Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c60dda9-8882-487b-951b-14baa9359e8e.roa
File:                     3c60dda9-8882-487b-951b-14baa9359e8e.roa (raw, json)
Hash identifier:          Nzn4m3MhZzuY8D3+jLEV+uEW2shbJME82ABKcHJTEfs=
Subject key identifier:   20:6F:AC:06:16:C0:82:6E:23:9C:93:1A:CD:59:77:74:61:0C:F9:6D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       31C9E6CB88D3B090FEC292E4253850BD3B2F63F0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c60dda9-8882-487b-951b-14baa9359e8e.roa
Signing time:             Fri 18 Apr 2025 00:20:28 +0000
ROA not before:           Fri 18 Apr 2025 00:20:28 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        125.253.160.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 11 May 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:c9:e6:cb:88:d3:b0:90:fe:c2:92:e4:25:38:50:bd:3b:2f:63:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 18 00:20:28 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=800c5ec636b3a205f85a8b8425e1bc27b9697ab29197afafa1340684ab7a8cfa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:69:05:97:e8:88:6d:3c:f0:19:c8:d9:5f:88:
                    14:f2:af:62:4d:92:96:f5:7d:89:c4:c4:c0:78:68:
                    d0:10:99:f6:5d:4f:5d:dc:e6:5a:64:84:e4:34:18:
                    5c:15:34:02:af:26:91:16:1c:fc:8c:0a:f3:99:6d:
                    aa:b5:fd:1a:77:48:1f:d7:f8:41:a9:ec:a6:a0:56:
                    d2:92:dc:b8:36:a5:2c:c8:7a:1f:dd:6c:37:bc:84:
                    45:9e:02:1e:4c:f1:e9:e7:fc:68:e5:cd:77:56:29:
                    fd:b7:47:29:64:2f:37:78:b1:aa:23:ad:bc:a3:ad:
                    7e:2f:8b:44:93:db:75:e2:cd:3d:07:be:ff:92:c0:
                    33:2d:fa:82:f0:91:6a:15:dd:93:81:bc:67:44:a8:
                    57:24:ab:c8:c1:47:20:0c:a3:5d:cf:76:ec:70:dd:
                    e8:ac:f9:f8:ad:3b:97:92:5f:a8:00:cd:96:83:c4:
                    04:d7:c0:18:4a:68:e1:49:61:29:5b:83:db:57:4a:
                    21:36:47:61:5f:15:14:6d:9d:2b:fe:5c:1a:2a:f7:
                    9c:15:ab:c0:50:92:6d:dc:1b:7d:db:ef:72:e2:c5:
                    b7:33:88:e9:ed:ab:be:f3:cd:16:a0:b6:8e:07:6e:
                    fc:2b:33:36:81:aa:29:37:74:d5:17:f2:ad:83:14:
                    97:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:6F:AC:06:16:C0:82:6E:23:9C:93:1A:CD:59:77:74:61:0C:F9:6D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3c60dda9-8882-487b-951b-14baa9359e8e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  125.253.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a9:92:b4:cb:be:9a:d0:4d:a7:11:c4:a2:8e:c9:18:e8:e3:ab:
         a5:c6:26:35:d1:d6:63:2f:a2:14:56:4d:b0:f0:02:e9:70:0f:
         df:b8:43:8b:7b:2e:bb:5d:b0:bc:5d:89:1c:7d:04:12:14:72:
         1f:99:ec:f3:2d:81:21:a1:71:7b:bd:82:24:a0:84:8c:61:57:
         08:96:75:2f:56:96:f7:14:7a:36:9d:bc:a0:74:09:30:45:e3:
         a2:39:1a:8b:44:40:50:0b:cd:6d:c7:77:67:b8:fd:a2:d4:34:
         21:5c:54:9b:04:6b:3b:cf:6f:63:71:3c:71:59:84:d6:f7:68:
         06:a6:4a:57:f3:4d:b4:8a:fe:42:9b:8b:ca:13:30:14:bf:2f:
         df:64:19:34:9d:12:43:79:ee:be:7f:66:86:f0:d7:8a:0b:a9:
         d3:80:f5:ec:11:12:1b:2a:6d:be:5b:83:7c:81:5e:95:92:d7:
         e3:7f:ab:b1:ad:d1:37:98:f3:2e:fa:76:da:34:d1:5f:56:72:
         81:1a:84:76:5d:3e:49:63:ee:12:ac:b6:96:70:98:17:4b:5f:
         d2:16:15:aa:a3:97:1e:d9:4c:e6:9e:ad:63:24:cb:f0:50:24:
         de:12:9b:a7:42:66:ca:75:ee:52:b8:12:3b:85:29:87:75:14:
         72:5e:a6:d5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMcnmy4jTsJD+wpLkJThQvTsvY/AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE4MDAyMDI4WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDBjNWVjNjM2YjNhMjA1Zjg1YThiODQyNWUxYmMyN2I5
Njk3YWIyOTE5N2FmYWZhMTM0MDY4NGFiN2E4Y2ZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4aQWX6IhtPPAZyNlfiBTyr2JNkpb1fYnExMB4aNAQmfZd
T13c5lpkhOQ0GFwVNAKvJpEWHPyMCvOZbaq1/Rp3SB/X+EGp7KagVtKS3Lg2pSzI
eh/dbDe8hEWeAh5M8enn/GjlzXdWKf23RylkLzd4saojrbyjrX4vi0ST23XizT0H
vv+SwDMt+oLwkWoV3ZOBvGdEqFckq8jBRyAMo13Pduxw3eis+fitO5eSX6gAzZaD
xATXwBhKaOFJYSlbg9tXSiE2R2FfFRRtnSv+XBoq95wVq8BQkm3cG33b73Lixbcz
iOntq77zzRagto4HbvwrMzaBqik3dNUX8q2DFJeDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIG+sBhbAgm4jnJMazVl3dGEM+W0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjNjBkZGE5LTg4ODItNDg3Yi05NTFiLTE0YmFhOTM1OWU4ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAV9/aAwDQYJKoZIhvcNAQELBQADggEBAKmStMu+mtBNpxHEoo7JGOjjq6XG
JjXR1mMvohRWTbDwAulwD9+4Q4t7LrtdsLxdiRx9BBIUch+Z7PMtgSGhcXu9giSg
hIxhVwiWdS9WlvcUejadvKB0CTBF46I5GotEQFALzW3Hd2e4/aLUNCFcVJsEazvP
b2NxPHFZhNb3aAamSlfzTbSK/kKbi8oTMBS/L99kGTSdEkN57r5/Zobw14oLqdOA
9ewREhsqbb5bg3yBXpWS1+N/q7Gt0TeY8y76dto00V9WcoEahHZdPklj7hKstpZw
mBdLX9IWFaqjlx7ZTOaerWMky/BQJN4Sm6dCZsp17lK4EjuFKYd1FHJeptU=
-----END CERTIFICATE-----