Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef392e95-5697-4675-a401-25d090055bed.roa
File:                     ef392e95-5697-4675-a401-25d090055bed.roa (raw, json)
Hash identifier:          cMYEq/YBCDhuPga4eTT7vB6D2lpfhP780aS+AaHAAX8=
Subject key identifier:   ED:52:68:7B:57:79:3B:D7:88:31:D4:1D:60:0C:FF:E0:E9:81:5C:E3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       57B00E1435D4651B26F73D9E10C6810593F79779
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef392e95-5697-4675-a401-25d090055bed.roa
Signing time:             Mon 24 Mar 2025 15:40:29 +0000
ROA not before:           Mon 24 Mar 2025 15:40:29 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.87.208.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 07 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:b0:0e:14:35:d4:65:1b:26:f7:3d:9e:10:c6:81:05:93:f7:97:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 24 15:40:29 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:aa:7e:4c:23:b5:5a:ea:ad:e6:d5:f6:55:f3:
                    17:97:2f:95:aa:66:86:f5:96:b5:37:26:40:62:7b:
                    88:6c:67:4a:b9:28:3f:f1:2e:2b:1b:01:e7:f3:54:
                    2e:8f:23:55:44:59:3d:d8:dd:b5:36:e1:d1:d0:a7:
                    3e:dd:fc:42:b6:53:8a:a0:5d:d8:70:00:29:fd:ba:
                    c4:5c:2f:2c:29:bc:ba:ce:38:39:0f:53:94:c7:4a:
                    9a:49:9e:b3:45:ee:ac:d1:6f:9d:de:f9:d8:d6:d7:
                    0d:8d:cb:63:b9:7b:dc:13:3e:63:d7:9b:2b:48:83:
                    78:e4:a9:1d:7e:a0:2e:59:33:c2:09:0d:3b:0c:26:
                    e3:a6:ea:1f:49:9d:f1:ba:5d:36:97:9f:e1:18:9d:
                    73:23:de:b9:d1:b5:99:b7:a7:fc:e8:34:79:86:1a:
                    bd:4e:d9:15:ac:b2:03:a0:00:82:1c:0d:b3:92:83:
                    ca:68:ff:74:8d:f3:76:fe:67:29:17:c9:0a:4f:fc:
                    f4:d4:9a:6b:7d:c8:1e:7c:00:ad:dc:fa:50:fe:a0:
                    cc:fc:fa:93:f1:d5:49:25:1b:e9:60:56:83:7d:0e:
                    2d:88:c3:48:8c:76:51:b6:0a:37:12:eb:7c:f2:41:
                    1c:fd:24:07:eb:75:79:d9:49:e2:de:e8:b0:e5:14:
                    f7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:52:68:7B:57:79:3B:D7:88:31:D4:1D:60:0C:FF:E0:E9:81:5C:E3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef392e95-5697-4675-a401-25d090055bed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.87.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b3:59:26:44:ae:75:67:74:bc:df:c4:b3:59:db:1c:5a:7e:32:
         9b:b1:61:a3:3b:8b:d2:09:fc:66:ed:e1:b0:77:09:12:a9:a4:
         14:d9:f7:4f:a2:c7:ee:4f:22:bc:ac:1f:2b:a0:d2:4d:9b:db:
         d9:5c:de:5b:9a:f3:e2:29:5b:c8:e0:9d:02:89:84:3f:dd:ec:
         a2:1a:0d:96:a9:90:19:56:ef:e9:22:4f:17:63:e9:33:48:43:
         d8:03:38:87:05:25:f8:d8:40:09:65:70:d0:c1:5b:7c:b5:c7:
         65:5c:df:30:c7:73:d4:60:db:43:d4:da:8f:88:9a:ee:ca:5f:
         8b:77:41:11:88:8c:67:ec:fb:16:4c:a2:6a:97:38:b9:b7:d4:
         83:e4:a3:5c:af:b0:a8:69:1e:29:b4:1e:5e:75:f8:61:a5:10:
         09:0b:ee:27:e4:01:77:36:52:87:8b:eb:c6:4d:40:4b:6e:2a:
         11:f6:f6:9c:ec:34:76:40:7d:2c:4a:a7:e5:34:1b:99:d1:04:
         69:8b:2d:29:24:7b:cb:90:c9:c6:79:f3:67:56:d2:d1:ed:21:
         a2:5e:21:09:71:74:ff:88:2b:5b:5f:7b:04:8a:af:b1:17:83:
         d8:63:22:34:74:ee:84:cf:c9:d8:e1:74:03:41:80:d1:a6:4e:
         0f:58:fc:f0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV7AOFDXUZRsm9z2eEMaBBZP3l3kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI0MTU0MDI5WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTJiYTRmOTlmYzM1YzQwMmU1ZjhmOTM4M2NlOTYxNThk
MDg4MjMxMzA1MzY0NGZhYTNiNjllODY0MDBjZTEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjqn5MI7Va6q3m1fZV8xeXL5WqZob1lrU3JkBie4hsZ0q5
KD/xLisbAefzVC6PI1VEWT3Y3bU24dHQpz7d/EK2U4qgXdhwACn9usRcLywpvLrO
ODkPU5THSppJnrNF7qzRb53e+djW1w2Ny2O5e9wTPmPXmytIg3jkqR1+oC5ZM8IJ
DTsMJuOm6h9JnfG6XTaXn+EYnXMj3rnRtZm3p/zoNHmGGr1O2RWssgOgAIIcDbOS
g8po/3SN83b+ZykXyQpP/PTUmmt9yB58AK3c+lD+oMz8+pPx1UklG+lgVoN9Di2I
w0iMdlG2CjcS63zyQRz9JAfrdXnZSeLe6LDlFPcrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7VJoe1d5O9eIMdQdYAz/4OmBXOMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmMzkyZTk1LTU2OTctNDY3NS1hNDAxLTI1ZDA5MDA1NWJlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPYV9AwDQYJKoZIhvcNAQELBQADggEBALNZJkSudWd0vN/Es1nbHFp+Mpux
YaM7i9IJ/Gbt4bB3CRKppBTZ90+ix+5PIrysHyug0k2b29lc3lua8+IpW8jgnQKJ
hD/d7KIaDZapkBlW7+kiTxdj6TNIQ9gDOIcFJfjYQAllcNDBW3y1x2Vc3zDHc9Rg
20PU2o+Imu7KX4t3QRGIjGfs+xZMomqXOLm31IPko1yvsKhpHim0Hl51+GGlEAkL
7ifkAXc2UoeL68ZNQEtuKhH29pzsNHZAfSxKp+U0G5nRBGmLLSkke8uQycZ582dW
0tHtIaJeIQlxdP+IK1tfewSKr7EXg9hjIjR07oTPydjhdANBgNGmTg9Y/PA=
-----END CERTIFICATE-----