Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4393951a-48f6-4d5e-a6a1-c5a21955005d.roa
File:                     4393951a-48f6-4d5e-a6a1-c5a21955005d.roa (raw, json)
Hash identifier:          4SC6Ia4GV2dnsyBhg4EK1vAneDahW5Q0E5u8zi/7EGM=
Subject key identifier:   5C:D1:E4:7A:48:30:3D:14:6C:C8:6F:D3:F9:91:10:49:DE:7A:C9:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       30934B32D7F698BC9BB3CC6E991BD2E5BB429433
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4393951a-48f6-4d5e-a6a1-c5a21955005d.roa
Signing time:             Sat 24 May 2025 00:10:20 +0000
ROA not before:           Sat 24 May 2025 00:10:20 +0000
ROA not after:            Sat 28 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.42.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:93:4b:32:d7:f6:98:bc:9b:b3:cc:6e:99:1b:d2:e5:bb:42:94:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 24 00:10:20 2025 GMT
            Not After : Jun 28 23:59:59 2025 GMT
        Subject: serialNumber=f491063fc4d1ed2dd0c109a37b70f50b9dd7e921da2691908350658987e569ab, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f5:4b:5c:12:84:fb:d2:8f:21:2a:c1:05:a4:
                    b4:54:ba:ec:a2:02:f5:e9:cb:62:4c:dc:99:66:85:
                    ab:90:ff:41:33:52:25:8e:a3:e9:12:da:23:98:59:
                    d9:e5:a0:6b:d6:32:91:d2:62:0b:1a:cc:85:9f:30:
                    c2:2b:85:e2:69:65:6f:81:ab:5c:40:61:a4:fa:b9:
                    a3:9c:e9:97:74:a6:98:c0:73:92:57:0b:66:5f:9e:
                    83:4f:9b:8d:c9:85:85:0d:52:41:87:04:27:25:81:
                    fa:d1:2c:30:4f:80:91:71:77:6e:fa:5b:54:6c:8e:
                    b8:fe:fd:cf:a1:47:39:a8:23:8d:d6:11:c1:41:98:
                    fc:df:b4:6f:a2:7e:8a:4a:a0:0d:bf:bf:bb:0c:8b:
                    0d:a4:fc:ff:fe:4a:54:d4:d2:92:9c:5b:e8:8c:cd:
                    fc:89:36:8f:e5:4f:7b:61:77:10:ca:dd:c2:94:f7:
                    65:db:4d:1b:ea:be:07:4b:7e:0b:27:9e:65:43:6f:
                    77:87:98:f1:ec:1e:f8:6c:a6:9d:3f:d2:4e:1c:d0:
                    dd:85:1d:9b:35:57:28:79:cb:fc:99:71:b1:c5:ce:
                    51:a0:67:0c:8a:5f:8b:b2:6f:59:1c:85:6b:00:c1:
                    65:76:88:de:d6:85:93:36:e8:24:15:ac:11:d1:76:
                    8b:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D1:E4:7A:48:30:3D:14:6C:C8:6F:D3:F9:91:10:49:DE:7A:C9:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4393951a-48f6-4d5e-a6a1-c5a21955005d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.42.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         09:69:bd:a5:1c:b1:c3:e1:58:9c:a0:cf:b5:42:f0:db:ac:b3:
         9c:1f:99:9c:b3:84:94:c0:a1:48:44:37:0b:92:0c:56:80:a2:
         cb:29:4c:ba:9b:e6:59:a8:be:1a:23:ad:7c:2d:f1:f9:fa:62:
         e9:4d:24:e7:fc:ce:fd:81:84:bb:0f:ff:f9:23:9c:14:ad:08:
         6e:46:54:d8:f8:33:bd:53:60:9f:c4:ea:cc:c2:db:91:f2:74:
         0d:5a:7e:a4:62:0a:81:3e:e0:54:4d:04:59:ad:1a:40:aa:52:
         95:4a:da:f9:a1:39:43:88:28:1e:8e:b7:9c:fd:78:4e:a8:4d:
         9b:7e:ee:b3:26:ed:50:e4:52:35:07:c4:7c:91:d9:76:65:89:
         1e:f8:97:33:46:72:13:8a:d5:3b:b3:09:e1:29:d5:83:1b:9e:
         8d:5e:09:c5:f0:1a:e6:6b:e1:0d:99:30:bc:76:ac:41:73:96:
         34:7e:11:44:55:6c:7b:9c:44:05:ee:56:86:b7:5c:dc:ce:ed:
         e3:ca:9f:cd:1c:b1:2c:49:d2:be:d5:68:14:c5:36:d0:e6:fe:
         5c:d2:2d:8b:4a:c4:f4:b2:1c:a5:27:e2:a0:98:9c:92:d7:0b:
         17:d3:73:83:d5:24:dc:80:57:67:ad:a1:f6:3f:df:ca:7a:56:
         31:1f:6c:d0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMJNLMtf2mLybs8xumRvS5btClDMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTI0MDAxMDIwWhcNMjUwNjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNDkxMDYzZmM0ZDFlZDJkZDBjMTA5YTM3YjcwZjUwYjlk
ZDdlOTIxZGEyNjkxOTA4MzUwNjU4OTg3ZTU2OWFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC59UtcEoT70o8hKsEFpLRUuuyiAvXpy2JM3JlmhauQ/0Ez
UiWOo+kS2iOYWdnloGvWMpHSYgsazIWfMMIrheJpZW+Bq1xAYaT6uaOc6Zd0ppjA
c5JXC2ZfnoNPm43JhYUNUkGHBCclgfrRLDBPgJFxd276W1Rsjrj+/c+hRzmoI43W
EcFBmPzftG+ifopKoA2/v7sMiw2k/P/+SlTU0pKcW+iMzfyJNo/lT3thdxDK3cKU
92XbTRvqvgdLfgsnnmVDb3eHmPHsHvhspp0/0k4c0N2FHZs1Vyh5y/yZcbHFzlGg
ZwyKX4uyb1kchWsAwWV2iN7WhZM26CQVrBHRdotZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUXNHkekgwPRRsyG/T+ZEQSd56ySUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzOTM5NTFhLTQ4ZjYtNGQ1ZS1hNmExLWM1YTIxOTU1MDA1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjKjANBgkqhkiG9w0BAQsFAAOCAQEACWm9pRyxw+FYnKDPtULw26yznB+Z
nLOElMChSEQ3C5IMVoCiyylMupvmWai+GiOtfC3x+fpi6U0k5/zO/YGEuw//+SOc
FK0IbkZU2PgzvVNgn8TqzMLbkfJ0DVp+pGIKgT7gVE0EWa0aQKpSlUra+aE5Q4go
Ho63nP14TqhNm37usybtUORSNQfEfJHZdmWJHviXM0ZyE4rVO7MJ4SnVgxuejV4J
xfAa5mvhDZkwvHasQXOWNH4RRFVse5xEBe5Whrdc3M7t48qfzRyxLEnSvtVoFMU2
0Ob+XNIti0rE9LIcpSfioJicktcLF9Nzg9Uk3IBXZ62h9j/fynpWMR9s0A==
-----END CERTIFICATE-----