Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/001e886e-4c42-418b-aa55-744e88958540.roa
File:                     001e886e-4c42-418b-aa55-744e88958540.roa (raw, json)
Hash identifier:          HA1QNA1lIu8oiilFDf2kdHX3d1N01cnWkbmVyR0049Y=
Subject key identifier:   4A:21:37:6B:9A:0E:D5:3C:36:E2:D0:91:8D:90:8B:F8:33:4B:10:B2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7B22E4E109DC65CEF4A6CA48EBC63FBD5B16E0FC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/001e886e-4c42-418b-aa55-744e88958540.roa
Signing time:             Tue 06 May 2025 18:07:01 +0000
ROA not before:           Tue 06 May 2025 18:07:01 +0000
ROA not after:            Tue 10 Jun 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.39.96.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 13 May 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:22:e4:e1:09:dc:65:ce:f4:a6:ca:48:eb:c6:3f:bd:5b:16:e0:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May  6 18:07:01 2025 GMT
            Not After : Jun 10 23:59:59 2025 GMT
        Subject: serialNumber=c5f8b2783a6437f43ea7cab9753157d46d155fb3a3eb66c5615d03a8b98d5976, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e6:e2:f9:54:b6:1c:c4:a0:8e:c1:e4:5b:fe:
                    11:2d:bc:20:2a:4e:8a:e7:82:e8:37:8f:ca:8c:c8:
                    77:e7:5c:57:93:5c:d3:74:01:89:97:58:fb:2c:67:
                    3f:0e:c5:ec:b1:95:4c:5a:e9:c9:93:d5:56:49:06:
                    dd:95:42:6a:18:d9:2f:f4:0e:bf:4e:65:a0:ac:1d:
                    5e:20:81:e8:8b:b0:a2:47:bc:08:48:b9:dd:58:1f:
                    03:1e:8a:7d:6d:3e:97:b3:49:e5:fe:88:05:b5:3d:
                    a7:4b:80:a4:99:8d:e9:2c:ed:34:66:79:6c:cf:b8:
                    80:8c:11:a6:3d:c5:12:9c:56:9c:24:08:5e:63:24:
                    50:16:77:4d:57:20:98:5f:aa:e1:4c:e4:42:9d:f0:
                    47:41:14:1a:48:16:ee:fc:5f:3b:5a:f5:c6:a1:be:
                    bc:fd:02:54:41:1d:98:c2:6a:9f:19:8c:13:5f:80:
                    41:05:91:22:da:0d:0b:70:ae:04:89:81:8d:19:63:
                    df:a9:c6:f2:5d:e2:b8:8e:05:7a:38:fe:4a:57:d2:
                    60:a8:0b:36:46:6c:42:a5:36:cd:a8:6b:f7:fa:7b:
                    49:43:a8:19:54:81:08:81:c0:0c:f7:33:fa:90:c6:
                    64:d1:ed:83:3c:2a:70:a1:b5:3f:82:63:18:56:2e:
                    32:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:21:37:6B:9A:0E:D5:3C:36:E2:D0:91:8D:90:8B:F8:33:4B:10:B2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/001e886e-4c42-418b-aa55-744e88958540.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.39.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         46:18:5b:66:dd:2c:72:5a:28:fa:42:9c:31:a6:0e:9f:3b:9e:
         39:78:9a:a3:98:e4:f6:d8:25:66:bd:08:8a:dc:1c:51:f5:cb:
         5a:22:4a:1f:00:a5:5e:c9:26:43:aa:5a:df:01:50:2a:92:90:
         91:b6:0c:6a:96:ea:71:92:e0:ce:d4:98:74:bb:c8:e5:6e:89:
         f9:31:65:f3:88:52:c7:b5:bc:58:e3:77:1e:51:2e:87:9b:dc:
         8b:27:a9:5d:b5:25:00:59:30:d9:b4:9d:3c:9e:c9:4c:bb:9b:
         99:f4:3d:75:89:79:26:78:a6:16:e9:cd:65:60:9e:8c:32:88:
         34:db:4a:a1:e3:2a:4a:0d:c5:26:71:10:2d:b8:12:c7:32:28:
         a1:ce:e1:85:32:bc:2b:99:8c:cb:93:69:9a:4e:5e:29:13:59:
         bf:ba:a4:0c:82:de:66:15:a7:af:73:76:b4:f9:bd:37:96:74:
         51:ce:8f:ec:dd:05:37:81:ad:4b:ed:a5:c4:b2:31:9e:e9:f1:
         67:22:aa:17:c4:3d:91:89:77:db:63:ba:3c:c6:65:7f:0a:c3:
         53:0b:5b:61:84:2d:cd:3f:f7:df:2c:31:c6:bc:ba:1c:3c:bf:
         58:1b:ea:b6:03:72:8a:5d:d2:3e:93:9f:9a:d9:58:3a:f4:84:
         68:a2:39:11
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeyLk4QncZc70pspI68Y/vVsW4PwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTA2MTgwNzAxWhcNMjUwNjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNWY4YjI3ODNhNjQzN2Y0M2VhN2NhYjk3NTMxNTdkNDZk
MTU1ZmIzYTNlYjY2YzU2MTVkMDNhOGI5OGQ1OTc2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCv5uL5VLYcxKCOweRb/hEtvCAqTorngug3j8qMyHfnXFeT
XNN0AYmXWPssZz8OxeyxlUxa6cmT1VZJBt2VQmoY2S/0Dr9OZaCsHV4ggeiLsKJH
vAhIud1YHwMein1tPpezSeX+iAW1PadLgKSZjeks7TRmeWzPuICMEaY9xRKcVpwk
CF5jJFAWd01XIJhfquFM5EKd8EdBFBpIFu78Xzta9cahvrz9AlRBHZjCap8ZjBNf
gEEFkSLaDQtwrgSJgY0ZY9+pxvJd4riOBXo4/kpX0mCoCzZGbEKlNs2oa/f6e0lD
qBlUgQiBwAz3M/qQxmTR7YM8KnChtT+CYxhWLjKnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSiE3a5oO1Tw24tCRjZCL+DNLELIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAwMWU4ODZlLTRjNDItNDE4Yi1hYTU1LTc0NGU4ODk1ODU0MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUjJ2AwDQYJKoZIhvcNAQELBQADggEBAEYYW2bdLHJaKPpCnDGmDp87njl4
mqOY5PbYJWa9CIrcHFH1y1oiSh8ApV7JJkOqWt8BUCqSkJG2DGqW6nGS4M7UmHS7
yOVuifkxZfOIUse1vFjjdx5RLoeb3IsnqV21JQBZMNm0nTyeyUy7m5n0PXWJeSZ4
phbpzWVgnowyiDTbSqHjKkoNxSZxEC24EscyKKHO4YUyvCuZjMuTaZpOXikTWb+6
pAyC3mYVp69zdrT5vTeWdFHOj+zdBTeBrUvtpcSyMZ7p8WciqhfEPZGJd9tjujzG
ZX8Kw1MLW2GELc0/998sMca8uhw8v1gb6rYDcopd0j6Tn5rZWDr0hGiiORE=
-----END CERTIFICATE-----