Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9521470e-60a8-4627-854b-23346de593e3.roa
File:                     9521470e-60a8-4627-854b-23346de593e3.roa (raw, json)
Hash identifier:          nBlQESUBNUWJrKLhzSkG9CVXyMPvy4rZVWQSpUNp0JE=
Subject key identifier:   D5:06:A0:CA:24:3F:9E:95:A9:C1:AE:28:A3:F8:36:7A:9D:A2:95:98
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1598B1A28B113C4EF9A84DEA4032320A199EE584
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9521470e-60a8-4627-854b-23346de593e3.roa
Signing time:             Wed 28 May 2025 00:02:10 +0000
ROA not before:           Wed 28 May 2025 00:02:10 +0000
ROA not after:            Wed 02 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        15.219.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:98:b1:a2:8b:11:3c:4e:f9:a8:4d:ea:40:32:32:0a:19:9e:e5:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 28 00:02:10 2025 GMT
            Not After : Jul  2 23:59:59 2025 GMT
        Subject: serialNumber=f873c4f0e2bb3435bc677d0daad2948d25e4af4292e373b803e8e17e083d7be1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:fa:e3:8b:a5:5f:34:26:1a:c7:4f:a6:b6:bb:
                    04:81:6e:b7:0c:04:68:77:6b:ec:44:f0:04:9f:db:
                    df:f1:f4:c4:cd:cf:a6:52:76:35:5d:9d:de:52:41:
                    b7:7a:eb:17:ef:04:54:86:56:2e:15:36:36:7b:da:
                    bc:73:77:2d:d9:3e:6b:ca:62:2c:57:7c:44:d9:17:
                    13:56:08:7f:c5:04:61:1d:72:63:26:05:66:80:6d:
                    b6:9f:e4:f5:84:67:ba:62:85:df:0f:56:ab:2e:c0:
                    ee:c4:29:68:f5:95:51:84:5d:a1:0e:f6:1b:df:de:
                    7f:9e:ca:fb:6f:7a:73:56:0c:f4:81:af:72:75:61:
                    65:a4:a8:b8:8f:c8:03:9d:f4:6e:ec:27:45:58:1e:
                    7b:c0:cf:9a:60:68:c8:07:ef:93:58:66:01:89:25:
                    2e:16:eb:4b:86:6f:2b:00:10:07:0b:f5:38:86:5a:
                    33:0a:7d:c8:76:7b:00:47:1f:37:b7:8e:19:4a:0b:
                    4c:12:21:63:bf:7f:19:51:1f:7b:aa:96:9a:b4:50:
                    6c:2c:f7:64:22:09:a2:bc:46:46:16:41:53:67:64:
                    0d:c2:56:3f:65:d4:2b:12:f9:e4:4d:31:c9:1c:3c:
                    ba:52:4b:92:6b:93:6f:9e:8f:30:55:22:5d:86:f8:
                    3c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:06:A0:CA:24:3F:9E:95:A9:C1:AE:28:A3:F8:36:7A:9D:A2:95:98
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9521470e-60a8-4627-854b-23346de593e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.219.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         61:cc:ca:7b:23:08:df:ce:1d:c7:cd:c8:c4:71:42:98:74:33:
         69:42:fd:75:96:62:ad:16:a9:22:f2:2f:6f:22:d1:ca:42:db:
         94:36:51:c9:13:bf:31:7c:7e:9c:74:40:1b:65:88:10:60:c5:
         56:f2:4f:3f:73:7f:dc:2c:a2:ab:f1:ef:ea:c5:7e:69:65:c5:
         02:0c:a5:f2:20:c5:e4:af:d6:e6:e8:16:58:d1:01:62:46:d7:
         fb:0a:0b:2d:ca:8d:e1:ca:34:44:ef:19:3c:42:c8:80:fa:41:
         7e:35:6b:f5:b3:9d:91:ad:a2:80:79:4c:51:70:06:53:b1:56:
         31:2a:86:2a:11:3f:68:26:1e:40:c2:76:e9:43:c2:7b:d9:6c:
         31:b0:75:fa:dd:bd:37:5e:b0:81:bd:6f:70:50:a0:f0:ec:c7:
         66:33:da:c6:e8:95:81:b2:a0:c6:44:a4:42:b1:f3:91:6e:9a:
         cb:c4:ef:6b:f6:86:e5:cc:a1:e9:ef:72:bc:c3:d4:1f:b5:48:
         d4:60:8b:42:22:73:87:8b:dd:ea:d1:bd:7d:27:47:a0:7c:69:
         c5:2c:69:c1:28:3e:ab:36:93:f4:8c:34:ca:9f:4f:78:49:46:
         60:44:a9:3f:53:42:b5:06:48:c2:18:43:2a:18:50:27:00:23:
         50:84:e5:b6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFZixoosRPE75qE3qQDIyChme5YQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTI4MDAwMjEwWhcNMjUwNzAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmODczYzRmMGUyYmIzNDM1YmM2NzdkMGRhYWQyOTQ4ZDI1
ZTRhZjQyOTJlMzczYjgwM2U4ZTE3ZTA4M2Q3YmUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCL+uOLpV80JhrHT6a2uwSBbrcMBGh3a+xE8ASf29/x9MTN
z6ZSdjVdnd5SQbd66xfvBFSGVi4VNjZ72rxzdy3ZPmvKYixXfETZFxNWCH/FBGEd
cmMmBWaAbbaf5PWEZ7pihd8PVqsuwO7EKWj1lVGEXaEO9hvf3n+eyvtvenNWDPSB
r3J1YWWkqLiPyAOd9G7sJ0VYHnvAz5pgaMgH75NYZgGJJS4W60uGbysAEAcL9TiG
WjMKfch2ewBHHze3jhlKC0wSIWO/fxlRH3uqlpq0UGws92QiCaK8RkYWQVNnZA3C
Vj9l1CsS+eRNMckcPLpSS5Jrk2+ejzBVIl2G+Dx9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU1QagyiQ/npWpwa4oo/g2ep2ilZgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk1MjE0NzBlLTYwYTgtNDYyNy04NTRiLTIzMzQ2ZGU1OTNlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP2zANBgkqhkiG9w0BAQsFAAOCAQEAYczKeyMI384dx83IxHFCmHQzaUL9
dZZirRapIvIvbyLRykLblDZRyRO/MXx+nHRAG2WIEGDFVvJPP3N/3Cyiq/Hv6sV+
aWXFAgyl8iDF5K/W5ugWWNEBYkbX+woLLcqN4co0RO8ZPELIgPpBfjVr9bOdka2i
gHlMUXAGU7FWMSqGKhE/aCYeQMJ26UPCe9lsMbB1+t29N16wgb1vcFCg8OzHZjPa
xuiVgbKgxkSkQrHzkW6ay8Tva/aG5cyh6e9yvMPUH7VI1GCLQiJzh4vd6tG9fSdH
oHxpxSxpwSg+qzaT9Iw0yp9PeElGYESpP1NCtQZIwhhDKhhQJwAjUITltg==
-----END CERTIFICATE-----
Generated at Sun Jun 1 05:24:50 2025 by rpki-client