Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4393951a-48f6-4d5e-a6a1-c5a21955005d.roa
File:                     4393951a-48f6-4d5e-a6a1-c5a21955005d.roa (raw, json)
Hash identifier:          AxsF+pMSTF9LuB5ysOBMMgOZiVw8bMkeJzN8YzNlQ1Q=
Subject key identifier:   85:86:0D:00:46:53:05:90:03:91:53:5C:81:84:2A:CD:F0:2D:D8:8B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5EA3869B5DA7F4511789C3B4437DC86ED6195543
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4393951a-48f6-4d5e-a6a1-c5a21955005d.roa
Signing time:             Tue 29 Apr 2025 00:10:21 +0000
ROA not before:           Tue 29 Apr 2025 00:10:21 +0000
ROA not after:            Tue 03 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.42.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 06 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:a3:86:9b:5d:a7:f4:51:17:89:c3:b4:43:7d:c8:6e:d6:19:55:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 29 00:10:21 2025 GMT
            Not After : Jun  3 23:59:59 2025 GMT
        Subject: serialNumber=c17b644bfea672c46b00dc03107e7b184ec9c5db26ac0cbd18a320483ecd9259, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:48:d4:bb:36:f3:c3:c5:b1:55:0c:80:56:83:
                    be:39:ba:b2:5f:19:1b:18:dc:51:23:cc:28:8c:73:
                    a6:e7:49:49:88:45:ff:be:7c:15:39:96:ab:b5:fa:
                    5f:71:d3:4f:4e:d8:d0:f1:5d:8a:bc:1d:5f:cd:d6:
                    8d:cb:df:ae:3a:ba:90:b5:06:79:6d:7a:37:47:e0:
                    31:95:2c:82:9f:6d:f0:c7:f5:fe:7a:f1:b0:1d:e7:
                    0d:1a:4a:c1:b9:01:2b:61:58:e0:52:4e:2f:9d:b6:
                    2d:8f:43:e5:ec:7d:72:05:2f:62:22:85:f2:99:54:
                    c4:c8:47:01:af:fa:75:b6:a3:00:77:d6:ef:68:c1:
                    a9:8e:ad:be:43:75:3a:e7:db:68:3e:61:c5:80:06:
                    b9:cd:d7:82:5b:36:dd:70:b8:70:79:0b:4b:89:52:
                    3d:4e:dd:09:05:3b:c0:9f:53:87:b3:c8:b3:61:0d:
                    59:28:68:9e:b0:d4:c1:96:c6:4f:bf:2d:f6:0d:fd:
                    58:85:ba:82:6c:94:55:48:51:23:10:39:2c:03:f8:
                    dc:25:a0:cb:87:8e:ff:5a:1b:aa:12:cc:8e:53:8c:
                    be:9a:f5:c2:30:73:b2:ef:57:10:0c:86:9f:34:d6:
                    d4:3a:26:38:d0:27:b0:ba:16:8d:d7:d2:c8:cc:8c:
                    d9:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:86:0D:00:46:53:05:90:03:91:53:5C:81:84:2A:CD:F0:2D:D8:8B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4393951a-48f6-4d5e-a6a1-c5a21955005d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.42.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bc:72:bf:be:53:18:a5:e2:b4:1f:b4:6e:20:f9:80:ff:e3:bf:
         1d:1e:31:29:0f:d0:65:e3:0e:45:dc:8b:20:68:55:dc:27:e5:
         a9:68:12:46:77:18:ab:79:fd:4b:bd:d2:1a:ce:69:7f:ef:5e:
         db:95:47:de:44:49:53:de:2f:9e:30:b9:f4:ed:9b:c4:bc:8c:
         b0:3d:5a:e3:f0:80:7e:de:34:34:12:c1:e3:ce:4a:58:cb:9c:
         94:41:7e:76:b0:c1:86:11:d0:9c:80:40:b9:10:3d:54:b4:f6:
         23:d6:10:af:68:e5:9e:4c:3e:6b:be:c1:4d:58:70:56:01:b5:
         3e:7d:af:0f:f5:58:70:f9:7b:e3:7c:e8:3d:63:48:f0:4e:46:
         d2:62:4f:49:46:55:68:db:42:55:c8:65:17:57:12:de:5d:63:
         41:9a:3e:5d:32:6c:05:77:47:e1:d5:a0:cd:2f:85:94:da:fa:
         02:67:c7:93:39:77:00:c9:67:c2:41:1a:d4:dc:50:18:d7:7c:
         8d:ac:e7:9a:5d:34:5a:37:73:a2:77:fa:a5:8e:d2:8c:f0:a6:
         0c:86:18:83:8d:be:6d:95:59:4a:7f:54:12:db:e5:83:58:60:
         83:25:1d:d5:36:1c:c2:31:bb:41:73:79:98:a4:39:c6:68:52:
         7e:cf:c4:d7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXqOGm12n9FEXicO0Q33IbtYZVUMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI5MDAxMDIxWhcNMjUwNjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMTdiNjQ0YmZlYTY3MmM0NmIwMGRjMDMxMDdlN2IxODRl
YzljNWRiMjZhYzBjYmQxOGEzMjA0ODNlY2Q5MjU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDISNS7NvPDxbFVDIBWg745urJfGRsY3FEjzCiMc6bnSUmI
Rf++fBU5lqu1+l9x009O2NDxXYq8HV/N1o3L3646upC1BnltejdH4DGVLIKfbfDH
9f568bAd5w0aSsG5ASthWOBSTi+dti2PQ+XsfXIFL2IihfKZVMTIRwGv+nW2owB3
1u9owamOrb5DdTrn22g+YcWABrnN14JbNt1wuHB5C0uJUj1O3QkFO8CfU4ezyLNh
DVkoaJ6w1MGWxk+/LfYN/ViFuoJslFVIUSMQOSwD+NwloMuHjv9aG6oSzI5TjL6a
9cIwc7LvVxAMhp801tQ6JjjQJ7C6Fo3X0sjMjNlLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUhYYNAEZTBZADkVNcgYQqzfAt2IswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzOTM5NTFhLTQ4ZjYtNGQ1ZS1hNmExLWM1YTIxOTU1MDA1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjKjANBgkqhkiG9w0BAQsFAAOCAQEAvHK/vlMYpeK0H7RuIPmA/+O/HR4x
KQ/QZeMORdyLIGhV3CflqWgSRncYq3n9S73SGs5pf+9e25VH3kRJU94vnjC59O2b
xLyMsD1a4/CAft40NBLB485KWMuclEF+drDBhhHQnIBAuRA9VLT2I9YQr2jlnkw+
a77BTVhwVgG1Pn2vD/VYcPl743zoPWNI8E5G0mJPSUZVaNtCVchlF1cS3l1jQZo+
XTJsBXdH4dWgzS+FlNr6AmfHkzl3AMlnwkEa1NxQGNd8jaznml00Wjdzonf6pY7S
jPCmDIYYg42+bZVZSn9UEtvlg1hggyUd1TYcwjG7QXN5mKQ5xmhSfs/E1w==
-----END CERTIFICATE-----