Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/121a5400-f940-428a-9bc9-2251735f0c70.roa
File:                     121a5400-f940-428a-9bc9-2251735f0c70.roa (raw, json)
Hash identifier:          sfJnGVOX1wcqI2pYBfmXNaLtPvrZv0rprPIo1qNZO18=
Subject key identifier:   86:E5:2C:DF:AD:DA:76:0C:85:22:2F:81:8B:62:F7:81:0E:4E:3A:DC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       573687F4E55A6A53C56437DBF965A651D435895E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/121a5400-f940-428a-9bc9-2251735f0c70.roa
Signing time:             Tue 24 Jun 2025 00:30:14 +0000
ROA not before:           Tue 24 Jun 2025 00:30:14 +0000
ROA not after:            Tue 29 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        57.204.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 02 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:36:87:f4:e5:5a:6a:53:c5:64:37:db:f9:65:a6:51:d4:35:89:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 24 00:30:14 2025 GMT
            Not After : Jul 29 23:59:59 2025 GMT
        Subject: serialNumber=48bbd06f29d69b57827bbc12933f8b6cbec87aeb29d7757624142b05f21e6db8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:43:55:d6:32:46:7d:5d:0b:b9:7a:86:7b:86:
                    a4:7c:b7:bb:6d:99:0d:e0:9f:01:b9:65:4d:3b:d0:
                    85:7a:d3:58:fc:b2:62:65:a7:06:37:53:10:9b:ec:
                    52:a7:6d:19:60:c6:b7:93:b6:a7:7f:34:08:59:75:
                    76:f9:cb:19:6b:a9:2e:95:e7:86:dd:ca:fa:41:8a:
                    1f:2d:c7:fc:1e:53:37:db:c2:37:98:14:69:0d:0f:
                    3b:25:8c:4f:e9:cf:c8:f2:c6:69:da:94:27:c3:04:
                    3f:7b:88:f5:6f:fd:99:56:a7:9a:22:26:6e:21:14:
                    c2:ed:17:64:a2:b9:d6:85:db:79:d6:7a:29:cb:9c:
                    5b:8a:bf:f9:99:6b:2a:1c:5e:09:7e:58:80:be:ab:
                    95:f1:94:d8:87:9c:48:8b:11:29:44:6b:87:e2:a1:
                    ee:2f:fb:d5:11:ea:4e:8a:26:8c:4c:42:41:54:0b:
                    5d:5f:e6:04:4d:e9:50:a1:5c:24:55:26:d2:54:ef:
                    9d:9d:7f:e3:0c:6f:90:48:1f:67:a0:5f:b1:31:2b:
                    63:7c:16:a7:19:23:f2:28:6c:8a:96:e0:e3:cf:12:
                    49:b9:32:41:34:ff:11:29:d7:ee:19:0d:01:98:3c:
                    2c:21:74:e9:b1:8d:0d:a4:87:98:bf:3a:ff:64:66:
                    fe:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:E5:2C:DF:AD:DA:76:0C:85:22:2F:81:8B:62:F7:81:0E:4E:3A:DC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/121a5400-f940-428a-9bc9-2251735f0c70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.204.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bf:ce:6a:43:a0:68:5e:3d:81:a8:9b:c1:37:1c:47:bb:53:2c:
         12:8c:9b:86:3d:e1:8f:1f:f6:0d:f9:ec:99:b4:7f:ab:f7:8a:
         b4:c3:86:19:be:4b:d1:72:d1:86:1c:3b:92:68:ed:65:83:89:
         71:86:f6:c9:42:34:86:34:d0:a8:2a:ef:65:3a:9d:c2:91:f3:
         72:67:61:39:33:5b:bf:0d:5d:98:8b:5e:51:e1:22:76:0a:7a:
         8b:74:b5:6c:0a:ff:64:dd:ed:5f:0c:c4:ec:15:17:8a:42:1d:
         97:46:0d:c8:f2:15:74:79:fd:81:60:aa:80:6a:28:ff:14:89:
         79:5b:a2:c4:34:78:49:ab:75:8d:81:e7:8b:04:88:4a:0c:56:
         15:5c:c7:ee:89:ad:78:45:73:ca:12:1d:fa:71:cd:00:72:39:
         7d:f6:31:7a:e4:b9:7a:62:ec:89:c9:b6:dc:b5:05:cf:70:cb:
         70:67:a8:ec:51:11:5f:74:01:2c:db:f2:56:f9:d5:f6:22:b5:
         47:38:c7:6a:b6:31:26:13:50:86:f1:ce:1e:d7:1e:34:57:e8:
         8d:46:69:db:c4:17:8f:4c:e2:e1:5c:99:c8:e4:d4:72:d7:a6:
         33:f1:7c:7c:4f:86:17:ca:c8:70:62:7c:1d:81:1c:01:61:fd:
         be:14:d0:f9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVzaH9OVaalPFZDfb+WWmUdQ1iV4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjI0MDAzMDE0WhcNMjUwNzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OGJiZDA2ZjI5ZDY5YjU3ODI3YmJjMTI5MzNmOGI2Y2Jl
Yzg3YWViMjlkNzc1NzYyNDE0MmIwNWYyMWU2ZGI4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaQ1XWMkZ9XQu5eoZ7hqR8t7ttmQ3gnwG5ZU070IV601j8
smJlpwY3UxCb7FKnbRlgxreTtqd/NAhZdXb5yxlrqS6V54bdyvpBih8tx/weUzfb
wjeYFGkNDzsljE/pz8jyxmnalCfDBD97iPVv/ZlWp5oiJm4hFMLtF2SiudaF23nW
einLnFuKv/mZayocXgl+WIC+q5XxlNiHnEiLESlEa4fioe4v+9UR6k6KJoxMQkFU
C11f5gRN6VChXCRVJtJU752df+MMb5BIH2egX7ExK2N8FqcZI/IobIqW4OPPEkm5
MkE0/xEp1+4ZDQGYPCwhdOmxjQ2kh5i/Ov9kZv6VAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUhuUs363adgyFIi+Bi2L3gQ5OOtwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEyMWE1NDAwLWY5NDAtNDI4YS05YmM5LTIyNTE3MzVmMGM3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA5zDANBgkqhkiG9w0BAQsFAAOCAQEAv85qQ6BoXj2BqJvBNxxHu1MsEoyb
hj3hjx/2DfnsmbR/q/eKtMOGGb5L0XLRhhw7kmjtZYOJcYb2yUI0hjTQqCrvZTqd
wpHzcmdhOTNbvw1dmIteUeEidgp6i3S1bAr/ZN3tXwzE7BUXikIdl0YNyPIVdHn9
gWCqgGoo/xSJeVuixDR4Sat1jYHniwSISgxWFVzH7omteEVzyhId+nHNAHI5ffYx
euS5emLsicm23LUFz3DLcGeo7FERX3QBLNvyVvnV9iK1RzjHarYxJhNQhvHOHtce
NFfojUZp28QXj0zi4VyZyOTUctemM/F8fE+GF8rIcGJ8HYEcAWH9vhTQ+Q==
-----END CERTIFICATE-----