80:c6:e9:32:46:56:
         81:26:08:5a:a6:00:cb:56:b5:63:c5:6c:c8:6c:8f:52:07:06:
         83:cb:26:3a:39:07:11:48:9b:3b:cf:b6:a2:5b:bf:f1:77:d7:
         32:08:38:f0:65:01:c2:11:68:b7:09:be:fa:3b:cf:80:48:5d:
         99:99:87:51:94:81:77:05:0c:f8:c2:80:83:16:a0:df:e3:ab:
         0b:28:dd:a4:4b:ca:71:54:cd:8c:91:42:b3:12:73:0e:71:90:
         f4:73:32:cf:eb:cf:2d:ca:47:db:fa:c5:3e:3c:06:ba:7e:a1:
         63:c5:ee:95:ea:54:0f:de:7e:74:b0:f4:72:33:de:a1:16:4d:
         6e:d3:65:7e:63:e5:b5:a3:cb:92:5c:61:5b:8d:ee:d0:c4:93:
         ee:e5:a7:80:70:17:cc:98:7f:cc:69:12:ee:a6:14:89:1e:e1:
         9d:96:36:6d:3d:28:1c:95:84:ef:fc:72:4b:2c:7e:66:6c:b5:
         b7:30:4e:75:54:0b:a6:fb:d9:25:b8:e8:74:f5:b8:ea:31:8b:
         14:8b:a2:a5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULfttyx2GmIXfCCMiD5uDw5nDWQAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDA0MjA4WhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZDk4YjdkZGMwYTc0Zjg2OTA5YjQwZDJmYTVmOTI4MDdl
MTQxNzMyMGZkNjRiN2JjNDAyZmM0OTAzNWM0NWFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgUJebqk+NpGC3tb4J7nW/z1ZwZTdt+6y5nQ79ompDTG4W
d2dWS4ixAttZmwhQnbUATWW+c5lwBmPcDs1UJXT229/4EaRALsNU588mlVcfvJgd
5+ZxJ/46LPBcucY8cYRVMfj/d1xhUNd7O3ZkwEJSFH+NRU+iIK+LsvPeTZi3vHKl
E2gw1vKI0n0QeE2ZdZwNKqDcX0ApPPhrojYM35A0Pp2v3+H84Ig8KVSGpnj/uYMe
qs4V7VoChLMpsVN2Pn4BQpliPl9Wf4PtEFGLSdCUq0mNCLO4tfFieRtTVhAoDZ2D
aqMonS7+wtOxX/hW15W9vI3WxOfrypf/RNfllOZhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfl/s9tFlbjjX6qPtV0UtABCluacwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UyYTA5ODQ2LTQ0M2ItNDBlOC05NjBkLTkyYTgwNjFkMDBjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/EIwDQYJKoZIhvcNAQELBQADggEBABOUfgW+CUkuUcq7iTwpNXpF82wa
GV4nm5XIxINvfNnFyzB7IZIO6p5g4mocdf/32oDG6TJGVoEmCFqmAMtWtWPFbMhs
j1IHBoPLJjo5BxFImzvPtqJbv/F31zIIOPBlAcIRaLcJvvo7z4BIXZmZh1GUgXcF
DPjCgIMWoN/jqwso3aRLynFUzYyRQrMScw5xkPRzMs/rzy3KR9v6xT48Brp+oWPF
7pXqVA/efnSw9HIz3qEWTW7TZX5j5bWjy5JcYVuN7tDEk+7lp4BwF8yYf8xpEu6m
FIke4Z2WNm09KByVhO/8ckssfmZstbcwTnVUC6b72SW46HT1uOoxixSLoqU=
-----END CERTIFICATE-----