Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7c0cb74-fe99-4d60-a3ad-d4c299875974.roa
File:                     b7c0cb74-fe99-4d60-a3ad-d4c299875974.roa (raw, json)
Hash identifier:          RbHpNN7MbRYOjL2dx+EXnsWC6+jgIMTsdkQBND4m7CY=
Subject key identifier:   7D:E7:EF:A4:3D:E5:59:02:39:83:91:F1:49:1E:46:06:48:C7:DB:88
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       405BDFCDAEC038DA0D719EB800FE1C4E93CC45B3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7c0cb74-fe99-4d60-a3ad-d4c299875974.roa
Signing time:             Mon 28 Apr 2025 15:20:10 +0000
ROA not before:           Mon 28 Apr 2025 15:20:10 +0000
ROA not after:            Mon 02 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.130.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 12 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:5b:df:cd:ae:c0:38:da:0d:71:9e:b8:00:fe:1c:4e:93:cc:45:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 28 15:20:10 2025 GMT
            Not After : Jun  2 23:59:59 2025 GMT
        Subject: serialNumber=e8cce6be1138a5aa34903c0a01bca840fdc9da751432e5bc377368df23ed2130, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ae:92:86:9d:85:00:3f:f2:ec:f0:02:f8:42:
                    65:38:11:d9:66:15:1b:09:f6:0e:45:4a:9e:28:c3:
                    c4:87:3e:87:67:87:ba:1c:1e:78:72:2a:29:6a:48:
                    11:cc:9e:2d:51:77:4b:8c:90:5b:b2:87:a4:46:8e:
                    0b:02:5b:76:76:c2:a2:41:65:20:f0:9e:23:86:5d:
                    38:56:35:ef:36:a4:5a:6d:5c:2f:48:de:42:68:a9:
                    3f:32:92:d7:c6:35:b6:64:19:83:54:ca:f2:d2:f5:
                    e6:1f:e3:df:4a:97:25:b5:d6:2b:a4:ab:27:ad:89:
                    4c:81:0b:5e:af:c2:5f:a2:ca:0f:10:df:c4:9a:75:
                    68:7a:65:b5:5c:3d:e0:3f:6d:5c:bf:86:bc:45:b0:
                    3b:45:94:21:84:76:b7:08:d7:e8:30:3d:9c:2b:e0:
                    cf:25:fe:68:89:85:ec:d0:88:54:09:0c:27:5e:a8:
                    79:8f:de:4b:97:24:e1:8c:9e:46:c3:ca:85:48:51:
                    f3:df:ec:c7:4f:3a:2c:9f:a1:15:f2:47:fb:89:de:
                    10:98:4f:f6:02:0e:6d:0f:cd:2d:8c:a4:e8:f6:65:
                    c0:07:a2:60:be:7c:5c:17:df:65:8d:b6:93:25:3e:
                    ca:5c:d1:3a:f3:74:d3:e0:30:de:e1:8a:e4:69:e2:
                    e4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:E7:EF:A4:3D:E5:59:02:39:83:91:F1:49:1E:46:06:48:C7:DB:88
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b7c0cb74-fe99-4d60-a3ad-d4c299875974.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.130.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:db:bd:bd:37:83:59:8c:78:6a:28:1e:04:20:8d:42:19:96:
         34:46:7b:4b:80:f3:22:15:b1:aa:3b:ab:37:73:f7:92:c2:16:
         03:75:b8:ed:f8:14:0b:7e:ae:0b:28:5d:d5:27:12:42:60:58:
         cc:dc:d6:dc:76:98:a0:a5:72:7d:ca:3c:0a:7b:b7:01:af:2e:
         c1:14:eb:22:b6:3e:43:04:8e:d8:ce:44:ae:8b:86:8e:10:df:
         68:f0:5a:00:46:3d:ca:a0:ed:9b:3d:a5:7e:26:22:47:43:66:
         ed:02:74:c6:8d:a5:d2:6d:fa:0c:08:c8:cd:b7:b8:6d:2f:c6:
         54:ff:e9:79:ec:16:cd:19:eb:96:50:6a:c3:39:3f:86:7d:42:
         5b:7d:6e:79:cb:7e:5e:5f:70:c0:88:bf:1a:da:a3:bb:a0:02:
         f4:35:37:6f:75:ed:e6:93:d6:88:c3:de:c9:9c:80:10:33:31:
         bb:34:f7:cd:51:f8:0b:24:db:06:99:1a:a0:f3:d6:73:13:7a:
         a3:71:02:f3:87:b4:94:df:96:f7:43:42:a8:30:07:c0:b5:42:
         fa:3c:30:70:cb:b8:e3:68:9c:5b:2d:00:24:ec:e6:52:23:1a:
         68:d5:89:24:d2:fa:22:f0:a2:64:e6:da:3a:2d:00:c9:88:0c:
         1c:b0:81:2a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQFvfza7AONoNcZ64AP4cTpPMRbMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI4MTUyMDEwWhcNMjUwNjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BlOGNjZTZiZTExMzhhNWFhMzQ5MDNjMGEwMWJjYTg0MGZk
YzlkYTc1MTQzMmU1YmMzNzczNjhkZjIzZWQyMTMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqrpKGnYUAP/Ls8AL4QmU4EdlmFRsJ9g5FSp4ow8SHPodn
h7ocHnhyKilqSBHMni1Rd0uMkFuyh6RGjgsCW3Z2wqJBZSDwniOGXThWNe82pFpt
XC9I3kJoqT8yktfGNbZkGYNUyvLS9eYf499KlyW11iukqyetiUyBC16vwl+iyg8Q
38SadWh6ZbVcPeA/bVy/hrxFsDtFlCGEdrcI1+gwPZwr4M8l/miJhezQiFQJDCde
qHmP3kuXJOGMnkbDyoVIUfPf7MdPOiyfoRXyR/uJ3hCYT/YCDm0PzS2MpOj2ZcAH
omC+fFwX32WNtpMlPspc0TrzdNPgMN7hiuRp4uQHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfefvpD3lWQI5g5HxSR5GBkjH24gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I3YzBjYjc0LWZlOTktNGQ2MC1hM2FkLWQ0YzI5OTg3NTk3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADMgsowDQYJKoZIhvcNAQELBQADggEBAL7bvb03g1mMeGooHgQgjUIZljRG
e0uA8yIVsao7qzdz95LCFgN1uO34FAt+rgsoXdUnEkJgWMzc1tx2mKClcn3KPAp7
twGvLsEU6yK2PkMEjtjORK6Lho4Q32jwWgBGPcqg7Zs9pX4mIkdDZu0CdMaNpdJt
+gwIyM23uG0vxlT/6XnsFs0Z65ZQasM5P4Z9Qlt9bnnLfl5fcMCIvxrao7ugAvQ1
N2917eaT1ojD3smcgBAzMbs0981R+Ask2waZGqDz1nMTeqNxAvOHtJTflvdDQqgw
B8C1Qvo8MHDLuONonFstACTs5lIjGmjViSTS+iLwomTm2jotAMmIDBywgSo=
-----END CERTIFICATE-----