Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7840150d-90b6-4a97-8609-5a40556c4e1b.roa
File:                     7840150d-90b6-4a97-8609-5a40556c4e1b.roa (raw, json)
Hash identifier:          2cLZHcOWGVZPGZ3MAC5aK5xVlgUX3jkeJ0sbhYUsvZg=
Subject key identifier:   F5:7F:5C:FD:AF:77:99:FD:8B:34:C8:38:59:47:AC:9D:D5:4D:06:7B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3605798D3CFC3D013243AE9130AF50C4E6A5A577
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7840150d-90b6-4a97-8609-5a40556c4e1b.roa
Signing time:             Tue 18 Feb 2025 00:10:37 +0000
ROA not before:           Tue 18 Feb 2025 00:10:37 +0000
ROA not after:            Tue 25 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        205.149.32.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 15 Mar 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:05:79:8d:3c:fc:3d:01:32:43:ae:91:30:af:50:c4:e6:a5:a5:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 18 00:10:37 2025 GMT
            Not After : Mar 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:67:85:8f:da:94:96:79:68:4c:e1:ca:d7:8b:
                    ea:21:3e:f7:d7:8d:2c:93:b7:3a:01:e3:72:15:ad:
                    38:c9:ae:4c:2a:13:d0:07:2b:df:ed:20:52:86:f4:
                    4b:97:36:72:24:20:3e:4d:61:fd:a6:e2:f8:81:3c:
                    bc:fa:e9:79:9f:a4:47:96:a2:59:eb:1c:83:5e:7b:
                    41:60:26:49:b5:22:1a:e4:ba:9f:11:7a:85:c0:9b:
                    36:50:1e:80:f7:17:b0:7f:51:42:e2:0a:ab:11:60:
                    3f:bc:5a:6d:57:92:83:13:45:f3:53:5e:25:33:66:
                    f7:b5:8d:ac:75:90:89:c6:ca:00:60:b6:bc:94:38:
                    ab:26:de:bc:67:6d:40:ec:89:b0:f8:4d:4d:0b:0e:
                    65:93:eb:c0:ac:06:4e:f7:46:47:47:19:4b:5c:66:
                    13:73:f5:37:f4:41:c3:8c:ec:24:ea:30:d8:33:14:
                    66:3d:32:08:e7:51:25:6d:4e:e6:b9:58:e9:c3:69:
                    06:e1:29:e8:79:f4:5a:55:53:a2:83:d0:60:f4:5c:
                    c4:75:c0:fe:c0:98:b4:f8:31:58:ef:91:76:fc:96:
                    43:33:4a:22:3f:d3:32:47:4b:bb:75:94:b6:37:cd:
                    75:3d:62:55:c3:68:c0:2e:ce:b7:42:29:da:1f:5b:
                    c5:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:7F:5C:FD:AF:77:99:FD:8B:34:C8:38:59:47:AC:9D:D5:4D:06:7B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7840150d-90b6-4a97-8609-5a40556c4e1b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.149.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         74:fd:bd:23:af:4a:7e:52:07:1e:ec:b4:d7:81:b9:22:a3:c5:
         a9:88:7e:2e:53:c6:d6:08:ab:05:59:5b:f4:95:28:c3:ce:4a:
         b1:a8:f9:7e:90:0d:3a:9c:4d:69:4b:d1:9c:cc:64:11:d1:0b:
         21:34:ce:38:0b:8e:ed:1f:1a:a6:2a:ac:e2:6c:55:54:77:73:
         b5:40:25:18:88:72:35:b7:ec:22:b1:22:be:99:01:5d:de:c7:
         fd:0d:0b:81:9a:81:d6:68:d2:01:08:99:25:e0:98:70:d2:3d:
         12:ed:a8:b6:22:a6:33:7c:b0:8d:15:18:7a:59:09:13:61:dc:
         6a:90:7b:a1:68:19:d9:60:74:45:9c:70:8d:af:c5:e4:72:28:
         b4:43:d9:df:8a:4b:3e:bd:6c:a3:56:e8:9e:e6:7f:fc:4a:89:
         8e:61:24:55:e4:14:46:cf:de:71:cd:04:c3:a9:a1:12:96:d4:
         cf:ed:11:96:bf:98:96:aa:69:3e:e4:ad:62:c1:5f:cc:47:91:
         53:b0:05:8a:f7:8d:dd:e3:ae:38:b1:2e:a5:9d:7f:26:a0:60:
         2c:a7:cf:23:b8:96:1a:71:59:c0:a9:d7:d7:71:1d:36:92:30:
         59:d0:42:ef:88:8b:54:04:65:7d:a1:28:8d:ec:b6:76:53:f8:
         44:58:14:62
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNgV5jTz8PQEyQ66RMK9QxOalpXcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjE4MDAxMDM3WhcNMjUwMzI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMzEwYzk0NDBhYWIxYTgyMjNlMGUxNTdjYWQ3OTQ2NTY2
NWQ1ZWMzYjUzZTNhYWJhZGEyOTRlNmE0MmZkOTJkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGZ4WP2pSWeWhM4crXi+ohPvfXjSyTtzoB43IVrTjJrkwq
E9AHK9/tIFKG9EuXNnIkID5NYf2m4viBPLz66XmfpEeWolnrHINee0FgJkm1Ihrk
up8ReoXAmzZQHoD3F7B/UULiCqsRYD+8Wm1XkoMTRfNTXiUzZve1jax1kInGygBg
tryUOKsm3rxnbUDsibD4TU0LDmWT68CsBk73RkdHGUtcZhNz9Tf0QcOM7CTqMNgz
FGY9MgjnUSVtTua5WOnDaQbhKeh59FpVU6KD0GD0XMR1wP7AmLT4MVjvkXb8lkMz
SiI/0zJHS7t1lLY3zXU9YlXDaMAuzrdCKdofW8XPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9X9c/a93mf2LNMg4WUesndVNBnswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4NDAxNTBkLTkwYjYtNGE5Ny04NjA5LTVhNDA1NTZjNGUxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXNlSAwDQYJKoZIhvcNAQELBQADggEBAHT9vSOvSn5SBx7stNeBuSKjxamI
fi5TxtYIqwVZW/SVKMPOSrGo+X6QDTqcTWlL0ZzMZBHRCyE0zjgLju0fGqYqrOJs
VVR3c7VAJRiIcjW37CKxIr6ZAV3ex/0NC4GagdZo0gEImSXgmHDSPRLtqLYipjN8
sI0VGHpZCRNh3GqQe6FoGdlgdEWccI2vxeRyKLRD2d+KSz69bKNW6J7mf/xKiY5h
JFXkFEbP3nHNBMOpoRKW1M/tEZa/mJaqaT7krWLBX8xHkVOwBYr3jd3jrjixLqWd
fyagYCynzyO4lhpxWcCp19dxHTaSMFnQQu+Ii1QEZX2hKI3stnZT+ERYFGI=
-----END CERTIFICATE-----