Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46d8aa8e-8cfa-475d-b0f4-d4eefbae1433.roa
File:                     46d8aa8e-8cfa-475d-b0f4-d4eefbae1433.roa (raw, json)
Hash identifier:          xMjTDsI2hvm4b8AuAPslL5C3KkSzkWrGttyv8b2ZDXE=
Subject key identifier:   65:1E:B7:97:5D:50:65:54:14:0D:2E:9E:82:43:25:2C:A0:AB:71:35
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6957F08741D3DEEC5DA382DF43F74EF93A97CB92
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46d8aa8e-8cfa-475d-b0f4-d4eefbae1433.roa
Signing time:             Mon 10 Feb 2025 00:00:00 +0000
ROA not before:           Mon 10 Feb 2025 00:00:00 +0000
ROA not after:            Mon 17 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        138.240.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:57:f0:87:41:d3:de:ec:5d:a3:82:df:43:f7:4e:f9:3a:97:cb:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 10 00:00:00 2025 GMT
            Not After : Mar 17 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a7:d1:3d:86:aa:da:12:c6:84:e2:64:e6:32:
                    a3:a6:e6:3a:64:6a:80:5a:b7:de:6e:df:31:12:c7:
                    39:26:4f:df:ac:b3:ed:2c:b5:88:10:fb:bc:c2:5a:
                    72:28:0c:34:7e:b6:15:b6:c8:eb:52:aa:35:c7:7b:
                    d7:65:eb:f5:50:d7:03:66:ba:65:b2:91:25:46:b6:
                    b2:a1:94:b9:c1:51:b0:27:83:bd:4f:f7:ba:12:90:
                    d4:fe:91:3b:15:03:c1:94:83:72:d3:d4:de:3f:ea:
                    e6:6f:97:f3:62:94:50:b8:ee:50:eb:17:23:59:4a:
                    29:ae:f4:99:1f:47:d1:97:fc:a0:f2:7b:ab:25:d0:
                    d8:9c:c4:94:01:c0:65:5b:7c:1c:59:9b:47:fe:fc:
                    9f:0e:4f:11:19:bd:93:42:b4:b3:4f:68:f2:b8:db:
                    24:88:f5:c6:24:1c:ea:2c:ee:37:00:3d:9c:d9:76:
                    4b:63:e0:b8:b2:f3:cd:9a:fa:0e:7b:bd:08:6c:23:
                    f3:3d:6a:90:09:1a:36:20:fe:a1:9b:f1:89:80:fc:
                    73:8c:5f:04:aa:67:14:cf:4e:d4:73:ec:48:56:9b:
                    d5:f3:d3:b8:75:5b:34:0b:9b:62:cf:ae:8c:f4:46:
                    2b:b7:c2:b1:1d:33:70:42:f8:d2:29:49:c7:03:10:
                    b6:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:1E:B7:97:5D:50:65:54:14:0D:2E:9E:82:43:25:2C:A0:AB:71:35
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/46d8aa8e-8cfa-475d-b0f4-d4eefbae1433.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.240.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         47:58:04:38:3f:f3:70:b5:04:17:51:2c:a6:18:13:51:37:65:
         4f:c4:fa:85:c1:7d:77:d0:1b:b2:43:14:b0:ef:88:a9:f1:2b:
         14:98:ea:b4:2d:2f:c9:c9:e1:d3:ad:cd:93:42:dd:b6:6c:f1:
         e9:e5:b4:45:e0:65:41:52:2a:ec:c2:78:20:5f:aa:fa:a7:cd:
         28:d7:b3:98:20:2d:da:d0:66:bf:d6:4b:76:f0:9d:04:42:45:
         9b:43:5e:19:42:c5:c6:81:75:08:9f:02:81:fa:f5:c9:71:fe:
         d4:07:41:ae:86:ed:5e:9d:ca:6f:d4:3c:09:49:bc:ad:d3:0e:
         d9:07:04:47:3d:86:f1:8f:99:7e:15:a6:d0:04:a4:44:e9:de:
         d0:51:69:ee:01:1f:06:56:cb:b5:55:27:1f:ac:cb:1f:f7:99:
         b6:47:1d:43:4a:72:9a:b0:1c:ab:b6:c5:10:78:b3:a5:43:14:
         d6:d6:f6:56:98:0f:04:c3:5d:b7:aa:79:8a:2c:81:cb:d0:21:
         02:5f:ca:b4:1d:b0:b6:4b:36:4f:4a:25:55:c8:79:1a:09:ec:
         63:34:cf:6c:76:96:a6:07:90:fb:c8:da:3d:9c:35:98:9c:ba:
         5f:24:b1:c3:00:f0:1b:87:71:21:76:a9:84:d8:55:11:55:af:
         31:18:ec:0b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaVfwh0HT3uxdo4LfQ/dO+TqXy5IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjEwMDAwMDAwWhcNMjUwMzE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMTM2ZWU4NDAwOWM0NDgyNmE3NjBjMDM3YjgxYWIwMmZi
MjUyZWYwMjlmNjU5M2I3ZGEwZDgyOTE1N2ZkOGZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwp9E9hqraEsaE4mTmMqOm5jpkaoBat95u3zESxzkmT9+s
s+0stYgQ+7zCWnIoDDR+thW2yOtSqjXHe9dl6/VQ1wNmumWykSVGtrKhlLnBUbAn
g71P97oSkNT+kTsVA8GUg3LT1N4/6uZvl/NilFC47lDrFyNZSimu9JkfR9GX/KDy
e6sl0NicxJQBwGVbfBxZm0f+/J8OTxEZvZNCtLNPaPK42ySI9cYkHOos7jcAPZzZ
dktj4Liy882a+g57vQhsI/M9apAJGjYg/qGb8YmA/HOMXwSqZxTPTtRz7EhWm9Xz
07h1WzQLm2LProz0Riu3wrEdM3BC+NIpSccDELZrAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUZR63l11QZVQUDS6egkMlLKCrcTUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ2ZDhhYThlLThjZmEtNDc1ZC1iMGY0LWQ0ZWVmYmFlMTQzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCK8DANBgkqhkiG9w0BAQsFAAOCAQEAR1gEOD/zcLUEF1EsphgTUTdlT8T6
hcF9d9AbskMUsO+IqfErFJjqtC0vycnh063Nk0Ldtmzx6eW0ReBlQVIq7MJ4IF+q
+qfNKNezmCAt2tBmv9ZLdvCdBEJFm0NeGULFxoF1CJ8Cgfr1yXH+1AdBrobtXp3K
b9Q8CUm8rdMO2QcERz2G8Y+ZfhWm0ASkROne0FFp7gEfBlbLtVUnH6zLH/eZtkcd
Q0pymrAcq7bFEHizpUMU1tb2VpgPBMNdt6p5iiyBy9AhAl/KtB2wtks2T0olVch5
GgnsYzTPbHaWpgeQ+8jaPZw1mJy6XySxwwDwG4dxIXaphNhVEVWvMRjsCw==
-----END CERTIFICATE-----