Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28cf4189-648d-467b-9ef1-b6e9fa5ba3dd.roa
File:                     28cf4189-648d-467b-9ef1-b6e9fa5ba3dd.roa (raw, json)
Hash identifier:          E55TQ/IYuRYoUEzZeUGcvVN7yVSDdx81Pi51gjpD59A=
Subject key identifier:   1E:E8:44:CB:F2:CD:92:14:8C:58:41:6F:CD:AB:E9:84:5D:A8:7C:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       68F09054875DB37FDFF68903C0BB7227CF571854
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28cf4189-648d-467b-9ef1-b6e9fa5ba3dd.roa
Signing time:             Wed 12 Feb 2025 00:00:00 +0000
ROA not before:           Wed 12 Feb 2025 00:00:00 +0000
ROA not after:            Wed 19 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:f0:90:54:87:5d:b3:7f:df:f6:89:03:c0:bb:72:27:cf:57:18:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 12 00:00:00 2025 GMT
            Not After : Mar 19 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:bf:8c:c0:a8:3f:10:ef:08:15:c9:7f:bd:aa:
                    e0:d5:c7:3c:60:80:dd:bc:9f:17:4d:95:f4:41:1d:
                    5a:54:c3:ed:b0:69:71:76:44:ad:60:31:68:da:88:
                    64:ef:77:d7:17:44:7b:75:67:0a:f3:81:d2:63:08:
                    b7:5b:69:f9:58:22:86:40:9d:21:39:66:7a:49:06:
                    17:f0:d6:5e:0b:f1:6f:ee:c0:e0:af:3d:96:d1:5c:
                    b1:f9:43:a3:9b:40:d9:5c:e3:c5:c0:f6:cb:78:04:
                    f3:ca:72:ab:15:73:d1:62:de:73:f4:51:9c:a5:4a:
                    da:68:18:7c:a8:f9:6e:08:31:ec:86:b0:9a:07:e5:
                    69:c7:47:98:cb:7b:f2:89:73:69:e1:fa:64:9f:91:
                    97:6a:b4:8a:d6:23:64:09:50:a9:d8:2d:5a:25:a7:
                    bf:27:97:5f:00:33:04:3c:06:bb:99:74:b3:69:b6:
                    fd:f0:98:70:98:6c:f1:48:f9:34:70:07:72:49:00:
                    d2:98:c7:e7:4c:f2:43:84:21:d4:59:79:6d:52:b2:
                    82:3a:ce:95:e2:d6:bd:38:a2:79:96:03:e8:da:bd:
                    47:a1:51:eb:fe:97:84:79:6b:c7:66:8f:8e:9c:d1:
                    91:ae:6f:de:1a:1f:1b:a4:af:90:55:c1:8a:86:24:
                    d7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:E8:44:CB:F2:CD:92:14:8C:58:41:6F:CD:AB:E9:84:5D:A8:7C:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/28cf4189-648d-467b-9ef1-b6e9fa5ba3dd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:08:d3:de:69:0a:0d:d6:af:b6:58:42:99:4e:c9:c1:9d:ce:
         81:fc:44:52:61:f9:9e:12:cd:82:a0:52:d0:8d:a2:d2:c6:bd:
         51:7f:13:96:44:45:6e:aa:26:a3:55:49:33:ee:e1:c8:7d:dd:
         09:0f:83:65:14:b2:7f:70:03:97:60:2f:75:ed:87:2b:65:e4:
         f5:01:ac:92:29:49:28:64:4a:4c:c0:b2:76:9d:d2:f6:64:2d:
         c9:63:e9:c7:44:64:7f:65:1b:7d:92:df:cf:d7:34:4d:90:5b:
         4b:fd:41:78:09:b5:85:99:91:81:9d:1e:a7:c5:ab:23:fa:9b:
         0a:24:27:7b:b5:a2:92:02:ae:5b:3a:94:91:aa:10:c7:bd:2a:
         87:3f:fc:e9:52:17:5e:65:df:55:87:45:63:af:9b:9f:1c:df:
         7a:75:49:fe:b3:e6:a5:ca:08:37:b2:ee:1e:d5:0c:6b:31:10:
         c4:e1:ab:a1:94:09:81:54:32:06:9b:f2:04:3f:d2:b2:bd:9b:
         68:db:21:a3:03:78:06:f4:16:32:fc:f9:4e:e5:70:47:5d:e7:
         51:6d:42:19:20:05:59:d4:86:c9:b0:c8:51:cd:2a:de:c7:20:
         d9:df:0c:2e:7d:26:21:8b:24:e4:ee:21:26:23:d3:7e:3e:62:
         ae:20:aa:3c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaPCQVIdds3/f9okDwLtyJ89XGFQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjEyMDAwMDAwWhcNMjUwMzE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2Mzk4YjExNzYzYTliOTY4NzQ1Yzg1N2YzZGQ4NjZiMzlm
MzZlZTIzYTRlZDdkNzlhODMyOWMxYWJlYzQ5ZmM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIv4zAqD8Q7wgVyX+9quDVxzxggN28nxdNlfRBHVpUw+2w
aXF2RK1gMWjaiGTvd9cXRHt1ZwrzgdJjCLdbaflYIoZAnSE5ZnpJBhfw1l4L8W/u
wOCvPZbRXLH5Q6ObQNlc48XA9st4BPPKcqsVc9Fi3nP0UZylStpoGHyo+W4IMeyG
sJoH5WnHR5jLe/KJc2nh+mSfkZdqtIrWI2QJUKnYLVolp78nl18AMwQ8BruZdLNp
tv3wmHCYbPFI+TRwB3JJANKYx+dM8kOEIdRZeW1SsoI6zpXi1r04onmWA+javUeh
Uev+l4R5a8dmj46c0ZGub94aHxukr5BVwYqGJNcJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHuhEy/LNkhSMWEFvzavphF2ofH0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI4Y2Y0MTg5LTY0OGQtNDY3Yi05ZWYxLWI2ZTlmYTViYTNkZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjTZ4wDQYJKoZIhvcNAQELBQADggEBAIkI095pCg3Wr7ZYQplOycGdzoH8
RFJh+Z4SzYKgUtCNotLGvVF/E5ZERW6qJqNVSTPu4ch93QkPg2UUsn9wA5dgL3Xt
hytl5PUBrJIpSShkSkzAsnad0vZkLclj6cdEZH9lG32S38/XNE2QW0v9QXgJtYWZ
kYGdHqfFqyP6mwokJ3u1opICrls6lJGqEMe9Koc//OlSF15l31WHRWOvm58c33p1
Sf6z5qXKCDey7h7VDGsxEMThq6GUCYFUMgab8gQ/0rK9m2jbIaMDeAb0FjL8+U7l
cEdd51FtQhkgBVnUhsmwyFHNKt7HINnfDC59JiGLJOTuISYj034+Yq4gqjw=
-----END CERTIFICATE-----