Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28d33436-53d2-4ebd-bddc-4f8b317802ba.roa
File:                     28d33436-53d2-4ebd-bddc-4f8b317802ba.roa (raw, json)
Hash identifier:          ogSTizfk1xM9RX7l5hkbr3C2KTFzOuNLaOd+MY8dh8o=
Subject key identifier:   28:97:01:DC:EC:64:47:35:F3:55:8B:F9:01:AC:C8:92:4E:A4:E2:DB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       20DD7CFAEE42FD13F17B5D63F33553AD5F73242B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28d33436-53d2-4ebd-bddc-4f8b317802ba.roa
Signing time:             Wed 16 Apr 2025 00:11:00 +0000
ROA not before:           Wed 16 Apr 2025 00:11:00 +0000
ROA not after:            Wed 21 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.22.0.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 11 May 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:dd:7c:fa:ee:42:fd:13:f1:7b:5d:63:f3:35:53:ad:5f:73:24:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 16 00:11:00 2025 GMT
            Not After : May 21 23:59:59 2025 GMT
        Subject: serialNumber=f219fcb0cda0d23fa5f402c1d4d64853f84f7410075adb1f3e8d5db8152e43f4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:9b:ae:20:6e:f5:74:9a:8b:d1:d4:4d:c7:9a:
                    c0:fc:b2:60:a6:28:56:50:0a:65:f5:fd:0c:55:76:
                    e4:39:58:59:76:4b:97:a0:75:7b:0d:57:71:81:ef:
                    b4:56:66:60:72:d3:9c:55:78:0b:42:6c:44:b3:f5:
                    e5:2b:b6:68:1f:80:3d:ad:4a:a8:de:a6:e7:a2:a4:
                    84:26:45:57:60:3e:11:f2:8d:1c:e3:0a:54:58:3f:
                    10:40:0c:99:13:bf:fc:9e:93:64:b6:99:30:15:89:
                    dc:d6:62:03:d3:cd:70:08:e9:54:91:8a:5f:a7:34:
                    bb:fb:98:da:74:d5:e8:7e:4e:33:9f:1e:74:57:02:
                    32:b4:23:39:6f:e4:cd:de:fc:27:21:e6:a6:55:d2:
                    7b:29:ac:06:fa:c9:8d:a3:a0:2d:08:58:4d:af:6d:
                    69:cf:16:f7:04:4b:12:c9:c9:fd:6d:2d:bb:a2:c1:
                    84:b7:98:5b:49:e3:0c:6e:67:2d:c4:e8:f1:d4:7c:
                    d9:aa:6b:eb:ab:86:9c:94:4d:40:c1:dd:23:c1:7b:
                    68:06:26:2c:66:4d:8b:cc:22:cb:a3:35:48:c2:77:
                    f3:58:ca:8e:70:53:c0:dc:c4:bf:a4:48:cd:c2:e5:
                    c8:be:6e:2c:dd:da:78:f0:c7:b5:bc:73:c2:a3:c4:
                    54:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:97:01:DC:EC:64:47:35:F3:55:8B:F9:01:AC:C8:92:4E:A4:E2:DB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28d33436-53d2-4ebd-bddc-4f8b317802ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.22.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         c2:56:a3:df:b0:22:41:13:b0:d5:51:71:e2:fe:75:01:24:5a:
         48:13:3d:72:46:7b:22:7f:dd:3e:ee:c3:13:cf:35:f3:33:cb:
         fb:8c:d9:2f:e1:83:56:48:c3:41:c3:7b:e4:80:6f:db:6f:67:
         e2:8b:8d:04:2c:93:85:85:0d:0c:d9:db:15:9d:2d:91:ad:81:
         3b:26:07:d5:d4:22:40:3d:2d:41:6a:a7:2a:56:aa:12:d9:b1:
         4b:6f:93:aa:4e:fc:31:58:39:e1:17:29:13:65:50:01:66:a1:
         ec:59:a2:22:27:06:6a:b8:ee:d6:d7:83:79:e6:f6:e5:84:d6:
         88:81:15:b0:54:fe:dd:f6:c5:51:44:cc:6b:6c:39:81:c4:bf:
         de:09:30:f6:be:f8:08:be:55:30:f2:c0:84:a3:ff:c3:8c:f0:
         28:eb:12:1c:64:38:78:e8:45:28:60:cb:0a:62:58:20:b4:07:
         31:31:c6:7e:a8:fb:84:e2:fb:08:c9:97:a8:74:08:1e:3a:02:
         e2:da:ca:79:fb:19:fb:71:c7:4a:66:9d:f9:5c:9f:9d:65:ff:
         bc:47:c6:72:1a:9d:55:20:bf:54:65:bb:b3:64:c2:f3:0b:d1:
         25:59:85:f6:fb:c3:84:d2:a2:ef:98:a0:d8:96:45:a9:b3:c9:
         e1:cf:33:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIN18+u5C/RPxe11j8zVTrV9zJCswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE2MDAxMTAwWhcNMjUwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMjE5ZmNiMGNkYTBkMjNmYTVmNDAyYzFkNGQ2NDg1M2Y4
NGY3NDEwMDc1YWRiMWYzZThkNWRiODE1MmU0M2Y0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfm64gbvV0movR1E3HmsD8smCmKFZQCmX1/QxVduQ5WFl2
S5egdXsNV3GB77RWZmBy05xVeAtCbESz9eUrtmgfgD2tSqjepueipIQmRVdgPhHy
jRzjClRYPxBADJkTv/yek2S2mTAVidzWYgPTzXAI6VSRil+nNLv7mNp01eh+TjOf
HnRXAjK0Izlv5M3e/Cch5qZV0nsprAb6yY2joC0IWE2vbWnPFvcESxLJyf1tLbui
wYS3mFtJ4wxuZy3E6PHUfNmqa+urhpyUTUDB3SPBe2gGJixmTYvMIsujNUjCd/NY
yo5wU8DcxL+kSM3C5ci+bizd2njwx7W8c8KjxFSvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKJcB3OxkRzXzVYv5AazIkk6k4tswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI4ZDMzNDM2LTUzZDItNGViZC1iZGRjLTRmOGIzMTc4MDJiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdFFgAwDQYJKoZIhvcNAQELBQADggEBAMJWo9+wIkETsNVRceL+dQEkWkgT
PXJGeyJ/3T7uwxPPNfMzy/uM2S/hg1ZIw0HDe+SAb9tvZ+KLjQQsk4WFDQzZ2xWd
LZGtgTsmB9XUIkA9LUFqpypWqhLZsUtvk6pO/DFYOeEXKRNlUAFmoexZoiInBmq4
7tbXg3nm9uWE1oiBFbBU/t32xVFEzGtsOYHEv94JMPa++Ai+VTDywISj/8OM8Cjr
EhxkOHjoRShgywpiWCC0BzExxn6o+4Ti+wjJl6h0CB46AuLaynn7Gftxx0pmnflc
n51l/7xHxnIanVUgv1Rlu7NkwvML0SVZhfb7w4TSou+YoNiWRamzyeHPM0c=
-----END CERTIFICATE-----