Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9bd43449-a30d-4de9-ac10-41448aff1c4a.roa
File:                     9bd43449-a30d-4de9-ac10-41448aff1c4a.roa (raw, json)
Hash identifier:          FH5Zdp7GaoeoU8OUhrnFM2A7+SBsQsmzftkLbQPFtIQ=
Subject key identifier:   9D:5A:DA:97:69:26:7B:62:F5:0A:60:1D:F7:F9:2C:C7:50:66:64:C1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       25E679E6C7D23F9719964434B5FBD35CCC416D6E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9bd43449-a30d-4de9-ac10-41448aff1c4a.roa
Signing time:             Mon 31 Mar 2025 16:00:57 +0000
ROA not before:           Mon 31 Mar 2025 16:00:57 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        88.104.0.0/15 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Thu 17 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:e6:79:e6:c7:d2:3f:97:19:96:44:34:b5:fb:d3:5c:cc:41:6d:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 31 16:00:57 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: serialNumber=c809bc2c971aed1db03b7ef8fc3bc9e5b996b01ed3f90a93e2b001ed60eb7f12, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7d:3f:48:1a:60:53:48:e6:fc:91:03:11:e2:
                    19:bd:e7:e3:21:1a:15:71:4e:3b:43:21:c0:8d:f7:
                    14:58:8a:22:d4:74:9a:2d:68:33:71:f5:f8:f8:9a:
                    8c:45:6a:a7:1d:97:7b:0e:39:2d:7a:50:19:03:1c:
                    c8:8f:64:be:61:a2:31:27:18:45:df:0f:54:61:57:
                    1f:71:ec:b1:21:02:0b:68:eb:63:fc:b4:3b:ec:40:
                    30:01:72:1a:ae:f9:a1:ca:b1:db:94:24:0b:d2:0d:
                    22:21:01:db:11:35:df:a1:62:ac:9f:cb:ed:ca:15:
                    3e:76:9f:12:fe:5b:d0:c3:79:3a:70:20:d7:99:0d:
                    cd:55:66:26:71:ac:00:66:79:fd:9c:67:d5:93:09:
                    af:2b:17:66:dc:11:2f:70:06:f0:5e:dc:5d:b1:1a:
                    ce:57:c9:35:de:45:90:57:e9:9a:a1:3a:80:75:ad:
                    f4:10:7d:bc:91:20:ca:73:67:75:7e:b5:3b:77:33:
                    9b:f7:6d:20:bc:bd:93:50:b3:eb:15:1d:aa:f9:9a:
                    4f:d1:59:a2:f3:ea:6b:55:6b:c3:5e:5d:1c:d2:f1:
                    4d:6e:2f:f2:77:9a:90:b1:91:51:fe:84:79:88:24:
                    77:f3:4f:89:7c:21:6a:92:b2:da:ae:ff:8c:b3:16:
                    af:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:5A:DA:97:69:26:7B:62:F5:0A:60:1D:F7:F9:2C:C7:50:66:64:C1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9bd43449-a30d-4de9-ac10-41448aff1c4a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.104.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         31:c7:4a:b0:6e:e9:91:ce:67:d7:7c:5b:6c:f9:ff:1f:ee:d1:
         e3:7e:ea:85:77:d0:0e:bf:69:b1:27:7b:14:bd:e7:f5:99:83:
         f3:54:ec:8e:4f:b1:69:15:2d:16:3f:57:bb:61:2c:0f:38:58:
         56:46:1e:92:f3:b1:02:f3:d4:1d:b5:fa:ae:6b:6b:5c:66:c0:
         fd:17:d5:f9:68:5c:a2:18:d2:1d:cd:cc:62:5f:5c:f7:1c:93:
         43:ae:ab:20:a7:98:a3:5c:6e:d7:b9:4a:f5:c0:1b:4e:69:d9:
         84:24:9a:72:35:0c:4a:59:17:fb:3f:98:2c:14:d3:8b:8e:f0:
         72:96:d8:54:a6:dd:81:fe:54:5b:e6:66:1b:75:bf:06:a8:5f:
         38:b5:ee:a3:fb:93:43:23:44:9a:2d:27:72:39:1f:dd:c6:b3:
         dc:e2:1d:49:b9:4d:fc:0b:83:06:ff:3f:31:31:1e:8e:0f:9d:
         72:ff:de:13:e2:8f:0b:f0:da:9a:f7:6c:bc:0b:e2:ef:fa:68:
         a8:96:21:19:05:61:af:ec:a0:d6:bf:40:50:8c:12:9a:0f:30:
         93:ee:53:2b:a2:5c:fe:eb:ea:2e:76:f8:ae:e0:df:e4:99:12:
         59:f7:6e:a3:58:ff:9e:0a:45:8c:65:90:db:0c:d1:2c:be:d5:
         1d:9e:00:f3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJeZ55sfSP5cZlkQ0tfvTXMxBbW4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzMxMTYwMDU3WhcNMjUwNTA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjODA5YmMyYzk3MWFlZDFkYjAzYjdlZjhmYzNiYzllNWI5
OTZiMDFlZDNmOTBhOTNlMmIwMDFlZDYwZWI3ZjEyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+fT9IGmBTSOb8kQMR4hm95+MhGhVxTjtDIcCN9xRYiiLU
dJotaDNx9fj4moxFaqcdl3sOOS16UBkDHMiPZL5hojEnGEXfD1RhVx9x7LEhAgto
62P8tDvsQDABchqu+aHKsduUJAvSDSIhAdsRNd+hYqyfy+3KFT52nxL+W9DDeTpw
INeZDc1VZiZxrABmef2cZ9WTCa8rF2bcES9wBvBe3F2xGs5XyTXeRZBX6ZqhOoB1
rfQQfbyRIMpzZ3V+tTt3M5v3bSC8vZNQs+sVHar5mk/RWaLz6mtVa8NeXRzS8U1u
L/J3mpCxkVH+hHmIJHfzT4l8IWqSstqu/4yzFq9nAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUnVral2kme2L1CmAd9/ksx1BmZMEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzliZDQzNDQ5LWEzMGQtNGRlOS1hYzEwLTQxNDQ4YWZmMWM0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFYaDANBgkqhkiG9w0BAQsFAAOCAQEAMcdKsG7pkc5n13xbbPn/H+7R437q
hXfQDr9psSd7FL3n9ZmD81Tsjk+xaRUtFj9Xu2EsDzhYVkYekvOxAvPUHbX6rmtr
XGbA/RfV+WhcohjSHc3MYl9c9xyTQ66rIKeYo1xu17lK9cAbTmnZhCSacjUMSlkX
+z+YLBTTi47wcpbYVKbdgf5UW+ZmG3W/BqhfOLXuo/uTQyNEmi0ncjkf3caz3OId
SblN/AuDBv8/MTEejg+dcv/eE+KPC/DamvdsvAvi7/poqJYhGQVhr+yg1r9AUIwS
mg8wk+5TK6Jc/uvqLnb4ruDf5JkSWfduo1j/ngpFjGWQ2wzRLL7VHZ4A8w==
-----END CERTIFICATE-----