Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ee522d32-18fa-41ec-9fef-6162dfabf12f.roa
File:                     ee522d32-18fa-41ec-9fef-6162dfabf12f.roa (raw, json)
Hash identifier:          xR3tLXS7GY8A027o9OzzHPdth+phvegWfI9ZjMM5loA=
Subject key identifier:   5B:7B:81:71:15:BB:2B:0F:98:A5:36:E5:E5:6C:ED:0F:FD:C3:47:B5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0FC13AF7661CD3A9F181428947847FF9D16D1746
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ee522d32-18fa-41ec-9fef-6162dfabf12f.roa
Signing time:             Tue 29 Apr 2025 00:01:52 +0000
ROA not before:           Tue 29 Apr 2025 00:01:52 +0000
ROA not after:            Tue 03 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        203.88.92.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 11 May 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:c1:3a:f7:66:1c:d3:a9:f1:81:42:89:47:84:7f:f9:d1:6d:17:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 29 00:01:52 2025 GMT
            Not After : Jun  3 23:59:59 2025 GMT
        Subject: serialNumber=fa6d1675dd20f2dfb00a9223a114f6c557f9f678aa4b7c4892b4d0563f35f588, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:03:ec:e2:68:3f:b3:ec:18:7b:5f:c9:84:6f:
                    78:aa:8f:b5:23:76:d6:5e:57:21:84:db:12:21:7d:
                    38:ca:5d:db:d6:19:49:89:4c:a4:51:57:d0:be:e1:
                    f9:84:a0:c4:7f:77:35:8a:92:8a:ba:28:db:06:84:
                    87:10:b2:ef:d6:68:f0:7b:a8:3d:ca:d0:dd:e5:95:
                    7c:cc:78:92:69:5e:78:8f:eb:40:27:22:1b:9e:ed:
                    a4:bf:98:43:64:35:58:3f:5d:d1:a4:4a:54:a5:ac:
                    4b:b7:d1:f4:6b:28:be:b2:cc:d6:57:3d:b3:7f:b9:
                    70:ac:85:5e:ca:e2:c8:9e:71:d6:68:82:de:33:9f:
                    c8:90:2d:43:8c:a4:47:ae:32:31:67:09:7f:19:66:
                    c0:32:de:84:3a:a6:d4:dd:9b:a4:d9:73:71:50:af:
                    b6:f1:48:64:50:19:90:0c:be:c8:b9:20:25:6d:fe:
                    6f:ef:c0:31:8a:13:25:96:35:97:d9:ff:92:e5:6c:
                    23:b6:92:55:23:c5:f1:45:63:2a:17:d7:85:2e:b7:
                    ca:e7:e9:27:eb:92:fa:bb:53:d5:77:b6:6f:e7:18:
                    fb:08:b3:43:9f:5f:66:0e:be:1a:a8:c7:d4:c7:90:
                    66:d0:09:63:cf:b6:19:ca:c0:07:85:21:76:4e:6e:
                    c5:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:7B:81:71:15:BB:2B:0F:98:A5:36:E5:E5:6C:ED:0F:FD:C3:47:B5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ee522d32-18fa-41ec-9fef-6162dfabf12f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.88.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:b8:5e:54:3c:d6:7a:20:f9:30:7e:cc:11:59:6f:eb:84:ba:
         68:13:ff:30:1d:e1:dd:f1:aa:c8:74:70:b1:7f:71:a4:b9:41:
         6b:71:d5:e0:e8:b9:e0:14:ea:40:d6:7e:05:43:9d:3c:a1:79:
         cb:ae:54:41:cc:24:fb:0a:35:d3:5a:fe:15:c0:cc:e8:71:5b:
         83:6b:70:4b:ea:37:be:3a:15:7b:d1:40:3b:93:ab:cc:02:29:
         fa:a8:d5:26:a3:bd:e0:5e:90:c7:8e:19:63:00:15:c8:42:84:
         36:1a:f2:0e:69:27:77:d1:39:8f:ec:39:cc:b4:6c:ac:8a:45:
         33:b0:15:f3:50:ed:d6:26:01:ac:6c:50:0d:02:81:c0:62:45:
         a2:49:0c:b6:e7:8d:ff:d5:a2:8c:30:df:04:94:49:c5:c1:8b:
         70:16:ec:3f:a3:db:3c:3c:7f:a4:15:48:ba:6b:84:22:8a:36:
         42:4a:61:6c:0b:f7:f8:bb:2e:71:b7:0a:e1:ad:8c:d5:10:cf:
         71:e3:24:6e:22:c5:6b:43:83:a5:b6:0b:05:7b:17:4f:2c:aa:
         75:45:ef:5b:46:d1:77:4b:c5:41:7d:f6:8f:7b:f9:20:4a:51:
         6f:20:68:c1:0e:ce:5f:fe:f3:c6:40:0b:a5:36:a9:c2:58:58:
         7f:c5:62:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD8E692Yc06nxgUKJR4R/+dFtF0YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI5MDAwMTUyWhcNMjUwNjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYTZkMTY3NWRkMjBmMmRmYjAwYTkyMjNhMTE0ZjZjNTU3
ZjlmNjc4YWE0YjdjNDg5MmI0ZDA1NjNmMzVmNTg4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDwA+ziaD+z7Bh7X8mEb3iqj7UjdtZeVyGE2xIhfTjKXdvW
GUmJTKRRV9C+4fmEoMR/dzWKkoq6KNsGhIcQsu/WaPB7qD3K0N3llXzMeJJpXniP
60AnIhue7aS/mENkNVg/XdGkSlSlrEu30fRrKL6yzNZXPbN/uXCshV7K4siecdZo
gt4zn8iQLUOMpEeuMjFnCX8ZZsAy3oQ6ptTdm6TZc3FQr7bxSGRQGZAMvsi5ICVt
/m/vwDGKEyWWNZfZ/5LlbCO2klUjxfFFYyoX14Uut8rn6Sfrkvq7U9V3tm/nGPsI
s0OfX2YOvhqox9THkGbQCWPPthnKwAeFIXZObsUlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUW3uBcRW7Kw+YpTbl5WztD/3DR7UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VlNTIyZDMyLTE4ZmEtNDFlYy05ZmVmLTYxNjJkZmFiZjEyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHLWFwwDQYJKoZIhvcNAQELBQADggEBAB64XlQ81nog+TB+zBFZb+uEumgT
/zAd4d3xqsh0cLF/caS5QWtx1eDoueAU6kDWfgVDnTyhecuuVEHMJPsKNdNa/hXA
zOhxW4NrcEvqN746FXvRQDuTq8wCKfqo1SajveBekMeOGWMAFchChDYa8g5pJ3fR
OY/sOcy0bKyKRTOwFfNQ7dYmAaxsUA0CgcBiRaJJDLbnjf/Vooww3wSUScXBi3AW
7D+j2zw8f6QVSLprhCKKNkJKYWwL9/i7LnG3CuGtjNUQz3HjJG4ixWtDg6W2CwV7
F08sqnVF71tG0XdLxUF99o97+SBKUW8gaMEOzl/+88ZAC6U2qcJYWH/FYh4=
-----END CERTIFICATE-----