Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2304bbf7-aaad-4af6-85cf-ac713779380e.roa
File:                     2304bbf7-aaad-4af6-85cf-ac713779380e.roa (raw, json)
Hash identifier:          eRKlSRPA4sBEDnveWzDZXpmbeF5zZZh45uZhSfpySgs=
Subject key identifier:   C5:5F:70:98:7C:D0:E1:6E:73:FC:69:83:B4:66:48:8E:55:A3:BC:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       14F8CD7C10012E2C2744BE82265A7079BA198886
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2304bbf7-aaad-4af6-85cf-ac713779380e.roa
Signing time:             Mon 19 May 2025 16:01:24 +0000
ROA not before:           Mon 19 May 2025 16:01:24 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        1.178.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 05 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:f8:cd:7c:10:01:2e:2c:27:44:be:82:26:5a:70:79:ba:19:88:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 19 16:01:24 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=4179d6651aba1ee8f794b3d7ed4c8505437f3e381928b437f89b463af8217b38, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:7c:f8:a1:62:83:60:a5:6c:ec:f9:0e:b6:f8:
                    26:5d:e6:46:f6:76:25:6b:59:53:3d:2c:c1:4a:8c:
                    a7:ea:b0:38:f0:80:52:69:ca:80:21:a8:55:2b:e3:
                    4c:76:2f:5d:24:a6:d9:9a:a2:37:98:a7:0b:91:fd:
                    d7:32:af:b4:1c:d3:7f:bd:2a:e9:8e:24:bd:28:67:
                    a2:43:72:2a:51:a3:22:79:72:58:f3:78:cf:ee:94:
                    75:ab:83:71:86:d5:13:a9:ee:31:03:af:37:81:0c:
                    62:70:07:a4:92:d4:d1:32:08:56:e0:ba:4e:b1:c9:
                    e5:d8:a8:1a:a5:c8:d1:dc:b5:d2:ad:ea:a1:a9:07:
                    fc:8b:b6:1a:15:22:bf:36:e4:ae:ab:5c:b9:6b:e7:
                    78:6f:fe:77:b2:57:0a:fe:d0:6b:77:89:a6:7d:de:
                    29:80:b1:7f:00:12:b6:a7:43:f1:07:9f:88:08:5f:
                    f9:d6:3b:34:ce:a3:4e:93:bb:27:67:21:29:b5:03:
                    5c:0d:7d:9b:43:b7:f0:98:8e:32:f5:7e:10:7f:eb:
                    1d:6e:af:08:01:52:04:12:d4:8a:fa:e6:d5:f4:0e:
                    5b:ea:34:15:11:35:38:45:de:48:49:06:41:09:7e:
                    3f:b4:b8:70:84:75:d6:3d:1f:86:88:95:f8:0b:52:
                    b6:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:5F:70:98:7C:D0:E1:6E:73:FC:69:83:B4:66:48:8E:55:A3:BC:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2304bbf7-aaad-4af6-85cf-ac713779380e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  1.178.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:8e:1d:fd:14:d5:02:41:a6:22:cf:35:e1:d6:85:8f:d7:fa:
         07:dc:3c:b3:62:5b:41:7b:6f:56:23:34:b2:db:4a:01:70:e7:
         90:0d:c4:56:85:86:9f:8d:97:f8:d4:c7:df:f0:ef:54:2c:75:
         e3:13:52:2e:f3:91:0d:3c:b0:5b:10:45:ff:fa:d3:ea:05:d1:
         62:dd:d5:fd:91:7d:e0:1a:6b:76:06:f1:c8:35:13:6a:95:17:
         b4:2a:50:f4:db:dc:fe:86:8a:e8:9a:a8:c6:01:52:ef:36:67:
         a9:ce:f6:dd:e6:65:02:24:d9:fd:84:cd:3d:ff:4a:51:19:30:
         fa:6a:de:51:35:9a:bf:59:9b:88:8c:ca:b0:23:de:22:06:21:
         c8:fc:50:5d:b6:17:9b:1f:78:14:a2:70:11:8c:8e:d9:32:16:
         c7:a4:58:8e:b8:20:33:48:03:0d:81:05:98:63:83:61:76:d7:
         03:16:b1:c5:e9:e6:7f:fb:e7:b6:17:7c:56:5b:e9:04:83:7d:
         2e:53:7f:a6:f8:9a:47:00:a5:d3:a8:55:92:42:01:e9:0c:b1:
         d8:2f:a1:6c:e4:09:56:64:45:a5:50:a5:50:e0:32:bc:50:97:
         2f:28:40:92:03:7a:64:fd:7d:e3:10:68:31:b5:99:a3:f0:44:
         94:e4:04:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFPjNfBABLiwnRL6CJlpweboZiIYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTE5MTYwMTI0WhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTc5ZDY2NTFhYmExZWU4Zjc5NGIzZDdlZDRjODUwNTQz
N2YzZTM4MTkyOGI0MzdmODliNDYzYWY4MjE3YjM4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQfPihYoNgpWzs+Q62+CZd5kb2diVrWVM9LMFKjKfqsDjw
gFJpyoAhqFUr40x2L10kptmaojeYpwuR/dcyr7Qc03+9KumOJL0oZ6JDcipRoyJ5
cljzeM/ulHWrg3GG1ROp7jEDrzeBDGJwB6SS1NEyCFbguk6xyeXYqBqlyNHctdKt
6qGpB/yLthoVIr825K6rXLlr53hv/neyVwr+0Gt3iaZ93imAsX8AEranQ/EHn4gI
X/nWOzTOo06TuydnISm1A1wNfZtDt/CYjjL1fhB/6x1urwgBUgQS1Ir65tX0Dlvq
NBURNThF3khJBkEJfj+0uHCEddY9H4aIlfgLUrYPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxV9wmHzQ4W5z/GmDtGZIjlWjvCUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIzMDRiYmY3LWFhYWQtNGFmNi04NWNmLWFjNzEzNzc5MzgwZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIBskQwDQYJKoZIhvcNAQELBQADggEBACWOHf0U1QJBpiLPNeHWhY/X+gfc
PLNiW0F7b1YjNLLbSgFw55ANxFaFhp+Nl/jUx9/w71QsdeMTUi7zkQ08sFsQRf/6
0+oF0WLd1f2RfeAaa3YG8cg1E2qVF7QqUPTb3P6GiuiaqMYBUu82Z6nO9t3mZQIk
2f2EzT3/SlEZMPpq3lE1mr9Zm4iMyrAj3iIGIcj8UF22F5sfeBSicBGMjtkyFsek
WI64IDNIAw2BBZhjg2F21wMWscXp5n/757YXfFZb6QSDfS5Tf6b4mkcApdOoVZJC
AekMsdgvoWzkCVZkRaVQpVDgMrxQly8oQJIDemT9feMQaDG1maPwRJTkBPg=
-----END CERTIFICATE-----