Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a537444f-9491-4144-a93b-138617032fc0.roa
File:                     a537444f-9491-4144-a93b-138617032fc0.roa (raw, json)
Hash identifier:          FgDq03ORsQQoInb3fCvvh4eMx45rrLgFAB9aiPuuhLM=
Subject key identifier:   5B:10:4D:64:A1:6E:7A:E7:D3:01:CF:48:C4:76:5A:F4:59:1C:64:34
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       11F012733EC5E6E0382AA543A65FFAD85FB282A4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a537444f-9491-4144-a93b-138617032fc0.roa
Signing time:             Fri 24 Jan 2025 00:00:00 +0000
ROA not before:           Fri 24 Jan 2025 00:00:00 +0000
ROA not after:            Fri 28 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        64.252.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 17 Feb 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:f0:12:73:3e:c5:e6:e0:38:2a:a5:43:a6:5f:fa:d8:5f:b2:82:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 24 00:00:00 2025 GMT
            Not After : Feb 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:91:ec:9e:99:31:55:62:72:5d:bf:a1:6d:da:
                    bc:86:e2:b8:12:bd:5d:3d:83:06:49:2f:63:19:f1:
                    f5:13:49:9a:f4:e6:24:7f:8b:dd:dc:74:4f:44:26:
                    0a:19:e2:19:d5:70:58:a6:1c:cb:6a:8f:9c:57:8e:
                    32:ec:f1:78:86:c1:5c:43:c9:7f:da:9d:dd:5e:64:
                    ca:69:af:ec:f7:9a:ee:5d:59:fb:0c:ec:ae:1e:e9:
                    60:71:0e:7c:01:47:2d:28:46:3b:a1:e2:76:20:54:
                    6a:9c:e4:6c:85:64:ad:82:2c:53:9a:a3:2b:33:9c:
                    0a:0a:53:9b:e2:0d:c6:cd:c3:e5:a3:af:8c:e4:0d:
                    5b:e1:da:db:22:db:e7:64:7c:74:9e:68:dc:c6:c5:
                    9f:8b:16:d8:78:07:94:03:ce:d0:20:7f:62:bd:0f:
                    ef:2c:a9:e8:a6:aa:89:0f:fb:96:f1:a8:aa:76:c5:
                    c6:b8:18:22:2e:65:a2:cf:72:7d:62:a5:35:89:7f:
                    13:4f:71:5a:4b:1c:d5:1a:5c:ec:50:27:a1:38:ec:
                    77:89:ba:d4:9c:67:dd:5b:4f:57:36:68:92:c2:b4:
                    69:82:78:7e:59:ad:91:ce:d9:5a:34:9d:53:39:fe:
                    e7:d3:1d:01:4e:50:8e:ad:af:00:89:23:a3:ca:94:
                    88:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:10:4D:64:A1:6E:7A:E7:D3:01:CF:48:C4:76:5A:F4:59:1C:64:34
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a537444f-9491-4144-a93b-138617032fc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:aa:34:c7:c7:cb:c3:82:0b:42:07:0d:3b:20:fd:00:1b:90:
         f1:24:69:9b:d2:93:9f:2e:66:6f:12:31:a0:37:08:98:ca:b6:
         16:1b:41:cb:6a:21:c8:dc:98:c2:34:19:24:e8:0a:ab:78:b5:
         83:b8:bc:0d:04:53:cd:34:27:6b:5b:9d:e9:f1:86:9e:00:ff:
         2c:25:c0:fb:3f:13:09:76:ef:f9:a0:70:78:c5:d0:88:ed:6b:
         57:5d:76:9c:53:2b:f2:92:66:2d:3a:f7:22:97:ce:06:82:33:
         cc:df:dd:b1:b7:16:ca:be:f9:85:2f:1b:e5:82:c5:98:00:5f:
         6d:89:a6:8b:b1:b6:13:df:1d:ff:fa:3b:67:15:67:00:ad:77:
         8a:b7:1b:1c:79:48:06:27:c9:a9:72:5b:63:0a:2c:53:51:d2:
         44:30:d0:ac:d2:c6:e9:d2:fc:67:ee:f9:a3:e8:86:33:aa:35:
         7b:c4:8f:5a:e2:86:78:58:5d:26:f8:51:5b:aa:54:7f:78:30:
         c7:cb:73:f9:02:f7:96:74:14:bb:9a:04:f8:47:02:5a:a8:91:
         9d:c1:07:d1:43:a7:26:e9:71:e2:38:00:b9:71:ca:e4:4c:4d:
         22:ed:28:82:32:be:ca:f2:2f:30:1d:7f:50:e5:56:8d:66:61:
         d6:a1:2c:bb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEfAScz7F5uA4KqVDpl/62F+ygqQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTI0MDAwMDAwWhcNMjUwMjI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZDJkZGZhYzg2MDI0NWM5ZmZjZmNmMTRjNGFkMDBmYTY1
NmExODUxN2VjY2RjZjczNGM0ZGI0NzYyNTA4ZGI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5keyemTFVYnJdv6Ft2ryG4rgSvV09gwZJL2MZ8fUTSZr0
5iR/i93cdE9EJgoZ4hnVcFimHMtqj5xXjjLs8XiGwVxDyX/and1eZMppr+z3mu5d
WfsM7K4e6WBxDnwBRy0oRjuh4nYgVGqc5GyFZK2CLFOaoysznAoKU5viDcbNw+Wj
r4zkDVvh2tsi2+dkfHSeaNzGxZ+LFth4B5QDztAgf2K9D+8sqeimqokP+5bxqKp2
xca4GCIuZaLPcn1ipTWJfxNPcVpLHNUaXOxQJ6E47HeJutScZ91bT1c2aJLCtGmC
eH5ZrZHO2Vo0nVM5/ufTHQFOUI6trwCJI6PKlIg5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWxBNZKFueufTAc9IxHZa9FkcZDQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E1Mzc0NDRmLTk0OTEtNDE0NC1hOTNiLTEzODYxNzAzMmZjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABA/GowDQYJKoZIhvcNAQELBQADggEBABSqNMfHy8OCC0IHDTsg/QAbkPEk
aZvSk58uZm8SMaA3CJjKthYbQctqIcjcmMI0GSToCqt4tYO4vA0EU800J2tbnenx
hp4A/ywlwPs/Ewl27/mgcHjF0Ijta1dddpxTK/KSZi069yKXzgaCM8zf3bG3Fsq+
+YUvG+WCxZgAX22JpouxthPfHf/6O2cVZwCtd4q3Gxx5SAYnyalyW2MKLFNR0kQw
0KzSxunS/Gfu+aPohjOqNXvEj1rihnhYXSb4UVuqVH94MMfLc/kC95Z0FLuaBPhH
AlqokZ3BB9FDpybpceI4ALlxyuRMTSLtKIIyvsryLzAdf1DlVo1mYdahLLs=
-----END CERTIFICATE-----