Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a90b50e7-2729-47d9-b938-a8bafbfa8fdc.roa
File:                     a90b50e7-2729-47d9-b938-a8bafbfa8fdc.roa (raw, json)
Hash identifier:          I1YdsIF26lLvCN4WeRbYQA9c5gboVqIKvjvHvhW6jo4=
Subject key identifier:   AB:3E:97:6D:AA:23:D2:90:E5:FB:6A:98:E9:36:61:5D:07:6C:10:D2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       775F183F113C4012E5BDA9FBF37288CB21AF335A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a90b50e7-2729-47d9-b938-a8bafbfa8fdc.roa
Signing time:             Wed 12 Mar 2025 00:21:59 +0000
ROA not before:           Wed 12 Mar 2025 00:21:59 +0000
ROA not after:            Wed 16 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        173.83.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 06 Apr 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:5f:18:3f:11:3c:40:12:e5:bd:a9:fb:f3:72:88:cb:21:af:33:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 12 00:21:59 2025 GMT
            Not After : Apr 16 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:71:16:00:3d:0c:81:90:01:42:a1:9c:a2:66:
                    df:74:62:53:f5:d4:fd:8e:0f:8a:fc:6d:74:f5:41:
                    e8:1a:43:1a:ef:6b:f4:d6:f1:aa:2f:c1:07:50:38:
                    6b:0d:13:10:1d:80:9e:76:08:6f:ab:d9:d1:75:96:
                    5b:9e:99:1d:95:7d:30:a6:c6:d3:c5:89:40:df:9f:
                    5e:60:83:a6:78:68:b4:ce:10:74:bc:15:71:0e:9a:
                    02:23:f1:c4:4e:63:d9:d6:67:d1:3f:88:ea:92:3b:
                    0b:b9:e4:68:29:7d:35:ec:f8:95:de:d2:1d:13:8b:
                    ba:b3:00:ed:cf:bf:66:5e:24:03:98:54:a4:cf:46:
                    d7:eb:a0:6a:4b:c0:5a:49:16:28:c3:94:f0:81:e3:
                    55:6f:ed:23:91:61:9d:fb:4d:c4:d8:18:07:b2:cd:
                    94:e6:c0:10:dd:aa:eb:59:c0:fa:db:14:fd:f1:42:
                    57:b9:1b:0c:4d:89:ae:70:db:07:17:83:cb:d7:66:
                    74:f6:42:2d:93:74:2b:ae:fa:1f:7c:ae:7b:be:2e:
                    e2:ee:63:a7:e3:49:30:75:7e:bc:f5:aa:75:bc:ea:
                    f4:78:53:ef:c4:df:5a:95:ae:e6:3d:60:f8:cf:8d:
                    c0:1a:6c:0e:d9:a9:7b:3e:ea:e7:75:67:44:d6:20:
                    02:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:3E:97:6D:AA:23:D2:90:E5:FB:6A:98:E9:36:61:5D:07:6C:10:D2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a90b50e7-2729-47d9-b938-a8bafbfa8fdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.83.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:83:0f:1e:65:30:64:c2:45:64:66:40:c2:69:89:ff:51:2c:
         7c:39:27:25:03:60:5e:f1:7b:54:f9:61:92:06:88:0e:b5:e6:
         03:ac:d6:4b:17:a0:75:92:94:31:af:bf:25:c2:54:29:b9:69:
         71:d9:23:d3:97:84:e1:71:42:de:a8:6d:ca:b4:4b:00:2f:b1:
         fa:de:29:3a:65:55:02:ed:0c:ce:74:85:6d:14:fd:a7:67:56:
         e1:dd:6b:94:95:ba:c5:fc:c7:a0:71:60:b3:13:99:3c:12:5c:
         ca:73:54:2a:26:d6:c9:ce:4f:e5:ee:9b:e9:f7:6e:78:ad:1b:
         07:71:7c:d6:44:82:cf:4b:b3:50:61:95:3b:1f:de:be:03:95:
         fb:d9:f4:f9:8f:28:eb:41:c4:1a:d3:48:2e:70:13:18:fb:a4:
         19:2e:c5:19:a4:35:d7:40:56:4d:56:d1:96:cd:17:2d:d6:e7:
         10:ff:b4:b0:ef:6b:7e:ac:3e:c5:7e:52:7f:63:ca:7e:28:e3:
         da:43:99:08:54:46:23:d5:bf:0f:4b:bf:4b:08:79:f8:d8:20:
         c5:fd:bc:12:97:37:02:bb:ca:40:91:4d:f8:c7:aa:7c:fe:3d:
         ae:45:df:54:50:58:71:bf:1d:53:78:45:ef:a5:3e:65:9f:0d:
         af:c2:b3:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd18YPxE8QBLlvan783KIyyGvM1owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEyMDAyMTU5WhcNMjUwNDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYjVjYWYwN2NjNWNhZTUxNWYzOGY1MmMyYTc0YjhiYjA4
YWJjMGFhZjllOTQ0Zjc5MzcyNTllYjYwN2VjMGEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+cRYAPQyBkAFCoZyiZt90YlP11P2OD4r8bXT1QegaQxrv
a/TW8aovwQdQOGsNExAdgJ52CG+r2dF1lluemR2VfTCmxtPFiUDfn15gg6Z4aLTO
EHS8FXEOmgIj8cROY9nWZ9E/iOqSOwu55GgpfTXs+JXe0h0Ti7qzAO3Pv2ZeJAOY
VKTPRtfroGpLwFpJFijDlPCB41Vv7SORYZ37TcTYGAeyzZTmwBDdqutZwPrbFP3x
Qle5GwxNia5w2wcXg8vXZnT2Qi2TdCuu+h98rnu+LuLuY6fjSTB1frz1qnW86vR4
U+/E31qVruY9YPjPjcAabA7ZqXs+6ud1Z0TWIAJ7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqz6Xbaoj0pDl+2qY6TZhXQdsENIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E5MGI1MGU3LTI3MjktNDdkOS1iOTM4LWE4YmFmYmZhOGZkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKtU8gwDQYJKoZIhvcNAQELBQADggEBAHaDDx5lMGTCRWRmQMJpif9RLHw5
JyUDYF7xe1T5YZIGiA615gOs1ksXoHWSlDGvvyXCVCm5aXHZI9OXhOFxQt6obcq0
SwAvsfreKTplVQLtDM50hW0U/adnVuHda5SVusX8x6BxYLMTmTwSXMpzVCom1snO
T+Xum+n3bnitGwdxfNZEgs9Ls1BhlTsf3r4DlfvZ9PmPKOtBxBrTSC5wExj7pBku
xRmkNddAVk1W0ZbNFy3W5xD/tLDva36sPsV+Un9jyn4o49pDmQhURiPVvw9Lv0sI
efjYIMX9vBKXNwK7ykCRTfjHqnz+Pa5F31RQWHG/HVN4Re+lPmWfDa/Cs74=
-----END CERTIFICATE-----