Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bf6a79d-e7fb-4b23-b878-c49ed99191e3.roa
File:                     2bf6a79d-e7fb-4b23-b878-c49ed99191e3.roa (raw, json)
Hash identifier:          yeUojvM6Tu6LBc5eYS8S1/t5T2KFytDekTu6nwXKKO4=
Subject key identifier:   C5:8B:F2:A4:D2:8E:30:94:5B:D7:4C:7B:79:EC:6B:76:D0:8C:FC:A9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2ACF169CFD7F1EDE97C4767CE2AF28AAC2183CA3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bf6a79d-e7fb-4b23-b878-c49ed99191e3.roa
Signing time:             Mon 17 Feb 2025 17:01:03 +0000
ROA not before:           Mon 17 Feb 2025 17:01:03 +0000
ROA not after:            Mon 24 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:cf:16:9c:fd:7f:1e:de:97:c4:76:7c:e2:af:28:aa:c2:18:3c:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 17 17:01:03 2025 GMT
            Not After : Mar 24 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ae:b0:6c:2a:6a:73:d9:7e:29:f6:b3:c8:df:
                    46:26:d9:aa:6c:de:d9:44:6d:95:f2:01:e2:cd:5a:
                    97:4b:66:c0:4b:dd:b7:eb:da:f5:77:00:e7:1a:58:
                    4a:1d:e7:06:ff:0c:3a:9c:91:3e:ed:9d:71:93:0c:
                    b8:ac:fa:80:b5:f3:0b:ca:93:b1:cd:04:ee:49:22:
                    88:5b:e5:47:30:7d:bf:71:2f:5a:eb:cd:92:7b:50:
                    eb:c6:0d:2e:59:28:b6:fb:67:b6:c7:16:df:d6:c3:
                    0e:aa:38:bb:c7:9a:01:e8:1a:e2:4a:dd:b7:a8:16:
                    84:c2:7c:7e:de:f1:8e:c5:4b:b1:ba:a9:80:ec:13:
                    b8:ac:a2:63:7f:fa:fd:58:ab:22:ad:d0:d3:89:45:
                    3c:13:b4:b6:e8:56:b3:a5:31:4d:57:80:ee:56:3a:
                    ef:52:1c:da:b4:b9:97:59:fb:dd:3b:bf:c2:8c:d4:
                    c9:84:c0:4e:16:36:8e:59:37:44:b3:59:5a:e1:ef:
                    13:00:71:28:41:c1:fa:c9:7b:5f:16:fb:03:cb:60:
                    d2:d1:1e:d8:73:11:6f:4b:46:2a:91:3d:61:b4:2f:
                    ed:f5:80:45:1b:a1:ec:cf:26:3d:3f:1d:fd:b4:0e:
                    1a:b6:ee:22:f4:85:a5:bf:3b:ce:45:78:f3:9f:bd:
                    33:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:8B:F2:A4:D2:8E:30:94:5B:D7:4C:7B:79:EC:6B:76:D0:8C:FC:A9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bf6a79d-e7fb-4b23-b878-c49ed99191e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:a9:d7:46:2c:41:60:70:0e:f1:9d:c1:64:d5:26:43:e2:c7:
         4a:7c:44:e1:4b:21:49:8c:42:8b:8f:41:d3:ee:4e:b7:3f:d9:
         da:47:59:02:68:08:17:9e:ca:b0:4b:7b:23:8d:dc:d3:08:3b:
         2f:43:30:b6:45:f4:61:f1:71:67:3a:5d:42:be:5e:03:39:14:
         a7:27:b0:be:c1:97:51:9d:4e:c8:cd:9c:88:44:05:73:2c:97:
         f4:ec:df:23:64:25:7d:01:ac:f1:f1:e0:c6:1d:89:8d:d0:c2:
         26:47:d8:7b:ce:44:d2:41:1f:74:8c:a6:10:7d:d8:5a:03:85:
         80:57:33:21:ce:b3:5b:bc:c5:96:18:99:6e:e1:ba:14:d2:db:
         5e:5d:9a:31:20:79:6a:40:b8:df:83:8f:14:67:e7:44:be:53:
         db:c9:c8:c9:08:bf:14:4a:c2:20:fe:b9:9d:88:e6:2a:58:0a:
         aa:67:82:f2:a9:2a:25:a3:8d:5a:1b:88:35:c2:e6:9c:8f:21:
         63:c8:59:60:2d:0e:ad:65:16:88:38:21:1e:21:e2:83:aa:f3:
         4c:60:e8:4e:71:9a:78:d7:72:0c:d2:93:33:62:01:f5:db:55:
         ec:6e:55:29:7e:05:76:91:70:65:ce:fd:cb:67:12:e8:8f:06:
         5b:f4:24:3a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKs8WnP1/Ht6XxHZ84q8oqsIYPKMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjE3MTcwMTAzWhcNMjUwMzI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MzU1NDllNzM2NTVhMDc2Mzk4NjM5OWZlNDRjMGRhMjNi
Njg0ZDZkNWU0Njg4YTRlNmI2YmI2MTJiMjliYTg2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOrrBsKmpz2X4p9rPI30Ym2aps3tlEbZXyAeLNWpdLZsBL
3bfr2vV3AOcaWEod5wb/DDqckT7tnXGTDLis+oC18wvKk7HNBO5JIohb5Ucwfb9x
L1rrzZJ7UOvGDS5ZKLb7Z7bHFt/Www6qOLvHmgHoGuJK3beoFoTCfH7e8Y7FS7G6
qYDsE7isomN/+v1YqyKt0NOJRTwTtLboVrOlMU1XgO5WOu9SHNq0uZdZ+907v8KM
1MmEwE4WNo5ZN0SzWVrh7xMAcShBwfrJe18W+wPLYNLRHthzEW9LRiqRPWG0L+31
gEUboezPJj0/Hf20Dhq27iL0haW/O85FePOfvTOnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxYvypNKOMJRb10x7eexrdtCM/KkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJiZjZhNzlkLWU3ZmItNGIyMy1iODc4LWM0OWVkOTkxOTFlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABM36IwDQYJKoZIhvcNAQELBQADggEBANSp10YsQWBwDvGdwWTVJkPix0p8
ROFLIUmMQouPQdPuTrc/2dpHWQJoCBeeyrBLeyON3NMIOy9DMLZF9GHxcWc6XUK+
XgM5FKcnsL7Bl1GdTsjNnIhEBXMsl/Ts3yNkJX0BrPHx4MYdiY3QwiZH2HvORNJB
H3SMphB92FoDhYBXMyHOs1u8xZYYmW7huhTS215dmjEgeWpAuN+DjxRn50S+U9vJ
yMkIvxRKwiD+uZ2I5ipYCqpngvKpKiWjjVobiDXC5pyPIWPIWWAtDq1lFog4IR4h
4oOq80xg6E5xmnjXcgzSkzNiAfXbVexuVSl+BXaRcGXO/ctnEuiPBlv0JDo=
-----END CERTIFICATE-----