Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/425248ee-104d-44c2-9568-ff3915e0a91e.roa
File:                     425248ee-104d-44c2-9568-ff3915e0a91e.roa (raw, json)
Hash identifier:          ERE/qVkyRcpG97IqPemJSlxfayDcOFFSRDcOhdo2Mxw=
Subject key identifier:   37:DD:8E:2C:A2:56:72:7E:17:ED:8D:D2:BA:85:DD:68:F8:9D:89:58
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3CA9487C0AB9A85CFF3CC96257B559520240321B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/425248ee-104d-44c2-9568-ff3915e0a91e.roa
Signing time:             Fri 16 May 2025 16:00:49 +0000
ROA not before:           Fri 16 May 2025 16:00:49 +0000
ROA not after:            Fri 20 Jun 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        136.18.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:a9:48:7c:0a:b9:a8:5c:ff:3c:c9:62:57:b5:59:52:02:40:32:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 16 16:00:49 2025 GMT
            Not After : Jun 20 23:59:59 2025 GMT
        Subject: serialNumber=0d3bd2289ae384b57ae208f653502a65a4b352af09e05132e6d26e507d8db036, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:0b:71:23:58:7e:97:d0:1a:99:f0:84:ba:8d:
                    08:e3:29:3b:64:27:9d:64:7d:67:eb:81:09:02:bf:
                    bd:bd:4b:98:97:7a:7d:75:50:f8:8b:b9:14:ba:79:
                    43:92:b1:08:40:2a:4a:66:de:47:54:9a:ac:f1:c9:
                    ad:45:ff:5c:4a:d5:51:8b:2c:42:7f:da:a5:42:3d:
                    fd:01:8f:35:6f:a5:af:82:6b:f0:18:96:a7:ab:df:
                    92:fe:83:c0:4b:18:26:77:78:94:0b:c6:e8:fb:93:
                    db:7b:17:e3:d8:cf:f8:f4:f7:ac:77:1a:e5:86:e6:
                    c3:ea:a4:17:d4:bd:67:b8:90:63:68:2b:8e:da:95:
                    00:5b:47:c4:a6:d1:f9:ca:a8:d3:e6:a2:c9:2e:b2:
                    c6:20:20:92:c2:95:a1:cb:97:b9:5a:79:bf:7b:16:
                    69:07:c7:cc:98:51:35:b4:80:50:26:3b:b8:d6:db:
                    2b:9d:70:67:18:6c:38:0c:0d:15:21:4e:c2:3c:31:
                    75:74:64:2c:2a:71:e2:3c:a5:f4:0b:15:72:3e:95:
                    b7:13:db:52:22:81:77:67:e1:c2:76:f1:92:4b:9d:
                    73:49:03:e4:d5:e6:fd:41:39:76:87:b3:ec:26:32:
                    e2:40:6d:9a:bf:51:cc:87:90:56:09:e0:59:ff:fc:
                    88:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:DD:8E:2C:A2:56:72:7E:17:ED:8D:D2:BA:85:DD:68:F8:9D:89:58
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/425248ee-104d-44c2-9568-ff3915e0a91e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:fc:03:b4:9d:e3:70:44:c2:c7:a1:bf:49:2a:58:0d:18:8d:
         f1:1e:ee:ac:94:80:f0:88:76:c8:6e:a7:98:b2:13:c7:25:52:
         14:e0:a6:0e:97:c6:f8:f7:53:d0:26:4e:2c:15:d7:08:39:7b:
         6d:95:6c:62:4a:02:64:ef:1f:b2:b2:47:ab:40:cb:04:b7:e6:
         1a:f9:2d:b2:b1:f2:f9:92:5e:34:78:41:16:8d:8e:80:43:6d:
         03:3b:74:e8:0f:0f:50:60:ff:8c:bd:f8:23:62:65:a2:4b:1c:
         1c:8d:4a:56:eb:d2:bb:bd:2c:90:10:d4:34:d1:15:b5:ff:50:
         4a:0c:66:fc:80:6d:cf:96:c3:58:ef:72:97:9a:3d:97:42:02:
         35:b7:0b:a9:31:54:35:54:54:36:d5:f9:7a:13:4c:2d:21:62:
         70:96:b2:4e:d3:87:af:8a:25:fd:b8:ef:d7:f8:d2:9e:f4:cb:
         3a:08:3c:3e:ae:21:20:e1:ec:34:b6:c9:3f:d7:4c:10:46:2b:
         57:cd:43:9e:df:7a:9c:bc:ab:72:29:96:7e:61:78:47:9d:e0:
         8b:74:c9:bd:39:11:d0:38:b7:83:a2:10:8b:8d:50:6f:d0:d1:
         2b:2a:fe:67:8a:24:cf:56:29:76:f3:cc:56:bd:2c:b7:b6:68:
         d1:bf:2b:18
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPKlIfAq5qFz/PMliV7VZUgJAMhswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTE2MTYwMDQ5WhcNMjUwNjIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZDNiZDIyODlhZTM4NGI1N2FlMjA4ZjY1MzUwMmE2NWE0
YjM1MmFmMDllMDUxMzJlNmQyNmU1MDdkOGRiMDM2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCGC3EjWH6X0BqZ8IS6jQjjKTtkJ51kfWfrgQkCv729S5iX
en11UPiLuRS6eUOSsQhAKkpm3kdUmqzxya1F/1xK1VGLLEJ/2qVCPf0BjzVvpa+C
a/AYlqer35L+g8BLGCZ3eJQLxuj7k9t7F+PYz/j096x3GuWG5sPqpBfUvWe4kGNo
K47alQBbR8Sm0fnKqNPmoskussYgIJLClaHLl7laeb97FmkHx8yYUTW0gFAmO7jW
2yudcGcYbDgMDRUhTsI8MXV0ZCwqceI8pfQLFXI+lbcT21IigXdn4cJ28ZJLnXNJ
A+TV5v1BOXaHs+wmMuJAbZq/UcyHkFYJ4Fn//IijAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUN92OLKJWcn4X7Y3SuoXdaPidiVgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQyNTI0OGVlLTEwNGQtNDRjMi05NTY4LWZmMzkxNWUwYTkxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEgEwDQYJKoZIhvcNAQELBQADggEBACz8A7Sd43BEwsehv0kqWA0YjfEe
7qyUgPCIdshup5iyE8clUhTgpg6Xxvj3U9AmTiwV1wg5e22VbGJKAmTvH7KyR6tA
ywS35hr5LbKx8vmSXjR4QRaNjoBDbQM7dOgPD1Bg/4y9+CNiZaJLHByNSlbr0ru9
LJAQ1DTRFbX/UEoMZvyAbc+Ww1jvcpeaPZdCAjW3C6kxVDVUVDbV+XoTTC0hYnCW
sk7Th6+KJf2479f40p70yzoIPD6uISDh7DS2yT/XTBBGK1fNQ57fepy8q3Ipln5h
eEed4It0yb05EdA4t4OiEIuNUG/Q0Ssq/meKJM9WKXbzzFa9LLe2aNG/Kxg=
-----END CERTIFICATE-----
Generated at Sun Jun 1 05:31:50 2025 by rpki-client