Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2535cc4c-9ce6-4b14-afe6-357ae8cab4c5.roa
File:                     2535cc4c-9ce6-4b14-afe6-357ae8cab4c5.roa (raw, json)
Hash identifier:          Qr6QXjRoaU07z5RsuUnRTVPo6QExZ/YHRT12U/40+6U=
Subject key identifier:   F3:6D:29:1E:F5:19:0A:D1:7B:1A:42:6C:B3:03:1B:3F:0E:65:AC:6A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E4BB96D78EEDB17CE2EC6C1DA2C26EEDF98CC73
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2535cc4c-9ce6-4b14-afe6-357ae8cab4c5.roa
Signing time:             Wed 12 Feb 2025 00:00:00 +0000
ROA not before:           Wed 12 Feb 2025 00:00:00 +0000
ROA not after:            Wed 19 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.24.240.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:4b:b9:6d:78:ee:db:17:ce:2e:c6:c1:da:2c:26:ee:df:98:cc:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 12 00:00:00 2025 GMT
            Not After : Mar 19 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:0e:0f:07:6f:1c:08:96:02:76:d7:91:35:a2:
                    f8:1e:d5:34:8c:c5:5a:1d:71:af:2a:ee:cf:34:ad:
                    8a:7c:7f:51:31:4e:16:99:d1:23:b8:bf:f6:d8:a6:
                    b0:59:86:45:3e:22:ef:96:85:55:9c:f4:cf:e5:05:
                    2d:dc:a8:5c:07:b7:8d:b6:74:d2:05:b1:8f:69:1b:
                    fc:1e:8f:f2:49:66:4c:b8:c3:d8:26:ae:36:ab:a2:
                    32:27:3f:64:32:62:7e:cc:40:e3:f6:51:dc:da:b7:
                    c3:fa:0f:6f:18:7a:12:98:a9:29:cb:b2:74:f9:1a:
                    c2:ff:38:4a:67:ad:7b:22:7a:84:94:e7:bd:f9:31:
                    9a:8d:35:7c:25:05:50:97:60:2f:fe:b1:64:92:b2:
                    43:01:b5:36:1e:f0:d1:0a:25:aa:eb:6f:b1:66:0f:
                    eb:9a:a7:12:5a:ad:f6:4a:c5:e9:08:d6:1c:bf:0f:
                    60:8e:47:5c:47:76:a4:d2:76:48:ee:5b:95:e2:28:
                    b1:73:32:b3:d8:05:f5:11:64:2c:63:e2:6e:9c:9f:
                    2c:6c:19:57:82:b0:5e:18:83:7a:60:65:a8:bf:76:
                    86:dc:a0:0e:1c:26:f3:9d:d4:8f:c5:ba:8c:c2:10:
                    b7:e8:5e:1f:d8:9b:a9:5b:ce:db:31:d6:1c:85:32:
                    5e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:6D:29:1E:F5:19:0A:D1:7B:1A:42:6C:B3:03:1B:3F:0E:65:AC:6A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2535cc4c-9ce6-4b14-afe6-357ae8cab4c5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.24.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         36:ad:91:25:20:dc:73:fe:a3:ec:b1:90:c2:ef:21:99:72:a7:
         23:fa:fd:3b:e2:24:ad:33:bd:da:fd:9d:0b:1a:df:d2:32:3d:
         b0:7f:8c:d5:4a:4e:35:a5:2b:c0:e7:6c:1d:ce:c2:ad:cb:0a:
         bf:2d:d1:6f:d3:fd:da:30:04:7f:4f:44:76:37:56:36:ce:20:
         4a:1f:05:b3:10:9d:5e:b1:80:c6:f4:72:d8:80:c8:2a:83:26:
         95:4f:2f:c1:72:35:a4:09:70:33:28:da:cc:30:af:cf:e2:ce:
         be:81:9e:f1:d9:68:a4:1b:6f:b6:9d:9e:7a:ca:3e:30:b2:ee:
         e2:1a:5b:ea:d9:ae:ab:80:9e:0a:b2:09:dc:55:19:88:63:87:
         48:4e:d9:55:c9:84:98:f6:b1:9e:de:ce:ae:2e:9a:26:4a:4d:
         e3:b6:22:e1:18:26:be:e2:53:5b:cd:7a:e2:31:5f:16:f6:e1:
         ac:b2:bc:30:7e:7e:b4:79:74:9d:6d:1a:fc:e7:f1:85:f5:5b:
         15:04:77:65:01:1c:59:7a:ee:bb:66:90:6c:5e:f0:a4:40:c0:
         12:ed:fd:c4:9f:9f:ce:6b:cb:d7:1b:54:40:c0:52:b3:67:1c:
         c2:54:06:81:dd:38:ca:9a:fd:0f:ae:dd:0f:64:00:15:2d:9e:
         1f:e4:d3:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHku5bXju2xfOLsbB2iwm7t+YzHMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjEyMDAwMDAwWhcNMjUwMzE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMDc2NjQ1Mzc2NDdkN2JkMGUzYzAwZjkyN2FiNDM0MjY0
Y2QzNTY4Y2EyNjAzMzAwODc0MGIzMzcyMzE5YTE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPDg8HbxwIlgJ215E1ovge1TSMxVodca8q7s80rYp8f1Ex
ThaZ0SO4v/bYprBZhkU+Iu+WhVWc9M/lBS3cqFwHt422dNIFsY9pG/wej/JJZky4
w9gmrjarojInP2QyYn7MQOP2Udzat8P6D28YehKYqSnLsnT5GsL/OEpnrXsieoSU
5735MZqNNXwlBVCXYC/+sWSSskMBtTYe8NEKJarrb7FmD+uapxJarfZKxekI1hy/
D2COR1xHdqTSdkjuW5XiKLFzMrPYBfURZCxj4m6cnyxsGVeCsF4Yg3pgZai/dobc
oA4cJvOd1I/FuozCELfoXh/Ym6lbztsx1hyFMl77AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU820pHvUZCtF7GkJsswMbPw5lrGowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI1MzVjYzRjLTljZTYtNGIxNC1hZmU2LTM1N2FlOGNhYjRjNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATYGPAwDQYJKoZIhvcNAQELBQADggEBADatkSUg3HP+o+yxkMLvIZlypyP6
/TviJK0zvdr9nQsa39IyPbB/jNVKTjWlK8DnbB3Owq3LCr8t0W/T/dowBH9PRHY3
VjbOIEofBbMQnV6xgMb0ctiAyCqDJpVPL8FyNaQJcDMo2swwr8/izr6BnvHZaKQb
b7adnnrKPjCy7uIaW+rZrquAngqyCdxVGYhjh0hO2VXJhJj2sZ7ezq4umiZKTeO2
IuEYJr7iU1vNeuIxXxb24ayyvDB+frR5dJ1tGvzn8YX1WxUEd2UBHFl67rtmkGxe
8KRAwBLt/cSfn85ry9cbVEDAUrNnHMJUBoHdOMqa/Q+u3Q9kABUtnh/k090=
-----END CERTIFICATE-----