Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/05e8d37c-5311-441c-8850-3573d172165c.roa
File:                     05e8d37c-5311-441c-8850-3573d172165c.roa (raw, json)
Hash identifier:          6K4Ffpr0qmYSAbux8uKgt3qGljNzeEwlHnIQcOeKirc=
Subject key identifier:   82:37:71:2E:9E:B1:74:3E:9D:A7:D6:1D:96:1C:CB:E6:A5:D1:C8:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       35592D4681D32F8F6B46ADE7E69EAAC04CE690F6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/05e8d37c-5311-441c-8850-3573d172165c.roa
Signing time:             Wed 18 Jun 2025 00:11:15 +0000
ROA not before:           Wed 18 Jun 2025 00:11:15 +0000
ROA not after:            Wed 23 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.182.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:59:2d:46:81:d3:2f:8f:6b:46:ad:e7:e6:9e:aa:c0:4c:e6:90:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 18 00:11:15 2025 GMT
            Not After : Jul 23 23:59:59 2025 GMT
        Subject: serialNumber=4529c124c206e6ac86b4f23a94b4b1851099f3c6645026a0e3f789a3e29cf4bb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:5f:d3:e6:10:32:7d:a1:5d:f4:cd:e0:ac:d4:
                    19:a6:dc:ed:1c:80:e3:58:bc:af:20:27:67:55:05:
                    8e:c0:fd:dc:c1:25:19:e7:83:c1:be:0d:01:82:8f:
                    3f:e7:3b:df:57:19:2a:88:02:80:0a:40:38:83:a6:
                    9f:de:22:1b:69:64:a5:55:ef:c6:c3:71:d7:18:aa:
                    8b:e0:cc:36:f1:6f:5f:bb:6b:4d:e6:c3:50:13:c5:
                    92:47:e8:87:3a:c9:02:32:22:38:ae:4e:67:a1:4c:
                    e9:f0:ee:d8:84:ec:31:90:e5:45:49:6c:a9:84:bb:
                    31:39:a3:aa:ac:1b:b4:50:75:42:7a:0c:e8:f5:b4:
                    7a:28:31:89:db:66:8d:1c:db:83:87:57:0d:8f:d8:
                    65:f1:e4:ca:86:84:5f:e3:41:29:cb:53:e6:03:0a:
                    f4:bb:92:d0:dc:b0:33:07:1d:8b:79:2c:67:4e:3e:
                    fe:a5:d5:5f:b3:36:f1:dc:de:42:5c:7d:a6:a3:e7:
                    0e:32:13:ce:c2:09:34:fc:42:e7:09:04:85:cc:4f:
                    86:6f:96:4d:fb:1c:32:f3:b2:43:19:c0:6a:57:e0:
                    d9:b4:23:d2:2d:31:8c:95:78:fe:27:14:0d:57:fb:
                    01:47:c1:e0:23:fd:98:51:96:59:43:0a:49:84:47:
                    89:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:37:71:2E:9E:B1:74:3E:9D:A7:D6:1D:96:1C:CB:E6:A5:D1:C8:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/05e8d37c-5311-441c-8850-3573d172165c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.182.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         60:d8:15:d3:39:7b:70:a7:ec:74:fe:be:f2:85:e8:7d:e1:3e:
         7c:72:87:d5:ef:a2:b1:68:47:1e:51:cf:e6:c5:e3:5e:e6:88:
         7f:e5:24:8c:f7:f8:6f:bd:c3:49:c9:f6:a8:e9:2a:fa:f3:1b:
         c1:1f:28:dc:84:e8:1b:e9:ff:1c:32:76:a3:1b:19:fc:11:8b:
         f1:1c:9d:09:e2:8b:cc:d2:31:36:63:24:07:96:ea:a8:59:3f:
         93:8e:e6:f0:7a:03:d9:70:1e:17:2e:e5:fc:af:a6:53:59:53:
         73:e6:7f:9a:97:c9:e3:3f:97:4f:9f:b9:4a:9f:1d:26:7e:d6:
         f7:1a:9a:46:d5:51:e6:70:e7:ef:c2:0b:c1:23:bc:d4:5d:4f:
         31:15:da:a6:68:c8:6f:e5:5e:00:6e:18:91:56:65:6c:fa:a3:
         a8:d6:8c:8c:4d:ce:ca:6c:f6:ee:e6:68:13:b5:8b:77:56:03:
         67:24:f2:80:03:2b:80:c5:48:86:37:04:62:b7:f3:be:6b:a5:
         00:33:f8:78:42:fa:50:02:bb:83:16:ec:e5:56:b9:08:69:ee:
         07:de:ad:36:51:91:be:64:11:d8:3e:a6:ac:44:78:bb:1b:cf:
         19:22:e6:9f:1e:1f:04:3c:80:a3:fe:9f:43:8c:b9:d2:da:57:
         6d:4a:e3:a6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNVktRoHTL49rRq3n5p6qwEzmkPYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE4MDAxMTE1WhcNMjUwNzIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTI5YzEyNGMyMDZlNmFjODZiNGYyM2E5NGI0YjE4NTEw
OTlmM2M2NjQ1MDI2YTBlM2Y3ODlhM2UyOWNmNGJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVX9PmEDJ9oV30zeCs1Bmm3O0cgONYvK8gJ2dVBY7A/dzB
JRnng8G+DQGCjz/nO99XGSqIAoAKQDiDpp/eIhtpZKVV78bDcdcYqovgzDbxb1+7
a03mw1ATxZJH6Ic6yQIyIjiuTmehTOnw7tiE7DGQ5UVJbKmEuzE5o6qsG7RQdUJ6
DOj1tHooMYnbZo0c24OHVw2P2GXx5MqGhF/jQSnLU+YDCvS7ktDcsDMHHYt5LGdO
Pv6l1V+zNvHc3kJcfaaj5w4yE87CCTT8QucJBIXMT4Zvlk37HDLzskMZwGpX4Nm0
I9ItMYyVeP4nFA1X+wFHweAj/ZhRlllDCkmER4mJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUgjdxLp6xdD6dp9YdlhzL5qXRyCUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA1ZThkMzdjLTUzMTEtNDQxYy04ODUwLTM1NzNkMTcyMTY1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAotjANBgkqhkiG9w0BAQsFAAOCAQEAYNgV0zl7cKfsdP6+8oXofeE+fHKH
1e+isWhHHlHP5sXjXuaIf+UkjPf4b73DScn2qOkq+vMbwR8o3IToG+n/HDJ2oxsZ
/BGL8RydCeKLzNIxNmMkB5bqqFk/k47m8HoD2XAeFy7l/K+mU1lTc+Z/mpfJ4z+X
T5+5Sp8dJn7W9xqaRtVR5nDn78ILwSO81F1PMRXapmjIb+VeAG4YkVZlbPqjqNaM
jE3Oymz27uZoE7WLd1YDZyTygAMrgMVIhjcEYrfzvmulADP4eEL6UAK7gxbs5Va5
CGnuB96tNlGRvmQR2D6mrER4uxvPGSLmnx4fBDyAo/6fQ4y50tpXbUrjpg==
-----END CERTIFICATE-----