Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20cff8ef-58d4-41ca-b3a8-a17cb6933ce0.roa
File:                     20cff8ef-58d4-41ca-b3a8-a17cb6933ce0.roa (raw, json)
Hash identifier:          MfiNlOtf1djKbPEyi2v9aUYNoChQ2jizQ1UcBxPqkJs=
Subject key identifier:   74:D9:D7:22:70:69:34:48:22:AB:CC:7C:CF:7F:D2:24:41:FD:12:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C310CE74ABFF513F0E5B189B574744B6C455EA7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20cff8ef-58d4-41ca-b3a8-a17cb6933ce0.roa
Signing time:             Fri 30 May 2025 00:30:25 +0000
ROA not before:           Fri 30 May 2025 00:30:25 +0000
ROA not after:            Fri 04 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:31:0c:e7:4a:bf:f5:13:f0:e5:b1:89:b5:74:74:4b:6c:45:5e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 30 00:30:25 2025 GMT
            Not After : Jul  4 23:59:59 2025 GMT
        Subject: serialNumber=e85a6c1bef814bf76fcddf97e0f33a7732ff9243ead6d6e512071b7eb89b070b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:20:0f:d1:04:94:60:dd:d1:20:3b:54:6f:a5:
                    a3:b5:a4:78:7d:1e:5a:4d:a5:6e:01:6e:7b:b3:b2:
                    12:5c:dc:ba:30:f6:25:9f:02:3f:f8:21:72:f4:d9:
                    33:2a:cf:bc:77:89:95:df:64:be:e4:47:93:eb:a2:
                    33:a9:e5:24:d3:f2:7c:91:01:c8:3a:ca:a4:57:32:
                    16:13:04:7f:55:db:a8:7e:be:a7:45:d2:fa:9f:46:
                    1b:94:20:3d:5c:75:81:cf:9c:84:94:d2:b6:24:8b:
                    a3:5c:8f:ba:8d:4a:54:d3:ac:3e:af:92:67:e1:1d:
                    8e:2d:d0:68:e4:b4:30:b0:ac:53:5a:07:fa:39:e4:
                    17:e8:f2:c1:68:6a:f6:65:98:65:63:05:4c:12:3f:
                    f6:88:43:45:e9:d1:06:de:c9:c9:d2:85:b8:5c:ca:
                    b5:52:75:bd:b7:e5:67:e5:a3:63:4b:d2:26:04:44:
                    e2:bd:62:b1:72:1f:05:98:ee:35:d6:65:4e:05:10:
                    84:7a:d2:7d:8d:bc:d0:18:50:6d:5b:cf:8e:e8:d1:
                    5c:6b:5b:75:a4:ec:c6:e2:06:7e:80:87:9a:9a:30:
                    ab:4f:c0:33:9c:c6:dd:2c:03:1b:21:36:5f:7d:dc:
                    2a:71:62:73:18:26:00:2e:e1:69:f3:e1:a5:19:33:
                    cb:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D9:D7:22:70:69:34:48:22:AB:CC:7C:CF:7F:D2:24:41:FD:12:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20cff8ef-58d4-41ca-b3a8-a17cb6933ce0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:6b:5f:c0:2a:57:d8:99:d6:e2:52:52:77:ae:0a:60:0a:d4:
         e1:3e:8d:21:ff:dc:62:10:4d:37:fd:82:96:f6:ce:72:77:09:
         99:36:c0:67:09:e8:4c:32:cf:c7:14:94:dc:80:01:b1:2e:c1:
         3e:73:d8:ec:6b:39:a6:25:f3:af:5d:03:57:0e:ca:29:96:a9:
         41:84:4e:22:4e:28:04:b5:71:3d:9d:f2:49:e5:7d:bc:76:ed:
         81:71:0e:91:5f:80:90:22:d9:3c:4d:1a:1e:35:c5:50:a4:f7:
         99:5c:8e:2a:87:b6:99:a7:9c:d7:45:56:88:9d:d3:a0:22:fc:
         e4:c5:08:6c:fb:b2:e6:5c:30:fc:af:b8:00:1a:58:6d:51:e6:
         2c:b8:c6:63:a2:46:96:10:8b:16:d2:ed:31:56:cd:fb:8f:d9:
         94:7e:e7:ec:9a:c9:12:2c:51:44:ff:7d:cb:bc:a8:35:b2:7c:
         e3:e4:05:a1:55:0d:85:30:68:67:e7:f2:03:cc:be:c3:29:4c:
         29:3a:a4:95:73:2c:27:ff:cf:86:5f:45:be:12:96:89:87:d4:
         d7:ed:4d:b6:89:a1:fd:31:6e:7b:2a:c6:60:b9:f5:63:79:51:
         6d:39:6c:f4:d6:37:ec:33:db:93:14:98:62:f8:24:0d:33:c3:
         7c:f9:d1:0a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXDEM50q/9RPw5bGJtXR0S2xFXqcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTMwMDAzMDI1WhcNMjUwNzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlODVhNmMxYmVmODE0YmY3NmZjZGRmOTdlMGYzM2E3NzMy
ZmY5MjQzZWFkNmQ2ZTUxMjA3MWI3ZWI4OWIwNzBiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChIA/RBJRg3dEgO1RvpaO1pHh9HlpNpW4BbnuzshJc3Low
9iWfAj/4IXL02TMqz7x3iZXfZL7kR5ProjOp5STT8nyRAcg6yqRXMhYTBH9V26h+
vqdF0vqfRhuUID1cdYHPnISU0rYki6Ncj7qNSlTTrD6vkmfhHY4t0GjktDCwrFNa
B/o55Bfo8sFoavZlmGVjBUwSP/aIQ0Xp0QbeycnShbhcyrVSdb235Wflo2NL0iYE
ROK9YrFyHwWY7jXWZU4FEIR60n2NvNAYUG1bz47o0VxrW3Wk7MbiBn6Ah5qaMKtP
wDOcxt0sAxshNl993CpxYnMYJgAu4Wnz4aUZM8vvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdNnXInBpNEgiq8x8z3/SJEH9EsMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIwY2ZmOGVmLTU4ZDQtNDFjYS1iM2E4LWExN2NiNjkzM2NlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/GgwDQYJKoZIhvcNAQELBQADggEBALprX8AqV9iZ1uJSUneuCmAK1OE+
jSH/3GIQTTf9gpb2znJ3CZk2wGcJ6Ewyz8cUlNyAAbEuwT5z2OxrOaYl869dA1cO
yimWqUGETiJOKAS1cT2d8knlfbx27YFxDpFfgJAi2TxNGh41xVCk95lcjiqHtpmn
nNdFVoid06Ai/OTFCGz7suZcMPyvuAAaWG1R5iy4xmOiRpYQixbS7TFWzfuP2ZR+
5+yayRIsUUT/fcu8qDWyfOPkBaFVDYUwaGfn8gPMvsMpTCk6pJVzLCf/z4ZfRb4S
lomH1NftTbaJof0xbnsqxmC59WN5UW05bPTWN+wz25MUmGL4JA0zw3z50Qo=
-----END CERTIFICATE-----