Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aebec422-5453-4842-a3d0-552a331eb4af.roa
File:                     aebec422-5453-4842-a3d0-552a331eb4af.roa (raw, json)
Hash identifier:          3QYBXU/IMbPf7oAPn4tnDoS4HWu8yonitTxRPjSjDUc=
Subject key identifier:   96:21:07:E0:E9:1A:5D:A7:48:D2:F3:49:3E:7C:12:F6:E4:63:D3:36
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6CE66ED2E1AD6E3D939C49CF5541073E0C498FCA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aebec422-5453-4842-a3d0-552a331eb4af.roa
Signing time:             Wed 19 Mar 2025 00:10:15 +0000
ROA not before:           Wed 19 Mar 2025 00:10:15 +0000
ROA not after:            Wed 23 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 07 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:e6:6e:d2:e1:ad:6e:3d:93:9c:49:cf:55:41:07:3e:0c:49:8f:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 19 00:10:15 2025 GMT
            Not After : Apr 23 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e5:95:f1:e1:15:67:68:91:5c:e3:fc:d9:3f:
                    06:ad:2f:35:d1:af:8b:c4:0c:3c:53:bb:d6:fe:10:
                    ac:36:b6:e9:37:8e:97:c2:52:fd:65:b8:8b:82:75:
                    a2:ad:91:3d:15:d6:4f:89:76:22:c3:eb:ff:c4:c7:
                    c9:e7:ff:c1:7e:dc:3c:3d:64:a8:06:40:85:c4:a2:
                    ef:04:4f:50:fa:e2:05:da:ff:3c:55:63:b7:48:01:
                    fc:39:d9:6f:30:39:41:63:74:07:c5:d3:cb:71:7f:
                    3b:63:81:18:52:ef:2d:3a:c4:7b:8d:25:e3:ef:b3:
                    fc:96:e9:9d:d3:c9:9d:be:d9:b6:13:72:5a:ca:f0:
                    ae:a7:32:5b:a3:71:c4:9a:c1:ad:9a:20:b4:14:05:
                    8b:0d:b6:9c:65:47:d8:4b:f2:5b:fd:9a:ea:fc:83:
                    c9:5a:dc:b2:a2:7c:c5:46:63:50:81:89:88:3e:aa:
                    9a:92:bb:5a:cf:e1:37:2d:59:13:e7:a4:03:08:f2:
                    a8:f9:91:ed:64:1a:da:29:f3:86:ff:eb:1e:b9:9d:
                    59:e8:95:74:63:7f:1b:fa:8d:52:90:6d:aa:d0:8f:
                    58:64:96:34:26:bc:6d:5e:83:4b:35:a0:f2:25:a5:
                    5a:51:3a:02:be:c5:ff:d0:2f:12:62:23:a4:13:29:
                    fe:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:21:07:E0:E9:1A:5D:A7:48:D2:F3:49:3E:7C:12:F6:E4:63:D3:36
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aebec422-5453-4842-a3d0-552a331eb4af.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         9c:e4:bc:a3:fc:7f:58:f3:20:df:da:ac:71:80:b6:4d:e2:99:
         51:6e:d8:5d:39:ec:b8:8f:0e:02:a3:15:c4:48:00:a3:d1:24:
         1e:d6:e3:44:f4:90:66:b1:2d:28:1a:56:ae:42:cd:70:d4:87:
         e3:b4:d4:c9:58:d5:d7:02:b5:bc:ce:7d:29:70:95:ed:c9:38:
         c8:16:a3:e5:3e:a9:0c:79:1a:8f:4b:86:d3:c0:d8:e5:d8:68:
         1e:32:31:62:fa:f1:b0:2c:1b:76:8e:6c:15:f6:ca:f6:8c:4a:
         7d:0e:39:78:a6:08:3a:a9:11:43:4b:7c:ad:0e:58:c9:a5:38:
         1a:62:ca:33:e3:77:28:97:75:73:2b:36:f9:ac:e1:c7:4d:3b:
         51:90:b9:6c:25:5f:c3:3f:ab:17:52:f7:34:41:ae:61:14:d5:
         6d:c5:13:a7:cb:30:f4:9a:b1:bf:d9:a4:4a:d1:12:5f:95:05:
         49:ef:34:88:b1:ce:a0:cc:d6:a3:c6:82:b0:2a:91:e8:b4:10:
         cc:8d:86:a1:3f:df:84:e7:0a:1e:42:47:59:24:df:fd:29:08:
         71:fe:3b:39:f4:7e:37:62:52:88:50:84:3a:c8:32:30:1f:57:
         0f:05:26:65:31:97:b6:48:b6:5f:f4:62:6d:de:a5:59:60:7f:
         f3:52:0b:06
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbOZu0uGtbj2TnEnPVUEHPgxJj8owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE5MDAxMDE1WhcNMjUwNDIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzVjMTE1YWYxMjRlNDk0YTE3NzIzNWZlOTc5MDQyYTg4
NjY4ODFjODYyZDViYzE3MjM5YWU2YzE5YWJkMThjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDT5ZXx4RVnaJFc4/zZPwatLzXRr4vEDDxTu9b+EKw2tuk3
jpfCUv1luIuCdaKtkT0V1k+JdiLD6//Ex8nn/8F+3Dw9ZKgGQIXEou8ET1D64gXa
/zxVY7dIAfw52W8wOUFjdAfF08txfztjgRhS7y06xHuNJePvs/yW6Z3TyZ2+2bYT
clrK8K6nMlujccSawa2aILQUBYsNtpxlR9hL8lv9mur8g8la3LKifMVGY1CBiYg+
qpqSu1rP4TctWRPnpAMI8qj5ke1kGtop84b/6x65nVnolXRjfxv6jVKQbarQj1hk
ljQmvG1eg0s1oPIlpVpROgK+xf/QLxJiI6QTKf4xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUliEH4OkaXadI0vNJPnwS9uRj0zYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FlYmVjNDIyLTU0NTMtNDg0Mi1hM2QwLTU1MmEzMzFlYjRhZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeIEoAwDQYJKoZIhvcNAQELBQADggEBAJzkvKP8f1jzIN/arHGAtk3imVFu
2F057LiPDgKjFcRIAKPRJB7W40T0kGaxLSgaVq5CzXDUh+O01MlY1dcCtbzOfSlw
le3JOMgWo+U+qQx5Go9LhtPA2OXYaB4yMWL68bAsG3aObBX2yvaMSn0OOXimCDqp
EUNLfK0OWMmlOBpiyjPjdyiXdXMrNvms4cdNO1GQuWwlX8M/qxdS9zRBrmEU1W3F
E6fLMPSasb/ZpErREl+VBUnvNIixzqDM1qPGgrAqkei0EMyNhqE/34TnCh5CR1kk
3/0pCHH+Ozn0fjdiUohQhDrIMjAfVw8FJmUxl7ZItl/0Ym3epVlgf/NSCwY=
-----END CERTIFICATE-----