Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bf6a79d-e7fb-4b23-b878-c49ed99191e3.roa
File:                     2bf6a79d-e7fb-4b23-b878-c49ed99191e3.roa (raw, json)
Hash identifier:          9gPdZDDpHvyNWdDgTivCPurOESwtzYlqyRP89l7Pq7M=
Subject key identifier:   6B:68:B1:C9:AA:B9:99:75:D0:BF:0F:67:B5:73:B8:17:53:11:29:85
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       273426CEF668E4D82308414A345EF422B6A105F6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bf6a79d-e7fb-4b23-b878-c49ed99191e3.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:34:26:ce:f6:68:e4:d8:23:08:41:4a:34:5e:f4:22:b6:a1:05:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:28:4c:9b:0e:45:8e:e3:05:79:90:7c:59:fb:
                    06:00:94:ea:a2:19:38:47:fb:b2:6c:3c:80:b3:e0:
                    d7:c3:67:72:5f:00:f2:2a:d1:ad:d3:38:9b:5f:49:
                    b9:8d:d7:55:af:dc:1e:b9:9d:a1:e9:8b:71:66:1f:
                    a8:e9:02:81:e3:bf:a9:c9:38:60:c6:5b:56:00:c2:
                    a4:a6:19:b8:d4:5d:98:58:f0:2b:41:de:1c:d7:1e:
                    8e:c9:7f:83:79:1f:59:5f:f6:44:40:14:16:ec:2c:
                    e5:4e:5f:6c:1c:6b:15:e8:65:db:94:e0:a6:9b:32:
                    0c:a7:09:a1:04:11:08:e3:f6:59:bc:e3:e6:00:ef:
                    c8:23:9c:16:e0:f7:83:c1:9c:75:85:44:66:aa:6f:
                    29:c9:78:0e:4c:c0:25:d2:b7:51:d4:ea:16:2d:e2:
                    9e:51:48:e6:6f:2f:97:d0:b9:fa:18:75:51:bf:bc:
                    66:8d:02:12:bd:c5:da:14:db:11:24:25:b2:20:fb:
                    d2:b9:bf:a1:c7:eb:7b:4b:e1:5f:70:10:b4:48:92:
                    fc:df:7e:03:50:5d:87:10:d1:d8:6b:82:13:1e:c2:
                    da:c8:d0:4d:f7:7b:df:d5:a2:1d:6b:fb:44:6c:69:
                    36:1c:15:48:f1:2a:ea:40:08:46:42:4e:ca:bb:be:
                    3f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:68:B1:C9:AA:B9:99:75:D0:BF:0F:67:B5:73:B8:17:53:11:29:85
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bf6a79d-e7fb-4b23-b878-c49ed99191e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:85:2f:d7:c1:71:c5:9d:c8:c3:e2:3a:7a:e7:01:7f:a9:96:
         a3:a3:e3:91:b6:81:2f:e9:1c:29:1f:78:1a:2e:ac:a4:64:54:
         56:eb:e4:6f:13:ab:9b:a9:04:35:cf:ff:06:39:6d:5d:f8:99:
         b6:a7:be:e4:3e:2e:92:44:75:2a:ae:35:d3:00:fc:c1:8b:e1:
         59:62:2e:0b:25:60:9d:b7:54:fb:bf:6d:2d:7c:57:35:dc:7b:
         8e:31:bd:dd:eb:3c:e9:06:a3:75:00:e8:78:fa:90:84:d8:70:
         a3:8b:63:f7:a8:53:0f:4e:e0:5e:93:00:38:7c:e2:fa:07:6f:
         e5:59:b8:0c:88:d0:c7:7a:9c:f9:7d:d9:49:79:29:c0:7d:79:
         92:46:01:d8:db:13:f7:77:d4:d3:a2:ba:3b:2c:b8:ec:68:37:
         44:3e:76:4c:fd:63:b1:4b:cc:b5:32:d3:05:1c:c8:9c:5d:29:
         9d:e0:58:cd:95:4c:e0:0d:b3:1e:9c:68:90:f2:a3:5a:e3:cf:
         3a:94:de:b2:7d:de:f2:d2:87:a8:c2:4b:43:9e:ad:2f:b0:4a:
         06:3d:b3:bd:2f:36:e1:bf:fb:b5:5d:fb:88:2b:44:60:15:60:
         fe:3d:34:f6:cb:d4:5a:73:0a:8e:51:2b:73:83:8c:94:19:8f:
         1d:d6:9e:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJzQmzvZo5NgjCEFKNF70IrahBfYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNTIxOTRhMDM5OWVkMDU2ZWE5MmFmMDA5MDUxY2IzYzFl
NjI2NWFjMTM5M2VhMWNlZTY0ZmI4ZTQ1M2VjNmE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpKEybDkWO4wV5kHxZ+wYAlOqiGThH+7JsPICz4NfDZ3Jf
APIq0a3TOJtfSbmN11Wv3B65naHpi3FmH6jpAoHjv6nJOGDGW1YAwqSmGbjUXZhY
8CtB3hzXHo7Jf4N5H1lf9kRAFBbsLOVOX2wcaxXoZduU4KabMgynCaEEEQjj9lm8
4+YA78gjnBbg94PBnHWFRGaqbynJeA5MwCXSt1HU6hYt4p5RSOZvL5fQufoYdVG/
vGaNAhK9xdoU2xEkJbIg+9K5v6HH63tL4V9wELRIkvzffgNQXYcQ0dhrghMewtrI
0E33e9/Voh1r+0RsaTYcFUjxKupACEZCTsq7vj9vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUa2ixyaq5mXXQvw9ntXO4F1MRKYUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJiZjZhNzlkLWU3ZmItNGIyMy1iODc4LWM0OWVkOTkxOTFlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABM36IwDQYJKoZIhvcNAQELBQADggEBAHuFL9fBccWdyMPiOnrnAX+plqOj
45G2gS/pHCkfeBourKRkVFbr5G8Tq5upBDXP/wY5bV34mbanvuQ+LpJEdSquNdMA
/MGL4VliLgslYJ23VPu/bS18VzXce44xvd3rPOkGo3UA6Hj6kITYcKOLY/eoUw9O
4F6TADh84voHb+VZuAyI0Md6nPl92Ul5KcB9eZJGAdjbE/d31NOiujssuOxoN0Q+
dkz9Y7FLzLUy0wUcyJxdKZ3gWM2VTOANsx6caJDyo1rjzzqU3rJ93vLSh6jCS0Oe
rS+wSgY9s70vNuG/+7Vd+4grRGAVYP49NPbL1FpzCo5RK3ODjJQZjx3Wntg=
-----END CERTIFICATE-----