Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c291b4f-86c8-4a6c-9072-9ef46069d3a8.roa
File:                     0c291b4f-86c8-4a6c-9072-9ef46069d3a8.roa (raw, json)
Hash identifier:          FIXCGudNW2smwrsCc0UXt95SMWsEhbqTVsQHr5lr6h0=
Subject key identifier:   D0:3D:20:2C:36:38:8A:D6:35:A0:92:38:7B:B8:73:EB:D0:90:B4:18
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       643164B629132DBD085055C4014EBB69F5CA9A7F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c291b4f-86c8-4a6c-9072-9ef46069d3a8.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:31:64:b6:29:13:2d:bd:08:50:55:c4:01:4e:bb:69:f5:ca:9a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ca:20:e5:cb:bc:73:b8:cb:f8:c2:0b:cc:ae:
                    62:0b:2f:b4:70:bf:60:9c:11:69:d1:82:95:4a:88:
                    98:3d:9d:ef:30:a6:a5:59:8d:4d:b6:f3:8e:28:bc:
                    06:fb:1d:70:2d:7a:05:50:0b:8c:44:11:5f:cc:4f:
                    5e:9e:90:2b:02:6c:07:0d:aa:80:ef:e7:3f:b7:d0:
                    a3:bc:0e:63:9f:15:bb:ca:6c:05:11:c7:91:60:91:
                    76:54:24:a8:cf:42:23:d7:84:ec:fe:ec:d9:5e:1f:
                    9a:22:de:ce:e3:0e:71:95:9a:b4:54:22:43:e6:0e:
                    de:63:6b:fe:53:2d:99:7b:19:1f:81:ef:fb:f1:23:
                    2a:76:a9:bd:3d:57:b6:6c:1d:83:42:b8:99:1f:60:
                    45:a0:76:14:91:97:ef:a3:43:dd:a8:c1:d3:f4:b0:
                    2d:dc:1d:ad:3c:b7:e5:a6:37:bc:c1:8d:22:c1:bb:
                    f0:6f:07:9d:0a:8f:2b:bd:f9:2b:c8:71:82:22:2d:
                    5f:80:52:e0:de:d6:7c:c5:69:09:d8:e4:74:91:b3:
                    3a:33:9d:e6:2c:94:c5:7c:f1:8b:8a:b0:39:95:7c:
                    57:cb:39:74:c3:3a:f1:6b:87:e9:91:68:70:ad:86:
                    9e:b3:10:bb:e6:36:d1:6a:ea:bd:66:34:14:dc:36:
                    45:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:3D:20:2C:36:38:8A:D6:35:A0:92:38:7B:B8:73:EB:D0:90:B4:18
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c291b4f-86c8-4a6c-9072-9ef46069d3a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:b9:1c:44:34:52:9d:c4:d6:26:11:6e:b9:5b:4e:cd:5b:f8:
         6f:64:f1:a0:2e:c9:cf:d1:db:21:89:ad:bf:46:3a:73:a5:a8:
         c5:f8:df:48:8f:c1:db:21:51:39:1b:a4:8a:15:ae:f0:03:62:
         a3:bd:51:4a:1a:cf:63:b5:2e:58:37:79:cc:74:d5:f2:d2:33:
         40:a3:6f:e6:ba:4a:45:f3:c6:9d:68:9f:32:03:5d:e8:23:e4:
         f2:4a:60:31:ec:b3:90:c2:22:a2:8c:1c:23:87:c8:d9:da:b7:
         08:a0:ff:22:d3:6c:5b:5a:8f:c9:ee:a4:be:a7:dd:5c:c8:64:
         31:08:7a:64:51:b3:15:1d:82:a2:6c:e2:73:42:ef:b0:ff:04:
         67:72:78:c5:3c:de:f5:03:a5:d4:b3:ca:40:1d:08:5e:dc:a5:
         7d:bd:fa:90:85:0d:b7:0b:67:9a:ce:30:29:73:80:8f:3d:a3:
         7e:0b:52:f2:7f:7d:33:d6:0b:2e:7f:d0:fe:fe:35:02:28:56:
         2d:ae:58:72:42:c6:0b:85:13:87:7c:4e:0c:5d:8d:ff:9d:4f:
         d2:8d:56:77:36:fd:25:a6:ac:23:56:fc:f7:7a:70:de:b3:2e:
         8c:85:a1:10:84:fe:cc:c9:a5:da:9c:a9:e3:4a:73:1b:8d:3d:
         a5:b1:bb:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZDFktikTLb0IUFXEAU67afXKmn8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiODZjOGRmZDc3MDQ3NTcyYjg2NjkwOTcwYzQzYTM3OTM0
YzUwNzUxZWQwZDZlNzBkZmVjYzg5MDNmMGEzMzc0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSyiDly7xzuMv4wgvMrmILL7Rwv2CcEWnRgpVKiJg9ne8w
pqVZjU22844ovAb7HXAtegVQC4xEEV/MT16ekCsCbAcNqoDv5z+30KO8DmOfFbvK
bAURx5FgkXZUJKjPQiPXhOz+7NleH5oi3s7jDnGVmrRUIkPmDt5ja/5TLZl7GR+B
7/vxIyp2qb09V7ZsHYNCuJkfYEWgdhSRl++jQ92owdP0sC3cHa08t+WmN7zBjSLB
u/BvB50Kjyu9+SvIcYIiLV+AUuDe1nzFaQnY5HSRszozneYslMV88YuKsDmVfFfL
OXTDOvFrh+mRaHCthp6zELvmNtFq6r1mNBTcNkXZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0D0gLDY4itY1oJI4e7hz69CQtBgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBjMjkxYjRmLTg2YzgtNGE2Yy05MDcyLTllZjQ2MDY5ZDNhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/EkwDQYJKoZIhvcNAQELBQADggEBAKm5HEQ0Up3E1iYRbrlbTs1b+G9k
8aAuyc/R2yGJrb9GOnOlqMX430iPwdshUTkbpIoVrvADYqO9UUoaz2O1Llg3ecx0
1fLSM0Cjb+a6SkXzxp1onzIDXegj5PJKYDHss5DCIqKMHCOHyNnatwig/yLTbFta
j8nupL6n3VzIZDEIemRRsxUdgqJs4nNC77D/BGdyeMU83vUDpdSzykAdCF7cpX29
+pCFDbcLZ5rOMClzgI89o34LUvJ/fTPWCy5/0P7+NQIoVi2uWHJCxguFE4d8Tgxd
jf+dT9KNVnc2/SWmrCNW/Pd6cN6zLoyFoRCE/szJpdqcqeNKcxuNPaWxu68=
-----END CERTIFICATE-----