Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07008d8d-f039-461c-be80-d42cb304abe4.roa
File:                     07008d8d-f039-461c-be80-d42cb304abe4.roa (raw, json)
Hash identifier:          /X6OkFkXZ67qKPTCxR080EpfTnO2dItq2CDEicX8Log=
Subject key identifier:   1E:95:EA:0B:46:C1:92:92:76:BD:87:B8:E7:69:AE:03:47:0C:2F:BF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       56C2A7B7155807528AF69B81A5523F3E2CB335CA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07008d8d-f039-461c-be80-d42cb304abe4.roa
Signing time:             Tue 08 Apr 2025 00:20:23 +0000
ROA not before:           Tue 08 Apr 2025 00:20:23 +0000
ROA not after:            Tue 13 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.20.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 17 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:c2:a7:b7:15:58:07:52:8a:f6:9b:81:a5:52:3f:3e:2c:b3:35:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr  8 00:20:23 2025 GMT
            Not After : May 13 23:59:59 2025 GMT
        Subject: serialNumber=1d3b8a01e84c8c29cd39c55c6801313fa3631a7309d38d089266788b1e510908, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:29:c4:2c:86:b3:38:99:d4:10:74:08:4f:c7:
                    10:6c:d1:30:90:0f:cd:72:e4:7b:b5:b7:b0:43:2f:
                    7d:5f:c5:31:b2:dc:9e:a6:33:8c:b0:b9:ac:d7:15:
                    a8:75:fd:9e:01:c6:96:1a:60:2c:2d:77:99:03:7c:
                    d8:b9:43:b7:69:bf:c8:7f:7c:cf:9c:a3:a5:e4:12:
                    2d:74:57:94:90:9a:96:5e:0d:50:2d:e1:27:06:cd:
                    b7:e9:3c:96:fb:8b:f0:2d:8d:99:10:71:d9:62:31:
                    90:5e:68:f0:17:dc:b1:a6:91:99:ce:5c:3a:5b:5f:
                    68:dd:fd:9a:92:76:87:20:f2:86:e3:be:b4:a1:b4:
                    ba:1f:a9:6c:e2:d7:c9:80:1d:a6:36:1d:c2:cd:02:
                    9e:98:31:18:de:fe:2f:2e:31:aa:ec:9d:2c:bb:45:
                    7a:66:fc:98:2b:db:b5:d0:71:a2:86:60:b0:d7:a5:
                    d6:c4:70:40:52:4e:33:06:9d:9d:fd:ed:ed:78:26:
                    76:92:b9:e0:2b:2a:4c:6b:40:13:db:af:77:f6:89:
                    f4:c2:9a:01:d7:05:44:e7:29:b8:e2:65:4d:85:f5:
                    bc:f3:24:47:0c:f7:44:33:13:55:35:e2:1a:6c:57:
                    90:48:fd:20:2c:ef:b7:fe:59:14:26:b3:1f:20:61:
                    bb:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:95:EA:0B:46:C1:92:92:76:BD:87:B8:E7:69:AE:03:47:0C:2F:BF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/07008d8d-f039-461c-be80-d42cb304abe4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.20.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         88:6c:94:0c:89:0e:ed:5e:b2:e0:b6:85:22:c6:04:0a:5b:41:
         03:bb:a3:f4:0a:87:28:27:b5:39:5b:43:14:59:0f:77:28:a4:
         cc:e8:4a:1d:54:b6:fc:b9:4f:75:45:dc:52:4c:8c:5d:05:3c:
         6f:54:27:31:8d:93:b1:35:7c:a3:b1:40:a8:77:e6:94:e2:69:
         25:7e:97:97:ad:67:b8:90:ed:ac:d2:0a:76:37:72:3a:40:e8:
         96:17:e0:e4:76:e5:f0:c9:22:cb:3d:92:07:33:bc:92:53:9a:
         0f:d6:d7:02:c5:f4:f0:a3:76:d8:58:8e:e1:09:50:7e:78:22:
         5d:39:2c:0f:b7:5a:cb:06:0d:2e:74:a3:78:3c:6a:4b:ea:c4:
         3c:12:75:d0:01:94:84:3a:39:17:65:fe:77:e3:31:90:77:c1:
         80:1c:55:cb:d7:d4:38:8d:2c:90:64:88:0f:1c:4e:88:29:80:
         db:ea:79:f0:13:92:0a:de:ec:29:15:db:d6:81:1a:f9:00:87:
         a9:a0:33:d4:13:32:79:1a:2e:32:cd:0b:8e:91:0b:bb:df:53:
         29:1c:0b:b2:a2:7a:67:be:cb:72:36:3f:fb:1d:a1:d6:d0:0c:
         25:61:bb:bc:92:ee:4a:38:10:c0:97:3a:39:0b:13:dc:45:08:
         ac:f3:47:c3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVsKntxVYB1KK9puBpVI/PiyzNcowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDA4MDAyMDIzWhcNMjUwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZDNiOGEwMWU4NGM4YzI5Y2QzOWM1NWM2ODAxMzEzZmEz
NjMxYTczMDlkMzhkMDg5MjY2Nzg4YjFlNTEwOTA4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTKcQshrM4mdQQdAhPxxBs0TCQD81y5Hu1t7BDL31fxTGy
3J6mM4ywuazXFah1/Z4BxpYaYCwtd5kDfNi5Q7dpv8h/fM+co6XkEi10V5SQmpZe
DVAt4ScGzbfpPJb7i/AtjZkQcdliMZBeaPAX3LGmkZnOXDpbX2jd/ZqSdocg8obj
vrShtLofqWzi18mAHaY2HcLNAp6YMRje/i8uMarsnSy7RXpm/Jgr27XQcaKGYLDX
pdbEcEBSTjMGnZ397e14JnaSueArKkxrQBPbr3f2ifTCmgHXBUTnKbjiZU2F9bzz
JEcM90QzE1U14hpsV5BI/SAs77f+WRQmsx8gYbtHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHpXqC0bBkpJ2vYe452muA0cML78wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA3MDA4ZDhkLWYwMzktNDYxYy1iZTgwLWQ0MmNiMzA0YWJlNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE2FDANBgkqhkiG9w0BAQsFAAOCAQEAiGyUDIkO7V6y4LaFIsYECltBA7uj
9AqHKCe1OVtDFFkPdyikzOhKHVS2/LlPdUXcUkyMXQU8b1QnMY2TsTV8o7FAqHfm
lOJpJX6Xl61nuJDtrNIKdjdyOkDolhfg5Hbl8Mkiyz2SBzO8klOaD9bXAsX08KN2
2FiO4QlQfngiXTksD7daywYNLnSjeDxqS+rEPBJ10AGUhDo5F2X+d+MxkHfBgBxV
y9fUOI0skGSIDxxOiCmA2+p58BOSCt7sKRXb1oEa+QCHqaAz1BMyeRouMs0LjpEL
u99TKRwLsqJ6Z77LcjY/+x2h1tAMJWG7vJLuSjgQwJc6OQsT3EUIrPNHww==
-----END CERTIFICATE-----