Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c1e2604-6355-4061-8e4d-164d58041afe.roa
File:                     1c1e2604-6355-4061-8e4d-164d58041afe.roa (raw, json)
Hash identifier:          Zku3coA9rlngCKwOI/C6tgDArE9BBNnkP5zJ2drc6P8=
Subject key identifier:   EB:01:34:C1:3F:E9:31:9E:D6:02:E5:37:C4:ED:41:B1:EC:A3:22:46
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       559BA97344B3B1F58B2A049A741EC037B5073F02
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c1e2604-6355-4061-8e4d-164d58041afe.roa
Signing time:             Mon 17 Feb 2025 16:50:14 +0000
ROA not before:           Mon 17 Feb 2025 16:50:14 +0000
ROA not after:            Mon 24 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        66.219.64.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:9b:a9:73:44:b3:b1:f5:8b:2a:04:9a:74:1e:c0:37:b5:07:3f:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 17 16:50:14 2025 GMT
            Not After : Mar 24 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0e:5f:78:6c:b0:b8:86:01:12:88:58:ee:11:
                    be:4e:34:3b:c0:79:3f:94:0f:08:d6:3b:5b:95:e9:
                    21:35:28:76:99:e8:7a:1a:2c:f9:4c:5c:07:bc:f2:
                    f5:e5:1b:0f:22:10:92:23:4d:51:43:fa:f2:60:a1:
                    b9:a6:ee:02:46:c4:ef:26:6e:44:2b:56:34:ed:d0:
                    39:33:0d:fa:fc:78:34:f0:c1:32:10:fd:54:23:dd:
                    ca:c4:19:8a:6b:19:a6:f0:3d:ab:a1:8e:bd:64:78:
                    88:c2:54:ae:64:e4:ad:b0:72:87:55:37:52:8c:c3:
                    41:44:93:87:a5:a7:d2:4e:b6:95:be:47:60:62:b3:
                    43:f1:6d:98:2b:6e:08:0d:ac:55:18:4c:8a:48:b6:
                    df:1a:40:0a:64:5d:ec:7d:4f:ec:a2:7d:95:ad:c4:
                    bb:dd:e1:e4:a6:0c:20:59:c6:d6:e5:cc:c8:a0:1a:
                    41:bd:7a:21:18:dc:2c:5f:24:77:2d:54:42:ee:c7:
                    90:13:c5:2d:d5:06:29:a9:6e:8f:68:bc:6c:53:53:
                    70:03:7e:ea:d0:08:0f:6d:c0:64:90:26:26:c9:85:
                    d3:5f:b2:b3:8e:54:10:76:5d:92:25:be:4f:92:64:
                    3c:84:c2:c4:24:51:3b:60:d6:83:d3:f1:ce:6d:2c:
                    1f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:01:34:C1:3F:E9:31:9E:D6:02:E5:37:C4:ED:41:B1:EC:A3:22:46
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c1e2604-6355-4061-8e4d-164d58041afe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.219.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         3c:e9:d2:25:65:18:a4:db:e6:dc:4d:e3:01:8d:4b:be:5c:1d:
         79:ee:ea:9f:86:c7:43:db:b3:b0:3b:35:7f:6f:8f:4e:f7:88:
         90:11:51:dd:ef:db:67:c5:af:f5:d0:c2:92:78:e6:01:72:8b:
         8e:1f:de:f4:c3:b4:91:0c:90:d2:6a:6f:39:37:e1:96:c8:73:
         ba:df:c5:fe:93:ba:0f:dd:43:e7:99:16:dc:36:a1:19:a2:95:
         e2:30:8c:7f:c4:52:54:8b:0a:fa:ef:c7:2e:fd:de:1b:8c:42:
         86:49:0c:f6:53:bb:85:80:25:70:b7:d2:c2:48:3c:9c:ea:5d:
         86:81:5b:84:f2:28:4d:e7:80:93:b2:05:04:04:f5:75:fb:82:
         12:7e:9a:0f:b1:b1:b0:80:18:1a:a9:2c:d1:a7:0c:3e:16:8e:
         61:65:66:00:b3:ba:ca:bf:62:aa:e3:cc:55:cb:0e:68:ad:f1:
         f4:d8:5d:ab:7d:12:94:df:48:eb:c3:f4:1e:2c:2e:85:eb:9d:
         b6:e4:a1:78:0e:70:8c:ed:9e:48:b4:71:b6:1c:b9:08:78:97:
         cc:d0:e1:21:f8:89:c0:42:28:35:53:85:17:30:bd:ee:61:4a:
         4c:38:b2:7c:4e:bb:a5:12:8c:9f:14:f2:32:1a:b9:ed:88:34:
         65:29:ed:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVZupc0SzsfWLKgSadB7AN7UHPwIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjE3MTY1MDE0WhcNMjUwMzI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNzZhNjExNTI1NDllMDlkMjRjYjg4YWQ4MDE0Nzc3Mjc2
NTUzOTYyYzI2NGQ1NGY0NzAyMTY4NDNmOWRiYmNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyDl94bLC4hgESiFjuEb5ONDvAeT+UDwjWO1uV6SE1KHaZ
6HoaLPlMXAe88vXlGw8iEJIjTVFD+vJgobmm7gJGxO8mbkQrVjTt0DkzDfr8eDTw
wTIQ/VQj3crEGYprGabwPauhjr1keIjCVK5k5K2wcodVN1KMw0FEk4elp9JOtpW+
R2Bis0PxbZgrbggNrFUYTIpItt8aQApkXex9T+yifZWtxLvd4eSmDCBZxtblzMig
GkG9eiEY3CxfJHctVELux5ATxS3VBimpbo9ovGxTU3ADfurQCA9twGSQJibJhdNf
srOOVBB2XZIlvk+SZDyEwsQkUTtg1oPT8c5tLB+TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6wE0wT/pMZ7WAuU3xO1BseyjIkYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFjMWUyNjA0LTYzNTUtNDA2MS04ZTRkLTE2NGQ1ODA0MWFmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVC20AwDQYJKoZIhvcNAQELBQADggEBADzp0iVlGKTb5txN4wGNS75cHXnu
6p+Gx0Pbs7A7NX9vj073iJARUd3v22fFr/XQwpJ45gFyi44f3vTDtJEMkNJqbzk3
4ZbIc7rfxf6Tug/dQ+eZFtw2oRmileIwjH/EUlSLCvrvxy793huMQoZJDPZTu4WA
JXC30sJIPJzqXYaBW4TyKE3ngJOyBQQE9XX7ghJ+mg+xsbCAGBqpLNGnDD4WjmFl
ZgCzusq/YqrjzFXLDmit8fTYXat9EpTfSOvD9B4sLoXrnbbkoXgOcIztnki0cbYc
uQh4l8zQ4SH4icBCKDVThRcwve5hSkw4snxOu6USjJ8U8jIaue2INGUp7a8=
-----END CERTIFICATE-----