Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fc5eba9-ba1e-4271-a295-a0083fa60075.roa
File:                     1fc5eba9-ba1e-4271-a295-a0083fa60075.roa (raw, json)
Hash identifier:          mnGnnggUC4I1QQnucHweiB7HeLjHRXHybVFoxkfACp8=
Subject key identifier:   16:E9:92:68:82:45:31:98:2C:29:21:D1:EE:04:12:CB:4E:D5:A7:59
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       74734FCD174281C3C3144DA7CE690F3CD5BD1B54
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fc5eba9-ba1e-4271-a295-a0083fa60075.roa
Signing time:             Mon 17 Feb 2025 15:10:08 +0000
ROA not before:           Mon 17 Feb 2025 15:10:08 +0000
ROA not after:            Mon 24 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        206.131.128.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:73:4f:cd:17:42:81:c3:c3:14:4d:a7:ce:69:0f:3c:d5:bd:1b:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 17 15:10:08 2025 GMT
            Not After : Mar 24 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:4e:3f:b4:d9:53:ab:50:ab:f7:75:38:a4:a7:
                    c3:24:bb:b3:7f:ba:cb:fb:4d:95:cd:05:87:9f:a9:
                    ee:64:a9:df:b2:cc:57:46:eb:e9:14:cd:af:9a:df:
                    1a:67:24:00:54:20:ae:f0:86:3d:8b:7e:b1:1a:a7:
                    e0:c8:ab:5e:0a:55:81:42:1d:95:6f:8d:83:a5:56:
                    95:94:48:4f:26:de:83:72:90:35:d7:20:d5:ba:0a:
                    ab:ba:ef:b8:d2:53:e4:f6:8a:5f:25:04:dc:7d:0a:
                    d3:91:d7:e1:1f:82:8f:81:cd:5c:f4:1e:07:f1:70:
                    71:9e:c2:e5:08:ba:ae:d4:fb:cf:f1:ff:04:65:e2:
                    24:86:3b:9c:19:21:bf:8b:65:f7:c1:44:f6:3b:af:
                    6f:6c:94:ea:d8:6e:bb:45:93:ff:70:e3:b7:93:82:
                    c8:62:04:06:cb:2a:79:2c:b9:f6:d3:86:30:04:a7:
                    e1:46:e5:03:0e:1b:1f:6b:7c:79:0d:80:00:0c:55:
                    de:57:c6:f3:73:b1:cc:22:bb:1a:33:ba:99:dc:93:
                    de:ee:01:0c:8d:a5:75:7c:b6:0f:45:48:91:3f:7e:
                    1a:d5:10:dc:e4:80:20:63:cf:25:68:b7:eb:1b:30:
                    53:ac:85:71:a9:65:46:2d:cc:63:93:c7:dc:e4:ce:
                    f9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:E9:92:68:82:45:31:98:2C:29:21:D1:EE:04:12:CB:4E:D5:A7:59
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fc5eba9-ba1e-4271-a295-a0083fa60075.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.131.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         55:59:b4:6a:89:cf:98:69:a3:70:eb:7a:0a:1e:36:6c:98:ce:
         ee:91:fd:b1:e3:4b:95:77:c7:8e:92:17:c3:c8:13:72:40:0e:
         00:bb:d3:28:eb:1f:42:04:e7:9b:9e:b3:83:27:2d:af:e9:cf:
         b0:1d:0c:f7:a7:82:f6:ae:ac:e3:e2:30:94:cf:13:8b:ec:3b:
         da:c9:8b:4b:51:75:d4:09:2c:25:4a:fe:d3:a6:0a:2e:58:ca:
         94:85:a6:00:5a:90:99:f5:67:c2:64:98:6b:4c:9d:87:fd:89:
         f9:b5:b1:59:7e:52:bd:fb:3a:98:8f:c8:cb:9d:cf:f3:d5:f4:
         ec:b8:f6:11:6e:c3:95:31:ff:f6:c6:c3:b8:9f:d7:ed:d0:44:
         08:40:af:93:67:7f:32:ad:7f:da:90:bf:87:e1:86:b9:33:28:
         a6:47:59:b1:7f:b0:fa:01:85:57:e3:14:fb:9b:c1:49:38:b9:
         9b:5e:1d:1b:e2:fb:b4:35:17:93:fe:eb:0d:99:ec:f6:87:49:
         41:57:df:b8:3e:a5:ef:3a:64:06:dc:fd:06:40:38:14:dd:d0:
         5c:d9:a3:53:fe:4b:44:85:1d:da:3e:65:b7:4d:3f:22:a9:7a:
         ca:4c:05:6d:11:50:ec:cb:e2:95:08:c0:63:ca:17:cf:c0:44:
         0f:b1:58:64
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdHNPzRdCgcPDFE2nzmkPPNW9G1QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjE3MTUxMDA4WhcNMjUwMzI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5N2ExY2QxNGE5YmViYmI4OTYyNGZjMmM2ZjVlZDdmNTJl
NGJhZDFjYjBkMjA4YmI4YjNkMWZkNjc2Nzc5MTg2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCMTj+02VOrUKv3dTikp8Mku7N/usv7TZXNBYefqe5kqd+y
zFdG6+kUza+a3xpnJABUIK7whj2LfrEap+DIq14KVYFCHZVvjYOlVpWUSE8m3oNy
kDXXINW6Cqu677jSU+T2il8lBNx9CtOR1+Efgo+BzVz0HgfxcHGewuUIuq7U+8/x
/wRl4iSGO5wZIb+LZffBRPY7r29slOrYbrtFk/9w47eTgshiBAbLKnksufbThjAE
p+FG5QMOGx9rfHkNgAAMVd5XxvNzscwiuxozupnck97uAQyNpXV8tg9FSJE/fhrV
ENzkgCBjzyVot+sbMFOshXGpZUYtzGOTx9zkzvk3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFumSaIJFMZgsKSHR7gQSy07Vp1kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmYzVlYmE5LWJhMWUtNDI3MS1hMjk1LWEwMDgzZmE2MDA3NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXOg4AwDQYJKoZIhvcNAQELBQADggEBAFVZtGqJz5hpo3DregoeNmyYzu6R
/bHjS5V3x46SF8PIE3JADgC70yjrH0IE55ues4MnLa/pz7AdDPengvaurOPiMJTP
E4vsO9rJi0tRddQJLCVK/tOmCi5YypSFpgBakJn1Z8JkmGtMnYf9ifm1sVl+Ur37
OpiPyMudz/PV9Oy49hFuw5Ux//bGw7if1+3QRAhAr5NnfzKtf9qQv4fhhrkzKKZH
WbF/sPoBhVfjFPubwUk4uZteHRvi+7Q1F5P+6w2Z7PaHSUFX37g+pe86ZAbc/QZA
OBTd0FzZo1P+S0SFHdo+ZbdNPyKpespMBW0RUOzL4pUIwGPKF8/ARA+xWGQ=
-----END CERTIFICATE-----