Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5e54a86-ed38-4b92-882c-c19087637bc3.roa
File:                     b5e54a86-ed38-4b92-882c-c19087637bc3.roa (raw, json)
Hash identifier:          6TCP+KHvf+iBwud5hvUSaJaZ9DHgIujecO4DSCghatE=
Subject key identifier:   7C:7B:4D:E4:E4:CD:D2:B0:15:96:EF:1D:42:93:32:A2:27:62:A1:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4F7C599FF26ED51412F5B304402DCE5D8B5CC40F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5e54a86-ed38-4b92-882c-c19087637bc3.roa
Signing time:             Mon 26 May 2025 15:00:34 +0000
ROA not before:           Mon 26 May 2025 15:00:34 +0000
ROA not after:            Mon 30 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        104.153.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:7c:59:9f:f2:6e:d5:14:12:f5:b3:04:40:2d:ce:5d:8b:5c:c4:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 26 15:00:34 2025 GMT
            Not After : Jun 30 23:59:59 2025 GMT
        Subject: serialNumber=3cddad6afc900d65a8db68e585456ec8ee31d9dc1b96a444f0695e3bf8996572, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:28:e3:c0:1f:f8:fc:42:5b:47:e7:c2:5a:64:
                    e5:b6:06:7d:f6:0a:e1:b6:af:7a:6b:9c:a5:e4:6f:
                    05:f3:ce:1d:f5:79:90:f8:39:60:f2:cd:82:1c:13:
                    4a:51:90:47:0f:39:c4:92:8c:63:ae:ad:8c:1d:e5:
                    b1:66:42:8d:f3:ac:a0:53:3c:e2:62:22:ae:3a:9f:
                    16:5d:15:35:f3:91:77:02:1e:1a:6b:7c:c8:f0:75:
                    a3:b9:b4:f5:a9:6b:1b:2a:4a:29:6f:39:b4:2f:f9:
                    7f:28:28:25:ee:b1:04:ff:2f:dc:34:4a:37:04:92:
                    b9:0f:18:61:d1:4f:11:57:48:0f:29:e4:c1:f4:99:
                    59:28:01:e7:04:6e:e3:c3:3f:0e:cd:ec:64:6d:1f:
                    ea:bf:1e:06:4d:51:e7:4e:03:3c:64:99:23:c4:57:
                    37:da:44:75:37:96:7b:94:50:f9:03:57:cd:ce:dc:
                    b7:9b:bf:63:a5:c1:ce:94:1a:4e:ba:ca:6b:92:61:
                    b4:b1:46:bc:a4:5a:a3:66:e1:b4:13:46:d4:1b:aa:
                    cc:39:20:62:56:37:c0:0c:87:76:a2:f7:35:23:c8:
                    8c:1d:ee:1b:80:5d:75:ca:57:b1:2d:bf:c7:3e:d3:
                    67:ee:7a:92:70:98:fc:63:50:74:f1:9c:4c:6c:1b:
                    41:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:7B:4D:E4:E4:CD:D2:B0:15:96:EF:1D:42:93:32:A2:27:62:A1:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5e54a86-ed38-4b92-882c-c19087637bc3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.153.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:0d:d4:d1:f5:c7:3e:e0:5d:53:a2:d6:05:57:9b:a8:05:fd:
         77:b6:ab:0f:d2:00:da:61:b7:c7:27:34:93:37:ce:e4:79:c8:
         ba:0e:b2:a8:c7:e8:9a:4f:f5:a6:62:9d:d0:36:2a:86:bd:56:
         c9:13:e0:63:2f:75:13:f9:ba:74:9a:3e:75:14:c7:23:71:5b:
         67:07:1e:8d:6e:21:01:fa:d4:28:7e:62:4c:5b:da:59:87:19:
         77:fe:ce:2a:43:32:f7:68:c7:2d:06:0e:9d:5d:5b:62:0f:dd:
         56:89:dd:f5:16:07:94:f8:d7:51:6e:58:f9:32:54:ff:b5:6e:
         7f:b7:a0:b6:d4:c4:dd:a3:85:c8:dd:8f:d0:ac:38:c9:7e:8a:
         1f:eb:24:3b:8c:93:af:f4:22:8b:74:9e:5f:16:66:50:da:a1:
         a8:c8:dd:8e:f3:7f:03:a8:fa:a7:f5:a2:15:f9:04:aa:f2:ef:
         54:4b:65:77:f6:e2:0a:98:4e:d0:a1:6a:7b:8f:38:05:8f:ee:
         d6:63:6e:4e:18:51:ff:65:01:96:39:62:c0:2a:1d:0a:12:7e:
         77:5d:aa:4f:aa:91:e0:91:a0:f9:ed:2a:ae:a9:bc:d9:fa:fb:
         8a:02:b8:14:15:0d:9c:75:c6:7d:0b:29:3f:16:dc:2f:02:12:
         6c:26:07:7d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUT3xZn/Ju1RQS9bMEQC3OXYtcxA8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTI2MTUwMDM0WhcNMjUwNjMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzY2RkYWQ2YWZjOTAwZDY1YThkYjY4ZTU4NTQ1NmVjOGVl
MzFkOWRjMWI5NmE0NDRmMDY5NWUzYmY4OTk2NTcyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrKOPAH/j8QltH58JaZOW2Bn32CuG2r3prnKXkbwXzzh31
eZD4OWDyzYIcE0pRkEcPOcSSjGOurYwd5bFmQo3zrKBTPOJiIq46nxZdFTXzkXcC
HhprfMjwdaO5tPWpaxsqSilvObQv+X8oKCXusQT/L9w0SjcEkrkPGGHRTxFXSA8p
5MH0mVkoAecEbuPDPw7N7GRtH+q/HgZNUedOAzxkmSPEVzfaRHU3lnuUUPkDV83O
3Lebv2Olwc6UGk66ymuSYbSxRrykWqNm4bQTRtQbqsw5IGJWN8AMh3ai9zUjyIwd
7huAXXXKV7Etv8c+02fuepJwmPxjUHTxnExsG0EjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfHtN5OTN0rAVlu8dQpMyoidioSUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I1ZTU0YTg2LWVkMzgtNGI5Mi04ODJjLWMxOTA4NzYzN2JjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABomXAwDQYJKoZIhvcNAQELBQADggEBABkN1NH1xz7gXVOi1gVXm6gF/Xe2
qw/SANpht8cnNJM3zuR5yLoOsqjH6JpP9aZindA2Koa9VskT4GMvdRP5unSaPnUU
xyNxW2cHHo1uIQH61Ch+Ykxb2lmHGXf+zipDMvdoxy0GDp1dW2IP3VaJ3fUWB5T4
11FuWPkyVP+1bn+3oLbUxN2jhcjdj9CsOMl+ih/rJDuMk6/0Iot0nl8WZlDaoajI
3Y7zfwOo+qf1ohX5BKry71RLZXf24gqYTtChanuPOAWP7tZjbk4YUf9lAZY5YsAq
HQoSfnddqk+qkeCRoPntKq6pvNn6+4oCuBQVDZx1xn0LKT8W3C8CEmwmB30=
-----END CERTIFICATE-----