Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a65165a-7d2e-48ce-a1b5-ba82dcc89d14.roa
File:                     4a65165a-7d2e-48ce-a1b5-ba82dcc89d14.roa (raw, json)
Hash identifier:          f4WDPttXo8uNh2NG8SzSQBpaiBXlVW2ktJUU9LWKP9A=
Subject key identifier:   BE:C1:AC:40:AE:6C:87:39:FC:72:1D:76:50:74:5C:5C:43:B5:4E:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       44C168BC52FDBC33B7C75072653BC31122FDD2AC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a65165a-7d2e-48ce-a1b5-ba82dcc89d14.roa
Signing time:             Tue 29 Apr 2025 00:01:09 +0000
ROA not before:           Tue 29 Apr 2025 00:01:09 +0000
ROA not after:            Tue 03 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        202.174.144.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 12 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:c1:68:bc:52:fd:bc:33:b7:c7:50:72:65:3b:c3:11:22:fd:d2:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 29 00:01:09 2025 GMT
            Not After : Jun  3 23:59:59 2025 GMT
        Subject: serialNumber=ef55b1d180a7a8cdca5e7d8f7f8ccae1e2b315b2681ff5a0f6ca7dcf46e5b7b7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:fe:bf:53:5d:07:2d:db:68:6b:9f:9c:97:ac:
                    13:e3:42:66:a4:71:c6:38:57:08:1b:29:f2:b4:c6:
                    8d:0e:71:27:94:77:f6:ff:1e:23:1f:00:bb:cb:74:
                    12:6f:3a:9b:a9:f8:ef:d2:9d:c4:79:53:77:81:c2:
                    f8:e1:a1:cd:e6:1a:e8:f0:f4:8f:20:c4:ff:36:ac:
                    85:9c:46:e0:e1:32:25:03:82:1f:be:7c:9d:d1:34:
                    99:22:ff:6b:e3:83:b7:49:ec:b0:cc:b6:cd:ca:09:
                    de:b0:80:99:75:8e:55:4d:c9:ab:78:66:bd:3c:a8:
                    95:01:2b:be:8b:6e:12:94:31:3a:47:e7:a2:de:ef:
                    51:67:cd:90:91:9a:d5:ba:33:fd:f8:82:29:e5:bb:
                    5e:ef:0f:9c:65:1b:d2:4d:8b:fb:42:ea:e6:4b:38:
                    75:2d:0e:6b:d3:f9:ac:2c:ef:85:d0:dc:00:36:7b:
                    19:fb:bb:77:af:f2:02:0d:6d:35:f9:5c:cd:74:20:
                    52:31:45:3a:90:14:2b:27:7c:d5:e6:ba:38:44:14:
                    2d:0e:b4:fb:86:90:59:75:e2:30:86:d4:ac:db:b8:
                    09:96:21:45:da:bc:bc:f4:85:0a:fb:14:c2:98:75:
                    0c:b7:8a:7d:d8:ec:f7:a4:7b:b4:cf:c6:f2:d5:c7:
                    2f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:C1:AC:40:AE:6C:87:39:FC:72:1D:76:50:74:5C:5C:43:B5:4E:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a65165a-7d2e-48ce-a1b5-ba82dcc89d14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.174.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         56:21:4a:3d:ea:d4:c9:44:d6:58:39:35:30:c8:a6:69:34:eb:
         4c:1a:ec:06:41:f4:a8:95:ef:b1:57:91:c7:17:54:8b:fc:da:
         bb:b3:62:2c:c7:78:c4:a1:ee:f5:99:c6:44:00:1a:6e:a1:7c:
         11:a7:92:f1:1e:6f:26:cd:2b:78:41:27:98:90:3b:9e:a5:29:
         0d:ce:c4:40:4c:a6:ba:70:aa:48:18:f8:73:b0:4f:ed:9a:d8:
         84:a7:53:62:3b:86:e1:65:27:10:c8:a6:5e:6e:27:5f:42:de:
         30:9b:56:e5:ff:83:c4:a8:a2:86:e1:aa:a5:e1:9f:3c:cd:0b:
         35:29:94:6b:61:e6:33:77:c6:93:52:d1:30:ed:38:ba:6c:3a:
         da:ef:a6:cc:04:4f:1b:46:f6:8f:6c:64:15:b4:1b:1a:bb:f8:
         99:ca:c4:5e:e9:3b:d8:af:ee:fb:48:62:03:f2:1c:44:eb:e7:
         4e:1f:e9:fd:38:5c:26:78:48:52:ad:d5:58:fd:55:ac:66:7a:
         ac:11:1c:56:44:7d:14:38:01:dc:4b:fa:73:a0:d1:1a:e8:5b:
         a3:4a:a7:e2:93:cb:f7:01:b4:ea:cd:a5:2f:ca:c8:75:56:a7:
         0a:50:bb:2a:02:44:14:06:d1:81:99:0f:b9:27:60:31:33:eb:
         6d:f7:63:1b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURMFovFL9vDO3x1ByZTvDESL90qwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI5MDAwMTA5WhcNMjUwNjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZjU1YjFkMTgwYTdhOGNkY2E1ZTdkOGY3ZjhjY2FlMWUy
YjMxNWIyNjgxZmY1YTBmNmNhN2RjZjQ2ZTViN2I3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCh/r9TXQct22hrn5yXrBPjQmakccY4VwgbKfK0xo0OcSeU
d/b/HiMfALvLdBJvOpup+O/SncR5U3eBwvjhoc3mGujw9I8gxP82rIWcRuDhMiUD
gh++fJ3RNJki/2vjg7dJ7LDMts3KCd6wgJl1jlVNyat4Zr08qJUBK76LbhKUMTpH
56Le71FnzZCRmtW6M/34ginlu17vD5xlG9JNi/tC6uZLOHUtDmvT+aws74XQ3AA2
exn7u3ev8gINbTX5XM10IFIxRTqQFCsnfNXmujhEFC0OtPuGkFl14jCG1KzbuAmW
IUXavLz0hQr7FMKYdQy3in3Y7Peke7TPxvLVxy+pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvsGsQK5shzn8ch12UHRcXEO1TmkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRhNjUxNjVhLTdkMmUtNDhjZS1hMWI1LWJhODJkY2M4OWQxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPKrpAwDQYJKoZIhvcNAQELBQADggEBAFYhSj3q1MlE1lg5NTDIpmk060wa
7AZB9KiV77FXkccXVIv82ruzYizHeMSh7vWZxkQAGm6hfBGnkvEebybNK3hBJ5iQ
O56lKQ3OxEBMprpwqkgY+HOwT+2a2ISnU2I7huFlJxDIpl5uJ19C3jCbVuX/g8So
oobhqqXhnzzNCzUplGth5jN3xpNS0TDtOLpsOtrvpswETxtG9o9sZBW0Gxq7+JnK
xF7pO9iv7vtIYgPyHETr504f6f04XCZ4SFKt1Vj9VaxmeqwRHFZEfRQ4AdxL+nOg
0RroW6NKp+KTy/cBtOrNpS/KyHVWpwpQuyoCRBQG0YGZD7knYDEz6233Yxs=
-----END CERTIFICATE-----