Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dd78fb58-81b2-482f-a731-59203ab98f30.roa
File:                     dd78fb58-81b2-482f-a731-59203ab98f30.roa (raw, json)
Hash identifier:          T7U3Hg5eJBTVu0Eq7TNzup/wsToCZCSaTrlGxdW/Vag=
Subject key identifier:   72:EC:D6:7D:D4:DF:2A:B5:BF:06:22:60:4C:E5:1C:5F:54:F5:6F:77
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4CCFB31BA567BB4867F4D73BA915B53FC8D67943
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dd78fb58-81b2-482f-a731-59203ab98f30.roa
Signing time:             Tue 06 May 2025 00:11:30 +0000
ROA not before:           Tue 06 May 2025 00:11:30 +0000
ROA not after:            Tue 10 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 12 May 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:cf:b3:1b:a5:67:bb:48:67:f4:d7:3b:a9:15:b5:3f:c8:d6:79:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May  6 00:11:30 2025 GMT
            Not After : Jun 10 23:59:59 2025 GMT
        Subject: serialNumber=d157dbed46d0a35dfc38e97bd9b2b251ffc68a9cd141caaca1597a7447a32c58, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:84:c5:74:bd:67:59:87:dc:07:56:bc:39:b4:
                    e8:8d:f4:d5:d4:1f:98:e1:16:de:b4:2d:ec:43:66:
                    ba:78:0f:1e:2d:71:2a:f0:37:9b:e3:84:80:99:e2:
                    5a:67:89:32:60:4a:fb:b6:03:f4:40:e9:86:53:74:
                    38:dd:a2:d1:55:3b:31:b7:2e:85:36:a9:95:25:83:
                    1d:b2:19:84:af:a3:a4:e6:73:58:c6:c5:92:29:c0:
                    ee:3d:40:3a:94:1b:e0:ac:45:62:1b:8c:26:bb:36:
                    fe:e3:0a:c8:12:f7:05:4d:20:b8:f6:b6:79:a7:a9:
                    4c:a3:4e:61:ca:98:13:5c:26:09:57:b7:5b:d9:08:
                    59:d3:8f:d1:c0:b8:0f:4c:5c:f8:02:c6:90:a0:db:
                    68:67:18:c2:88:93:35:cc:aa:65:0b:0e:3d:14:27:
                    78:12:cf:a8:ad:9e:b7:ba:8d:aa:fe:38:1f:38:f1:
                    83:ac:d2:bd:7c:78:09:9d:9d:bf:e6:1f:cd:2b:f8:
                    27:fa:ff:c2:88:59:e5:81:e6:5a:71:d5:64:4c:cc:
                    20:39:f8:e3:21:36:32:5d:06:ff:6e:ee:95:20:60:
                    c7:6a:fb:85:92:db:64:2b:59:be:2a:9c:48:f9:56:
                    27:0e:3b:9c:8b:c0:57:bf:c9:96:57:f0:33:5f:80:
                    c6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:EC:D6:7D:D4:DF:2A:B5:BF:06:22:60:4C:E5:1C:5F:54:F5:6F:77
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dd78fb58-81b2-482f-a731-59203ab98f30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:7e:ff:ba:8f:49:74:59:77:07:1e:88:bc:c8:ad:60:a5:2f:
         4c:90:b1:40:e3:d4:92:41:70:a2:ae:3d:28:3e:72:36:f8:15:
         8a:12:0c:0a:94:2b:b0:00:cf:78:4e:a8:1e:42:03:19:f6:d5:
         37:89:1a:1b:b3:9e:a7:76:11:7b:a9:ae:5e:a3:86:03:f4:83:
         fc:71:ad:4f:2e:02:fa:15:8d:47:35:74:e0:e9:b4:57:14:7d:
         e6:85:6e:08:90:a8:12:33:7b:2b:1c:41:b2:54:f0:0d:ca:4b:
         38:df:fd:b0:bc:4b:f2:20:9d:b9:6d:59:b3:16:e8:64:49:52:
         34:8d:89:00:db:72:b7:c9:4d:80:e3:20:f8:35:a8:2d:4c:c9:
         29:e7:6a:36:65:91:02:df:88:87:d8:27:0e:9b:95:9f:ca:ae:
         75:d7:e4:71:79:a5:4d:6c:8c:dc:a3:a8:38:1c:7d:98:fc:78:
         22:cc:46:0b:32:2f:bb:c4:fe:bd:43:d3:27:7c:9e:51:ed:3e:
         08:ba:de:61:de:38:d5:c8:90:45:ef:5b:c2:71:8e:24:90:49:
         67:2d:23:95:88:73:cd:45:ab:a6:7c:93:2d:f6:ac:46:e8:24:
         a1:de:c2:1d:a5:8e:a2:6d:67:bd:5a:55:53:3c:f1:2e:a8:6a:
         d9:e7:48:e6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTM+zG6Vnu0hn9Nc7qRW1P8jWeUMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTA2MDAxMTMwWhcNMjUwNjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMTU3ZGJlZDQ2ZDBhMzVkZmMzOGU5N2JkOWIyYjI1MWZm
YzY4YTljZDE0MWNhYWNhMTU5N2E3NDQ3YTMyYzU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1hMV0vWdZh9wHVrw5tOiN9NXUH5jhFt60LexDZrp4Dx4t
cSrwN5vjhICZ4lpniTJgSvu2A/RA6YZTdDjdotFVOzG3LoU2qZUlgx2yGYSvo6Tm
c1jGxZIpwO49QDqUG+CsRWIbjCa7Nv7jCsgS9wVNILj2tnmnqUyjTmHKmBNcJglX
t1vZCFnTj9HAuA9MXPgCxpCg22hnGMKIkzXMqmULDj0UJ3gSz6itnre6jar+OB84
8YOs0r18eAmdnb/mH80r+Cf6/8KIWeWB5lpx1WRMzCA5+OMhNjJdBv9u7pUgYMdq
+4WS22QrWb4qnEj5VicOO5yLwFe/yZZX8DNfgMYLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcuzWfdTfKrW/BiJgTOUcX1T1b3cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RkNzhmYjU4LTgxYjItNDgyZi1hNzMxLTU5MjAzYWI5OGYzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjl7gwDQYJKoZIhvcNAQELBQADggEBABd+/7qPSXRZdwceiLzIrWClL0yQ
sUDj1JJBcKKuPSg+cjb4FYoSDAqUK7AAz3hOqB5CAxn21TeJGhuznqd2EXuprl6j
hgP0g/xxrU8uAvoVjUc1dODptFcUfeaFbgiQqBIzeyscQbJU8A3KSzjf/bC8S/Ig
nbltWbMW6GRJUjSNiQDbcrfJTYDjIPg1qC1MySnnajZlkQLfiIfYJw6blZ/KrnXX
5HF5pU1sjNyjqDgcfZj8eCLMRgsyL7vE/r1D0yd8nlHtPgi63mHeONXIkEXvW8Jx
jiSQSWctI5WIc81Fq6Z8ky32rEboJKHewh2ljqJtZ71aVVM88S6oatnnSOY=
-----END CERTIFICATE-----