Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59994030-fa77-46f8-8c5a-9301b2931210.roa
File:                     59994030-fa77-46f8-8c5a-9301b2931210.roa (raw, json)
Hash identifier:          XF7aY1V8BB1lKt4/UWBa0zq0OZKptXKg3hlwGU290bs=
Subject key identifier:   81:AB:C0:92:B9:D2:6E:8A:78:ED:56:AB:B6:E6:5D:D1:66:96:9C:5E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2910C721CD69EA0EFC52B3C69C67A85FF2757F3F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59994030-fa77-46f8-8c5a-9301b2931210.roa
Signing time:             Wed 02 Jul 2025 00:21:07 +0000
ROA not before:           Wed 02 Jul 2025 00:21:07 +0000
ROA not after:            Wed 06 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        185.7.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Fri 04 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:10:c7:21:cd:69:ea:0e:fc:52:b3:c6:9c:67:a8:5f:f2:75:7f:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  2 00:21:07 2025 GMT
            Not After : Aug  6 23:59:59 2025 GMT
        Subject: serialNumber=181973022bab65f8f5f68f5a229988bcefdee72a8bca25093e46ef4cca3de09b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:6a:03:a5:36:fb:e0:e4:de:19:70:10:ce:38:
                    fc:a2:36:ec:a2:45:89:31:b3:93:1f:9e:76:da:77:
                    b6:60:64:fd:92:39:d0:64:0a:63:1c:c9:e7:f1:6f:
                    1a:ec:19:36:fd:6f:63:6e:17:3b:0c:45:bc:ac:68:
                    dd:2e:1b:61:e7:d3:d1:01:b7:41:a2:49:98:c7:60:
                    41:2c:e0:5a:25:71:d3:82:54:d7:6a:ba:ea:50:e9:
                    9b:1b:d3:75:4e:cd:b0:89:67:db:bb:83:1f:82:d6:
                    c9:b8:61:3a:bc:31:f1:81:cf:e5:68:fb:25:a3:37:
                    da:2d:56:a1:56:63:33:a7:1b:b0:9e:d1:fb:a5:83:
                    c1:33:94:ae:a8:12:65:d9:51:fe:3e:52:65:aa:66:
                    1b:df:8b:ee:02:70:ee:7b:50:e9:ae:6d:f0:db:fd:
                    0e:db:02:18:bd:ec:95:81:fe:31:f8:c3:d0:ee:6f:
                    fc:a3:af:5e:de:ed:a9:61:1f:69:f6:0b:b8:88:07:
                    b6:b4:6e:61:19:99:f1:38:29:8a:ec:32:62:12:29:
                    20:ba:9f:21:9d:5d:40:ca:ab:aa:21:cb:d9:ce:db:
                    cd:3d:95:63:ce:a6:7c:3e:b5:db:c4:d4:38:3c:1d:
                    71:50:a2:c8:3d:43:0d:2a:9a:b9:4e:ea:d6:29:e0:
                    f9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:AB:C0:92:B9:D2:6E:8A:78:ED:56:AB:B6:E6:5D:D1:66:96:9C:5E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/59994030-fa77-46f8-8c5a-9301b2931210.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:a8:da:0d:60:7c:82:92:19:78:6b:74:a3:02:20:b3:b3:6b:
         d5:4c:3b:06:9a:54:78:13:e4:2f:1c:0a:79:dc:d8:10:60:3f:
         df:75:8d:e5:1e:c3:32:7c:a9:3c:14:e2:c5:7b:c5:04:52:49:
         8d:e0:01:e6:1c:35:2a:f8:ac:b9:97:9c:c4:66:0c:ac:25:13:
         13:f7:d0:82:09:c9:c2:dd:fd:a4:a0:42:45:77:39:1f:5b:56:
         e0:30:82:2f:d0:1c:e0:ac:b0:13:bb:01:e2:7b:3e:0d:cd:c7:
         5f:20:c7:3e:60:57:74:61:f3:77:d9:81:15:7c:50:07:cc:84:
         38:f0:2b:f4:29:26:a9:3d:25:eb:a1:7d:f6:31:c1:c5:9b:09:
         3e:3a:6d:dc:ec:17:c4:c9:03:51:32:7b:d4:4a:ce:ba:4d:e9:
         65:df:63:00:a5:3f:d8:34:07:f0:61:43:0a:07:32:11:98:c3:
         60:0f:4b:a8:28:ff:1c:8d:0d:36:90:90:e9:6e:50:98:76:4b:
         3e:73:c1:4d:f2:52:f9:27:8b:20:27:66:10:33:b1:69:ec:df:
         29:97:5b:d0:24:61:a6:6f:92:51:4a:3a:fc:2a:49:40:ef:8b:
         e3:1d:06:38:fe:a0:8f:40:27:f0:d4:27:59:7b:07:f4:13:8c:
         67:e0:a4:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKRDHIc1p6g78UrPGnGeoX/J1fz8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzAyMDAyMTA3WhcNMjUwODA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxODE5NzMwMjJiYWI2NWY4ZjVmNjhmNWEyMjk5ODhiY2Vm
ZGVlNzJhOGJjYTI1MDkzZTQ2ZWY0Y2NhM2RlMDliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBagOlNvvg5N4ZcBDOOPyiNuyiRYkxs5Mfnnbad7ZgZP2S
OdBkCmMcyefxbxrsGTb9b2NuFzsMRbysaN0uG2Hn09EBt0GiSZjHYEEs4FolcdOC
VNdquupQ6Zsb03VOzbCJZ9u7gx+C1sm4YTq8MfGBz+Vo+yWjN9otVqFWYzOnG7Ce
0fulg8EzlK6oEmXZUf4+UmWqZhvfi+4CcO57UOmubfDb/Q7bAhi97JWB/jH4w9Du
b/yjr17e7alhH2n2C7iIB7a0bmEZmfE4KYrsMmISKSC6nyGdXUDKq6ohy9nO2809
lWPOpnw+tdvE1Dg8HXFQosg9Qw0qmrlO6tYp4PlZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgavAkrnSbop47VartuZd0WaWnF4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5OTk0MDMwLWZhNzctNDZmOC04YzVhLTkzMDFiMjkzMTIxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAC5Bw4wDQYJKoZIhvcNAQELBQADggEBAISo2g1gfIKSGXhrdKMCILOza9VM
OwaaVHgT5C8cCnnc2BBgP991jeUewzJ8qTwU4sV7xQRSSY3gAeYcNSr4rLmXnMRm
DKwlExP30IIJycLd/aSgQkV3OR9bVuAwgi/QHOCssBO7AeJ7Pg3Nx18gxz5gV3Rh
83fZgRV8UAfMhDjwK/QpJqk9JeuhffYxwcWbCT46bdzsF8TJA1Eye9RKzrpN6WXf
YwClP9g0B/BhQwoHMhGYw2APS6go/xyNDTaQkOluUJh2Sz5zwU3yUvkniyAnZhAz
sWns3ymXW9AkYaZvklFKOvwqSUDvi+MdBjj+oI9AJ/DUJ1l7B/QTjGfgpCY=
-----END CERTIFICATE-----