Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99dc9481-27a7-4001-9969-6d870b60573b.roa
File:                     99dc9481-27a7-4001-9969-6d870b60573b.roa (raw, json)
Hash identifier:          W2h+GfaXJLNOIlcvFuEzadsDpEyjrRHNbCab6vv2hpI=
Subject key identifier:   EC:A6:99:9F:0B:EC:21:E1:99:B4:36:A8:8E:6C:DC:F7:5B:C2:54:7C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6A9FE2A219E3384129B999B8DAE99577316E35B2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99dc9481-27a7-4001-9969-6d870b60573b.roa
Signing time:             Tue 17 Jun 2025 00:10:22 +0000
ROA not before:           Tue 17 Jun 2025 00:10:22 +0000
ROA not after:            Tue 22 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        165.129.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Wed 02 Jul 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:9f:e2:a2:19:e3:38:41:29:b9:99:b8:da:e9:95:77:31:6e:35:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 17 00:10:22 2025 GMT
            Not After : Jul 22 23:59:59 2025 GMT
        Subject: serialNumber=dba4d91160794034d8afcef34de9d35254c2d8510f32f3a7ef0db898be05cde4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ac:12:f7:63:7a:36:a6:a2:aa:29:a4:0e:3b:
                    f8:a7:bf:81:d8:cb:b2:46:76:f8:12:33:84:34:2d:
                    de:3f:97:b0:b1:11:10:d3:24:8d:05:e3:a0:45:9f:
                    30:68:d9:f3:51:50:15:86:80:19:aa:a5:78:ed:7d:
                    56:f8:b7:36:70:c2:e9:62:bc:8a:dc:08:fd:53:43:
                    dd:15:8f:c7:0a:05:6a:e5:27:18:44:ee:09:c0:7f:
                    a1:c7:93:d7:b3:61:76:5c:0c:02:2d:76:24:cf:fe:
                    86:99:d8:07:c1:7c:14:9c:1f:80:fc:28:e2:61:3d:
                    80:03:64:28:02:54:ce:3c:cf:b2:ab:e1:56:76:4a:
                    7a:c5:f5:4e:7e:00:06:b1:97:33:06:98:ba:ef:ec:
                    a5:7e:13:76:80:52:67:3c:24:87:b7:e2:36:10:e9:
                    2b:0a:e7:d8:b5:aa:c0:da:77:58:2b:9d:d2:01:8f:
                    3b:8a:8b:9a:37:bc:db:65:a9:41:cc:2e:ce:3e:83:
                    d9:55:f5:44:e1:9d:a4:5c:70:48:2d:e7:b0:43:53:
                    c4:0a:b6:11:4a:62:cc:b3:38:2b:e3:1c:15:8a:e3:
                    57:09:ad:ea:a0:c9:d0:c9:0a:70:b0:ea:b1:5e:83:
                    db:af:5d:4f:e9:e6:77:09:61:af:38:4a:19:14:4c:
                    81:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:A6:99:9F:0B:EC:21:E1:99:B4:36:A8:8E:6C:DC:F7:5B:C2:54:7C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99dc9481-27a7-4001-9969-6d870b60573b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.129.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         42:9e:c8:af:5c:70:c3:b7:eb:50:c9:d5:54:24:8a:4c:6b:bd:
         72:65:0c:4c:15:d6:51:e1:cd:34:36:5a:ab:71:a1:70:82:da:
         37:a9:c3:59:ba:78:e9:0f:e3:74:9b:cb:3c:94:9a:d3:bd:91:
         a5:1c:b0:ae:a8:24:b0:f3:8f:44:b9:b8:f1:9a:34:27:a7:b0:
         b4:38:8d:c0:30:cc:52:b0:4d:73:3a:ae:2a:c3:c8:bb:0e:9e:
         32:04:7e:eb:60:89:c7:20:00:0a:31:f9:4d:84:4a:15:4e:a0:
         79:24:ad:c4:38:95:5b:9b:40:2e:50:0b:79:03:b8:80:c4:f8:
         86:9f:ca:a4:e4:45:85:86:72:74:12:ae:89:78:d3:0e:af:01:
         67:9e:7a:4c:2f:0a:94:82:f1:ae:54:43:56:8a:ff:62:a3:1a:
         bf:a1:bb:9a:c9:a5:63:15:b8:fe:62:e8:7d:f5:22:7b:38:ba:
         5a:5b:8a:fb:5d:c3:b9:e0:8b:03:23:d1:78:46:88:e4:b7:85:
         7b:71:52:84:fb:d9:1f:7f:0d:19:1b:09:71:c9:9a:00:61:fc:
         5b:9e:7e:ed:ac:af:ef:d3:bf:3c:db:3a:cc:9c:d1:6b:41:3a:
         a6:ff:fe:54:14:77:b1:c2:8e:45:fa:79:c1:6b:a8:90:a9:5b:
         9a:cc:ae:2b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUap/iohnjOEEpuZm42umVdzFuNbIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjE3MDAxMDIyWhcNMjUwNzIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYmE0ZDkxMTYwNzk0MDM0ZDhhZmNlZjM0ZGU5ZDM1MjU0
YzJkODUxMGYzMmYzYTdlZjBkYjg5OGJlMDVjZGU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3rBL3Y3o2pqKqKaQOO/inv4HYy7JGdvgSM4Q0Ld4/l7Cx
ERDTJI0F46BFnzBo2fNRUBWGgBmqpXjtfVb4tzZwwulivIrcCP1TQ90Vj8cKBWrl
JxhE7gnAf6HHk9ezYXZcDAItdiTP/oaZ2AfBfBScH4D8KOJhPYADZCgCVM48z7Kr
4VZ2SnrF9U5+AAaxlzMGmLrv7KV+E3aAUmc8JIe34jYQ6SsK59i1qsDad1grndIB
jzuKi5o3vNtlqUHMLs4+g9lV9UThnaRccEgt57BDU8QKthFKYsyzOCvjHBWK41cJ
reqgydDJCnCw6rFeg9uvXU/p5ncJYa84ShkUTIEzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7KaZnwvsIeGZtDaojmzc91vCVHwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk5ZGM5NDgxLTI3YTctNDAwMS05OTY5LTZkODcwYjYwNTczYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwClgTANBgkqhkiG9w0BAQsFAAOCAQEAQp7Ir1xww7frUMnVVCSKTGu9cmUM
TBXWUeHNNDZaq3GhcILaN6nDWbp46Q/jdJvLPJSa072RpRywrqgksPOPRLm48Zo0
J6ewtDiNwDDMUrBNczquKsPIuw6eMgR+62CJxyAACjH5TYRKFU6geSStxDiVW5tA
LlALeQO4gMT4hp/KpORFhYZydBKuiXjTDq8BZ556TC8KlILxrlRDVor/YqMav6G7
msmlYxW4/mLoffUiezi6WluK+13DueCLAyPReEaI5LeFe3FShPvZH38NGRsJccma
AGH8W55+7ayv79O/PNs6zJzRa0E6pv/+VBR3scKORfp5wWuokKlbmsyuKw==
-----END CERTIFICATE-----