Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/24d921c1-9e96-4ec0-8d95-a45b8c083105.roa
File:                     24d921c1-9e96-4ec0-8d95-a45b8c083105.roa (raw, json)
Hash identifier:          ZScACFJbHLz7i52lTjPoDTm0bDnxYLb48n18YgTPVz8=
Subject key identifier:   52:6D:A9:99:90:1A:1B:81:44:EE:99:7C:B2:97:7D:56:DE:C9:A3:19
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18F12F58764D84400138894E0F44651F29D96DE1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/24d921c1-9e96-4ec0-8d95-a45b8c083105.roa
Signing time:             Mon 19 May 2025 15:31:17 +0000
ROA not before:           Mon 19 May 2025 15:31:17 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        168.242.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:f1:2f:58:76:4d:84:40:01:38:89:4e:0f:44:65:1f:29:d9:6d:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 19 15:31:17 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=a814d15181097738e4baf2d271288f3fcaa43919caa510947a68aa6457e35ac0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:da:9b:d3:53:fe:79:1a:82:94:92:22:f0:36:
                    81:78:48:5d:c0:66:7d:76:98:41:5d:d5:80:e7:f1:
                    dd:f8:26:73:81:49:fe:49:8a:9c:0b:98:33:aa:e1:
                    3a:a5:8c:5f:de:e2:2b:47:43:8f:9f:2b:3d:a3:a8:
                    3c:89:ee:b4:f9:3d:ea:84:d8:7e:46:b8:29:b4:3f:
                    bd:da:b0:96:e7:c8:a7:df:73:10:81:ee:34:52:2b:
                    b4:45:f4:09:3a:e3:08:2f:1d:03:45:eb:b2:b9:74:
                    50:5b:de:b8:1b:ab:c8:6f:64:a6:81:20:41:4c:38:
                    4c:f6:01:15:9e:5f:7d:00:91:10:a9:97:76:d9:38:
                    8f:6a:95:7a:75:8a:61:df:36:db:e5:39:0c:3f:b8:
                    77:d0:eb:35:d3:76:92:8c:22:77:39:ca:45:f6:03:
                    12:38:d4:b5:b7:38:61:17:9b:e7:14:be:a2:ef:ce:
                    9e:1c:a4:68:d2:27:bf:85:e0:4f:05:eb:9e:43:09:
                    23:b0:14:a8:4c:f8:ea:b3:48:b0:f3:02:37:d5:41:
                    54:2a:e7:7b:8a:55:42:7e:5e:82:a5:3f:ce:cf:1e:
                    66:7c:41:2a:2a:6f:c1:d0:89:c7:2f:87:94:ad:17:
                    32:a5:44:4a:b7:18:ee:f2:3a:54:61:82:37:3c:e0:
                    13:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:6D:A9:99:90:1A:1B:81:44:EE:99:7C:B2:97:7D:56:DE:C9:A3:19
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/24d921c1-9e96-4ec0-8d95-a45b8c083105.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.242.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         38:92:67:7e:ee:ff:35:e7:29:7a:ca:83:b3:e4:31:6b:54:1a:
         5b:ab:8c:56:48:13:c2:1d:4c:e7:5e:10:20:a7:2c:4c:81:4e:
         39:b7:ed:3d:94:32:68:8e:4b:55:54:73:73:66:95:c1:62:c7:
         c5:39:20:f5:1d:30:93:99:c0:ab:a8:19:2b:10:70:33:a4:f8:
         9d:19:0f:7a:b5:88:d9:cf:bf:d8:b8:e3:4b:11:58:ff:5d:ef:
         1f:da:1b:56:49:c1:8d:b5:4e:c5:a4:7c:a0:7c:99:32:ea:06:
         c3:0e:b2:a9:27:92:45:25:01:75:02:e3:f2:d7:7e:54:95:0f:
         e0:c5:c8:a2:18:da:54:10:e6:d5:d0:12:8a:44:1d:af:c7:5c:
         1b:6d:1c:4c:1a:47:f9:8f:e7:91:84:c0:9d:52:69:6b:4c:29:
         f6:90:d5:7f:c6:74:2d:eb:c5:5b:b6:78:b0:28:dd:a2:8b:39:
         04:56:00:d8:02:18:6c:16:58:64:f2:da:a8:a4:ee:31:6f:33:
         eb:7b:f3:be:87:86:3a:b6:d8:ef:75:b6:47:2b:58:bd:f4:a0:
         f7:f5:83:d3:8f:d6:35:28:6c:c2:ce:79:03:ca:71:d1:79:e5:
         4d:6f:9e:93:e4:55:1d:36:fa:b5:cc:9c:a2:72:86:49:7c:7c:
         7e:f0:90:43
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGPEvWHZNhEABOIlOD0RlHynZbeEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTE5MTUzMTE3WhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhODE0ZDE1MTgxMDk3NzM4ZTRiYWYyZDI3MTI4OGYzZmNh
YTQzOTE5Y2FhNTEwOTQ3YTY4YWE2NDU3ZTM1YWMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDH2pvTU/55GoKUkiLwNoF4SF3AZn12mEFd1YDn8d34JnOB
Sf5JipwLmDOq4TqljF/e4itHQ4+fKz2jqDyJ7rT5PeqE2H5GuCm0P73asJbnyKff
cxCB7jRSK7RF9Ak64wgvHQNF67K5dFBb3rgbq8hvZKaBIEFMOEz2ARWeX30AkRCp
l3bZOI9qlXp1imHfNtvlOQw/uHfQ6zXTdpKMInc5ykX2AxI41LW3OGEXm+cUvqLv
zp4cpGjSJ7+F4E8F655DCSOwFKhM+OqzSLDzAjfVQVQq53uKVUJ+XoKlP87PHmZ8
QSoqb8HQiccvh5StFzKlREq3GO7yOlRhgjc84BPfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUUm2pmZAaG4FE7pl8spd9Vt7JoxkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI0ZDkyMWMxLTllOTYtNGVjMC04ZDk1LWE0NWI4YzA4MzEwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCo8jANBgkqhkiG9w0BAQsFAAOCAQEAOJJnfu7/NecpesqDs+Qxa1QaW6uM
VkgTwh1M514QIKcsTIFOObftPZQyaI5LVVRzc2aVwWLHxTkg9R0wk5nAq6gZKxBw
M6T4nRkPerWI2c+/2LjjSxFY/13vH9obVknBjbVOxaR8oHyZMuoGww6yqSeSRSUB
dQLj8td+VJUP4MXIohjaVBDm1dASikQdr8dcG20cTBpH+Y/nkYTAnVJpa0wp9pDV
f8Z0LevFW7Z4sCjdoos5BFYA2AIYbBZYZPLaqKTuMW8z63vzvoeGOrbY73W2RytY
vfSg9/WD04/WNShsws55A8px0XnlTW+ek+RVHTb6tcyconKGSXx8fvCQQw==
-----END CERTIFICATE-----