Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f4b6e861-de0c-468e-95aa-1bf03a8e3400.roa
File:                     f4b6e861-de0c-468e-95aa-1bf03a8e3400.roa (raw, json)
Hash identifier:          Enq9cZ8tUvitxQbhq2nvb1Xp45DJaLRExPRJpEOLwY0=
Subject key identifier:   03:1A:F7:D1:FB:42:BB:80:53:B1:5C:5C:18:61:05:0B:84:5D:E8:0B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       28899F51BB2C8BAD3368777F18C0E554D66E37AC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f4b6e861-de0c-468e-95aa-1bf03a8e3400.roa
Signing time:             Sat 28 Jun 2025 00:21:04 +0000
ROA not before:           Sat 28 Jun 2025 00:21:04 +0000
ROA not after:            Sat 02 Aug 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        184.72.216.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 30 Jun 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:89:9f:51:bb:2c:8b:ad:33:68:77:7f:18:c0:e5:54:d6:6e:37:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jun 28 00:21:04 2025 GMT
            Not After : Aug  2 23:59:59 2025 GMT
        Subject: serialNumber=031da5dff757f8fed0a31e7a79245df4a6c1303f907e21a0c2b6bbdf1381b540, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:92:7a:58:61:45:dc:95:ca:d6:59:24:88:02:
                    1f:58:04:c7:f7:a0:1b:fb:66:52:8f:b0:28:a7:3f:
                    25:c5:ae:1b:53:ae:75:01:3d:ce:6f:94:e9:b6:ce:
                    81:41:74:60:28:20:14:ae:2d:ae:d5:a9:5b:e6:37:
                    b3:8b:c6:27:5e:34:79:69:60:3a:66:ef:1f:20:1d:
                    eb:06:2a:cd:a6:df:3d:9d:d3:c6:25:0f:74:d2:b6:
                    e9:48:71:e6:6a:e6:34:01:4f:f9:a7:06:5e:6f:13:
                    60:c0:15:1d:ec:27:c7:78:5f:56:66:cb:e8:26:d2:
                    76:0c:6d:73:80:c7:92:21:7e:1c:ae:ac:62:73:82:
                    0b:f3:24:2f:e7:5d:bc:c4:ef:13:75:bc:fb:ac:df:
                    86:e6:19:52:e8:f6:ee:80:ef:7f:4e:f5:6c:3c:4a:
                    04:95:cc:6f:c5:81:35:33:10:13:78:21:cb:d9:4c:
                    de:13:d2:de:e3:b0:9d:cf:bf:0b:34:c3:4a:48:3c:
                    20:15:b0:b1:7c:07:b1:26:49:0b:cc:8a:16:e9:94:
                    ee:6d:5a:1a:88:3c:c7:23:6f:d9:12:66:b6:7f:23:
                    a9:a7:3e:79:dd:a3:c8:bd:4b:6a:ea:83:b0:cd:7a:
                    eb:13:2d:e0:e6:83:51:82:0f:aa:79:d1:26:d6:2e:
                    5b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:1A:F7:D1:FB:42:BB:80:53:B1:5C:5C:18:61:05:0B:84:5D:E8:0B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f4b6e861-de0c-468e-95aa-1bf03a8e3400.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  184.72.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         14:68:52:55:b3:b9:56:c9:09:41:96:45:27:17:bf:70:1d:4c:
         a9:a8:e3:76:bc:d2:ee:cb:fd:77:2e:74:46:50:e9:70:d2:cf:
         87:da:fb:a7:67:99:c2:06:c3:4e:30:4a:78:89:e7:82:7c:73:
         02:ae:6c:03:b6:b7:33:54:6f:71:91:97:66:93:cc:f6:d5:37:
         7d:28:59:7d:ca:d0:d6:83:24:7d:45:cb:da:9c:4d:d7:e2:b7:
         de:e5:1a:ae:0c:51:b2:dc:af:50:ae:39:41:55:d7:ac:ad:20:
         84:49:06:29:17:cc:f3:1f:64:e0:0c:39:f2:e7:da:30:1c:43:
         92:74:5e:1b:b4:05:41:a9:8f:c0:36:1c:82:dd:db:3c:d3:7b:
         54:2d:11:20:1f:02:fa:6b:e9:63:c4:ed:6b:0a:cf:5a:39:4e:
         ae:0c:70:6d:7b:5c:43:60:e8:7b:9f:52:7f:d5:50:66:0e:80:
         e8:7a:18:47:97:53:43:a7:e2:de:55:74:a6:45:09:4f:31:c6:
         a0:f4:46:73:a6:a3:62:6a:86:a3:b0:a2:23:0c:f7:9d:39:34:
         a2:f6:71:5a:29:7c:f1:2b:24:e0:5e:63:b6:a6:0c:79:f9:cf:
         68:f4:54:cb:8b:49:67:32:14:f8:01:c4:48:a4:6e:9d:38:76:
         56:5e:cb:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKImfUbssi60zaHd/GMDlVNZuN6wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNjI4MDAyMTA0WhcNMjUwODAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMzFkYTVkZmY3NTdmOGZlZDBhMzFlN2E3OTI0NWRmNGE2
YzEzMDNmOTA3ZTIxYTBjMmI2YmJkZjEzODFiNTQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnknpYYUXclcrWWSSIAh9YBMf3oBv7ZlKPsCinPyXFrhtT
rnUBPc5vlOm2zoFBdGAoIBSuLa7VqVvmN7OLxideNHlpYDpm7x8gHesGKs2m3z2d
08YlD3TStulIceZq5jQBT/mnBl5vE2DAFR3sJ8d4X1Zmy+gm0nYMbXOAx5Ihfhyu
rGJzggvzJC/nXbzE7xN1vPus34bmGVLo9u6A739O9Ww8SgSVzG/FgTUzEBN4IcvZ
TN4T0t7jsJ3Pvws0w0pIPCAVsLF8B7EmSQvMihbplO5tWhqIPMcjb9kSZrZ/I6mn
Pnndo8i9S2rqg7DNeusTLeDmg1GCD6p50SbWLlu9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAxr30ftCu4BTsVxcGGEFC4Rd6AswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y0YjZlODYxLWRlMGMtNDY4ZS05NWFhLTFiZjAzYThlMzQwMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAO4SNgwDQYJKoZIhvcNAQELBQADggEBABRoUlWzuVbJCUGWRScXv3AdTKmo
43a80u7L/XcudEZQ6XDSz4fa+6dnmcIGw04wSniJ54J8cwKubAO2tzNUb3GRl2aT
zPbVN30oWX3K0NaDJH1Fy9qcTdfit97lGq4MUbLcr1CuOUFV16ytIIRJBikXzPMf
ZOAMOfLn2jAcQ5J0Xhu0BUGpj8A2HILd2zzTe1QtESAfAvpr6WPE7WsKz1o5Tq4M
cG17XENg6HufUn/VUGYOgOh6GEeXU0On4t5VdKZFCU8xxqD0RnOmo2JqhqOwoiMM
9505NKL2cVopfPErJOBeY7amDHn5z2j0VMuLSWcyFPgBxEikbp04dlZeyyI=
-----END CERTIFICATE-----