Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec2a25c7-03d3-41ca-9778-621ae3af6930.roa
File:                     ec2a25c7-03d3-41ca-9778-621ae3af6930.roa (raw, json)
Hash identifier:          QsP6BosGk6OW0AdlL8LOl+aIbJ2LyCxr1N3NCT8PuPU=
Subject key identifier:   DD:28:68:9C:93:53:BF:F3:FE:9D:B5:48:A0:7A:12:B4:AF:E7:CB:82
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       664C9ABC496E085FE027851A1A4FE413CC6158E5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec2a25c7-03d3-41ca-9778-621ae3af6930.roa
Signing time:             Wed 12 Mar 2025 00:11:14 +0000
ROA not before:           Wed 12 Mar 2025 00:11:14 +0000
ROA not after:            Wed 16 Apr 2025 23:59:59 +0000
asID:                     6167
IP address blocks:        162.208.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 07 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:4c:9a:bc:49:6e:08:5f:e0:27:85:1a:1a:4f:e4:13:cc:61:58:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 12 00:11:14 2025 GMT
            Not After : Apr 16 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:a7:58:9e:7e:24:f9:09:23:28:5f:6d:11:6b:
                    ca:d5:0d:b4:d8:88:b4:8c:25:8d:54:82:bc:9a:a5:
                    bc:98:a8:15:c5:a0:d4:ad:f7:67:04:f9:8b:1c:0e:
                    eb:05:bb:bb:b9:20:5a:98:fe:ed:af:67:28:f4:b0:
                    73:b3:ab:3e:6a:8a:53:f6:c8:38:a6:a9:8e:bd:fe:
                    1e:c9:19:3e:5d:38:97:ad:c9:76:04:09:f0:1c:ee:
                    44:44:e7:fe:68:ca:02:a0:55:81:8e:43:1b:0b:12:
                    19:7d:10:0e:d2:98:a0:34:4f:53:56:d0:0e:71:13:
                    13:79:d9:3b:92:d9:18:70:da:6a:f8:47:5a:cc:fa:
                    fe:98:3d:7e:61:6f:cd:ae:c9:78:29:5c:b8:50:15:
                    79:5f:fd:b4:6d:87:b3:d1:0b:79:1a:e4:9c:66:75:
                    39:4e:fc:70:d4:66:c7:27:07:b0:ee:86:db:17:db:
                    15:c3:68:b1:3d:1b:43:f1:0c:1a:07:7d:15:22:e7:
                    32:1d:b0:82:25:68:c4:aa:06:00:62:0b:65:a0:d8:
                    5b:33:b6:09:ce:2e:39:96:a0:b1:ff:6a:16:c2:a5:
                    5d:df:72:35:09:71:76:cb:91:4a:08:63:8c:88:fb:
                    fd:4d:f0:07:90:7e:22:27:ed:4a:84:8a:15:cb:1a:
                    02:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:28:68:9C:93:53:BF:F3:FE:9D:B5:48:A0:7A:12:B4:AF:E7:CB:82
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec2a25c7-03d3-41ca-9778-621ae3af6930.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.208.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:b1:54:63:69:12:bb:bc:1c:82:29:ca:c0:44:0a:ae:ed:3e:
         a0:66:ad:86:bd:ac:8c:66:ba:c6:54:e0:0e:a0:19:e0:11:7a:
         07:d7:f5:c8:d7:57:64:02:64:82:2b:cc:e8:5f:b8:0b:f2:81:
         77:d3:16:d1:f3:ec:02:86:89:ad:38:e7:5e:9f:0b:74:af:09:
         d9:bb:7e:ac:98:e2:6e:70:16:b2:22:c1:aa:cc:f1:67:c6:4c:
         a3:25:f3:7c:48:61:89:9e:f3:96:67:99:46:aa:cd:95:11:aa:
         08:24:2d:08:be:9e:0d:96:7f:f9:54:9b:8b:8a:77:19:6a:ee:
         8c:8d:0d:b4:80:d5:ff:4b:e5:9b:d9:2e:00:e2:65:22:7a:33:
         af:34:32:b4:84:1b:b3:93:d3:b6:c5:a5:6b:11:9b:31:7d:61:
         1c:51:21:91:5c:12:ec:ee:e3:5a:4f:9b:bb:8a:b8:ba:16:7b:
         6a:e6:b3:63:42:4f:c5:5a:15:1f:a9:8c:39:a9:a3:4c:10:4d:
         14:9e:95:3e:4b:5b:b1:fa:8d:2d:f2:a5:62:2b:15:21:db:76:
         d0:cf:a4:0a:c9:a9:c1:1e:2f:49:40:59:09:8b:22:88:2a:ca:
         99:79:dc:d6:46:a6:49:12:b9:53:14:da:09:19:70:e5:b3:51:
         9e:33:3e:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZkyavEluCF/gJ4UaGk/kE8xhWOUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEyMDAxMTE0WhcNMjUwNDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OGRkNjAwZTJmMzQ0OTY2NmEyZjJjMTcyOTVjMTQyMjIy
ZWMyNjQwMjU1MzU3ZjBjMTQ3N2YyNDgwZmJmMDQ5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpp1iefiT5CSMoX20Ra8rVDbTYiLSMJY1UgryapbyYqBXF
oNSt92cE+YscDusFu7u5IFqY/u2vZyj0sHOzqz5qilP2yDimqY69/h7JGT5dOJet
yXYECfAc7kRE5/5oygKgVYGOQxsLEhl9EA7SmKA0T1NW0A5xExN52TuS2Rhw2mr4
R1rM+v6YPX5hb82uyXgpXLhQFXlf/bRth7PRC3ka5JxmdTlO/HDUZscnB7DuhtsX
2xXDaLE9G0PxDBoHfRUi5zIdsIIlaMSqBgBiC2Wg2FsztgnOLjmWoLH/ahbCpV3f
cjUJcXbLkUoIY4yI+/1N8AeQfiIn7UqEihXLGgLRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3ShonJNTv/P+nbVIoHoStK/ny4IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VjMmEyNWM3LTAzZDMtNDFjYS05Nzc4LTYyMWFlM2FmNjkzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACi0HswDQYJKoZIhvcNAQELBQADggEBAJaxVGNpEru8HIIpysBECq7tPqBm
rYa9rIxmusZU4A6gGeARegfX9cjXV2QCZIIrzOhfuAvygXfTFtHz7AKGia04516f
C3SvCdm7fqyY4m5wFrIiwarM8WfGTKMl83xIYYme85ZnmUaqzZURqggkLQi+ng2W
f/lUm4uKdxlq7oyNDbSA1f9L5ZvZLgDiZSJ6M680MrSEG7OT07bFpWsRmzF9YRxR
IZFcEuzu41pPm7uKuLoWe2rms2NCT8VaFR+pjDmpo0wQTRSelT5LW7H6jS3ypWIr
FSHbdtDPpArJqcEeL0lAWQmLIogqypl53NZGpkkSuVMU2gkZcOWzUZ4zPmw=
-----END CERTIFICATE-----