Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7840150d-90b6-4a97-8609-5a40556c4e1b.roa
File:                     7840150d-90b6-4a97-8609-5a40556c4e1b.roa (raw, json)
Hash identifier:          M81z6GVYDHKu+A9+Ca3yTo2pCrBoFLtvgCE+NvLwT4A=
Subject key identifier:   38:92:06:92:4A:C6:F9:BA:E1:51:57:39:BF:96:F9:D1:03:61:EB:63
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       30CBB578677DFDEF79DC80E43ED430066256DB28
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7840150d-90b6-4a97-8609-5a40556c4e1b.roa
Signing time:             Fri 30 May 2025 00:01:24 +0000
ROA not before:           Fri 30 May 2025 00:01:24 +0000
ROA not after:            Fri 04 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        205.149.32.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:cb:b5:78:67:7d:fd:ef:79:dc:80:e4:3e:d4:30:06:62:56:db:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 30 00:01:24 2025 GMT
            Not After : Jul  4 23:59:59 2025 GMT
        Subject: serialNumber=02265efbb7d968a7bfa2e977ca75b531bd29d2b21814b340b02c019d6508ff2f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:d3:eb:81:3e:78:45:4a:cc:51:a9:1b:30:14:
                    78:2f:94:f5:1a:e6:62:c2:40:05:1d:b8:32:08:0e:
                    75:60:46:93:4f:cc:44:b5:cf:e7:79:8c:5f:75:77:
                    43:b1:1c:51:37:fb:7d:c5:6d:49:db:82:ad:e9:58:
                    55:b5:28:db:24:0d:3b:6c:cd:7c:46:d9:c5:b5:93:
                    8d:a3:c0:9a:47:c8:f4:c1:82:60:16:0a:90:98:f5:
                    20:6f:df:08:d3:ac:a1:74:98:48:75:6a:6b:91:c5:
                    fa:3b:09:b2:6c:c9:08:22:2f:62:3f:2c:83:06:9d:
                    5a:62:84:98:98:db:ec:e7:4c:b2:bf:73:e4:af:d4:
                    78:ba:67:e1:0b:b9:3e:62:35:d1:63:b6:8b:3c:d6:
                    f9:65:d4:9e:87:a6:21:59:f7:17:a2:06:d6:55:93:
                    13:e1:e5:8d:f7:6c:76:e3:02:60:94:07:1f:5d:9d:
                    8b:a8:b3:7a:1e:bd:ec:ef:58:07:80:ad:39:dc:62:
                    44:ed:46:26:b2:95:c6:11:4f:13:4c:3e:15:75:c9:
                    99:c1:bb:af:bc:ec:ef:99:45:8e:12:c0:17:62:56:
                    45:9f:97:ba:bd:94:50:aa:83:c5:bd:62:c5:b6:e6:
                    05:b7:6b:7a:d0:b6:a7:86:24:7f:20:6d:ed:58:5a:
                    fb:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:92:06:92:4A:C6:F9:BA:E1:51:57:39:BF:96:F9:D1:03:61:EB:63
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7840150d-90b6-4a97-8609-5a40556c4e1b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.149.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         85:02:5d:19:5b:74:b8:19:47:bb:e2:ee:e5:90:93:cc:6e:a6:
         fc:96:66:af:4c:1e:8b:c6:22:f9:02:73:7d:f7:3b:ae:52:42:
         33:f8:c3:5a:1e:17:b9:91:e0:91:32:f9:26:f7:61:b6:8e:7c:
         ee:04:57:c8:e8:b1:00:b1:7f:be:35:de:94:71:4b:ee:05:f6:
         70:74:28:ba:7c:e6:33:1d:00:5c:85:2a:93:ca:fd:35:03:c8:
         b0:89:ab:ab:d1:e4:08:be:c8:ff:94:f8:ce:bd:d0:81:d2:d8:
         b5:38:bd:26:54:68:dc:4e:1e:22:ab:01:75:51:a7:ef:ce:f5:
         a0:81:77:bd:84:28:0f:a0:a4:e0:dc:80:34:fa:a5:82:4b:ab:
         9a:1a:50:4f:2f:be:58:4a:0f:98:19:e7:a9:f6:2a:27:5f:1d:
         0b:e3:b6:ed:48:de:ac:c9:15:20:36:77:08:8f:5a:6b:91:56:
         84:8b:96:e5:a3:3e:60:dc:88:ff:76:2b:95:22:4d:0c:27:33:
         7a:9f:80:9a:38:93:37:d5:fc:89:e6:c8:4d:e4:e4:25:2b:9e:
         c5:60:93:8c:b2:7b:d2:6f:e3:0b:85:8d:c6:9a:46:95:d7:1c:
         e0:da:eb:d0:eb:72:43:d8:64:ff:d9:d3:ad:cf:87:a5:6a:d8:
         b3:6e:a8:cc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMMu1eGd9/e953IDkPtQwBmJW2ygwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTMwMDAwMTI0WhcNMjUwNzA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMjI2NWVmYmI3ZDk2OGE3YmZhMmU5NzdjYTc1YjUzMWJk
MjlkMmIyMTgxNGIzNDBiMDJjMDE5ZDY1MDhmZjJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDx0+uBPnhFSsxRqRswFHgvlPUa5mLCQAUduDIIDnVgRpNP
zES1z+d5jF91d0OxHFE3+33FbUnbgq3pWFW1KNskDTtszXxG2cW1k42jwJpHyPTB
gmAWCpCY9SBv3wjTrKF0mEh1amuRxfo7CbJsyQgiL2I/LIMGnVpihJiY2+znTLK/
c+Sv1Hi6Z+ELuT5iNdFjtos81vll1J6HpiFZ9xeiBtZVkxPh5Y33bHbjAmCUBx9d
nYuos3oevezvWAeArTncYkTtRiaylcYRTxNMPhV1yZnBu6+87O+ZRY4SwBdiVkWf
l7q9lFCqg8W9YsW25gW3a3rQtqeGJH8gbe1YWvtNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOJIGkkrG+brhUVc5v5b50QNh62MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4NDAxNTBkLTkwYjYtNGE5Ny04NjA5LTVhNDA1NTZjNGUxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXNlSAwDQYJKoZIhvcNAQELBQADggEBAIUCXRlbdLgZR7vi7uWQk8xupvyW
Zq9MHovGIvkCc333O65SQjP4w1oeF7mR4JEy+Sb3YbaOfO4EV8josQCxf7413pRx
S+4F9nB0KLp85jMdAFyFKpPK/TUDyLCJq6vR5Ai+yP+U+M690IHS2LU4vSZUaNxO
HiKrAXVRp+/O9aCBd72EKA+gpODcgDT6pYJLq5oaUE8vvlhKD5gZ56n2KidfHQvj
tu1I3qzJFSA2dwiPWmuRVoSLluWjPmDciP92K5UiTQwnM3qfgJo4kzfV/InmyE3k
5CUrnsVgk4yye9Jv4wuFjcaaRpXXHODa69DrckPYZP/Z063Ph6Vq2LNuqMw=
-----END CERTIFICATE-----