Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e44c10a9-b9d0-4cce-a282-c099d456f54b.roa
File:                     e44c10a9-b9d0-4cce-a282-c099d456f54b.roa (raw, json)
Hash identifier:          GreHXErNlly0ZytsmIOv0CrhQ0sIlklbapk60+FRvs0=
Subject key identifier:   E4:03:74:E8:6F:37:BC:70:93:D3:CE:5D:25:18:48:56:D8:80:40:05
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1D1E98B0D97252F148C42AB37A894260DC847DA7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e44c10a9-b9d0-4cce-a282-c099d456f54b.roa
Signing time:             Thu 22 May 2025 00:08:03 +0000
ROA not before:           Thu 22 May 2025 00:08:03 +0000
ROA not after:            Thu 26 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.157.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 02 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:1e:98:b0:d9:72:52:f1:48:c4:2a:b3:7a:89:42:60:dc:84:7d:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 22 00:08:03 2025 GMT
            Not After : Jun 26 23:59:59 2025 GMT
        Subject: serialNumber=363bf9028824896eace02120d16ed45dc75d36ce36a8be0d5b603ceec036fbe4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:e6:fd:43:7b:27:20:c8:40:53:cd:3c:44:8b:
                    81:9d:85:1e:9c:2f:50:d7:14:64:34:f8:96:16:e3:
                    93:82:f7:e4:95:34:11:72:97:f6:1f:62:be:2b:f0:
                    24:b0:aa:65:45:11:46:3b:1f:f2:16:6e:84:64:7d:
                    3f:17:36:4b:9f:ed:46:26:12:e4:57:6c:2a:06:00:
                    00:87:79:79:bb:f6:4c:4f:2d:d6:c7:5d:29:6f:57:
                    24:aa:11:b5:29:85:6d:38:e9:a2:32:ec:fc:2a:3e:
                    d1:00:ea:d4:68:0f:46:55:07:ee:63:a6:86:e6:27:
                    57:9e:86:fc:a0:e0:07:fc:72:68:d7:f8:19:3a:6c:
                    01:c2:0a:8c:90:e9:64:8a:3c:45:4f:c7:0c:88:b5:
                    36:78:8e:7b:d5:8d:45:a3:c8:10:8a:cb:88:c7:4c:
                    33:dd:29:86:63:da:d9:8c:0e:1a:b2:d3:28:e1:fb:
                    1b:64:40:17:dc:c8:ce:37:2b:5a:ec:70:6f:f9:f5:
                    75:f7:14:5d:31:dc:03:d3:10:fa:70:8d:1f:d0:5b:
                    3e:ad:b2:a3:aa:87:a0:0b:22:ef:f6:ea:86:6b:1a:
                    70:64:f9:51:05:5f:a8:e6:cd:ad:80:08:12:c4:0a:
                    93:6d:46:0f:8e:75:da:d3:41:ce:bc:7d:c5:cb:5d:
                    36:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:03:74:E8:6F:37:BC:70:93:D3:CE:5D:25:18:48:56:D8:80:40:05
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e44c10a9-b9d0-4cce-a282-c099d456f54b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.157.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:8c:d9:85:ec:0c:99:fe:a4:7b:8c:ce:d2:f4:05:83:53:29:
         80:26:48:94:31:81:17:24:21:0f:e7:25:05:66:a8:5c:23:68:
         60:e9:ab:c0:3b:17:7d:65:cf:a9:b0:7a:c7:41:40:b5:18:4a:
         de:e8:4c:21:49:75:b1:5e:33:5b:9e:a4:f6:15:88:2f:e8:74:
         19:35:bb:f9:7d:f2:32:00:61:4a:7f:32:ad:cb:1c:25:6e:e5:
         8e:5d:3d:fd:80:6d:88:eb:c4:e5:0b:18:f0:8d:fc:1f:48:19:
         8c:65:b8:14:68:78:ec:f8:55:40:1c:ed:9e:27:0c:e6:9a:d9:
         5b:97:ce:15:04:09:e2:b4:0e:0a:35:39:cf:96:8f:44:ca:89:
         2d:99:47:62:0a:cb:11:58:be:8a:f9:f2:53:ef:5e:15:6a:24:
         8a:b6:e2:58:44:0b:b6:7d:fd:16:f3:65:b8:01:5b:e1:8d:96:
         5b:e8:08:d2:d7:ba:1b:eb:90:cd:1c:22:89:44:ec:6f:2b:a0:
         9c:26:13:10:c1:b5:05:cc:fc:19:89:fc:61:72:ee:36:f2:0d:
         4b:a1:b0:92:e0:6d:23:cf:0d:a7:7f:97:99:0f:25:3d:be:81:
         e9:8c:b3:1b:7e:66:5b:4a:cf:e9:f6:3a:ef:5d:4b:30:bd:44:
         f4:17:dd:c9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHR6YsNlyUvFIxCqzeolCYNyEfacwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTIyMDAwODAzWhcNMjUwNjI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNjNiZjkwMjg4MjQ4OTZlYWNlMDIxMjBkMTZlZDQ1ZGM3
NWQzNmNlMzZhOGJlMGQ1YjYwM2NlZWMwMzZmYmU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD35v1DeycgyEBTzTxEi4GdhR6cL1DXFGQ0+JYW45OC9+SV
NBFyl/YfYr4r8CSwqmVFEUY7H/IWboRkfT8XNkuf7UYmEuRXbCoGAACHeXm79kxP
LdbHXSlvVySqEbUphW046aIy7PwqPtEA6tRoD0ZVB+5jpobmJ1eehvyg4Af8cmjX
+Bk6bAHCCoyQ6WSKPEVPxwyItTZ4jnvVjUWjyBCKy4jHTDPdKYZj2tmMDhqy0yjh
+xtkQBfcyM43K1rscG/59XX3FF0x3APTEPpwjR/QWz6tsqOqh6ALIu/26oZrGnBk
+VEFX6jmza2ACBLECpNtRg+OddrTQc68fcXLXTa3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5AN06G83vHCT085dJRhIVtiAQAUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U0NGMxMGE5LWI5ZDAtNGNjZS1hMjgyLWMwOTlkNDU2ZjU0Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADYnQswDQYJKoZIhvcNAQELBQADggEBANGM2YXsDJn+pHuMztL0BYNTKYAm
SJQxgRckIQ/nJQVmqFwjaGDpq8A7F31lz6mwesdBQLUYSt7oTCFJdbFeM1uepPYV
iC/odBk1u/l98jIAYUp/Mq3LHCVu5Y5dPf2AbYjrxOULGPCN/B9IGYxluBRoeOz4
VUAc7Z4nDOaa2VuXzhUECeK0Dgo1Oc+Wj0TKiS2ZR2IKyxFYvor58lPvXhVqJIq2
4lhEC7Z9/RbzZbgBW+GNllvoCNLXuhvrkM0cIolE7G8roJwmExDBtQXM/BmJ/GFy
7jbyDUuhsJLgbSPPDad/l5kPJT2+gemMsxt+ZltKz+n2Ou9dSzC9RPQX3ck=
-----END CERTIFICATE-----