Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2df51cd2-e6af-493a-a88a-3221d01f7d90/e0073d5a-9507-4588-b834-e01ed691ccb6.roa
File:                     e0073d5a-9507-4588-b834-e01ed691ccb6.roa (raw, json)
Hash identifier:          rlaqCgPnPdUITTslD0UNaPDaOFHyShL6LtL7dGd3bW8=
Subject key identifier:   36:F0:D2:BA:ED:5F:68:11:37:7C:B8:3B:22:C3:D0:2D:16:1C:0D:6C
Certificate issuer:       /CN=c319424e039f86d6ad9fc4e7223df841d20ae6d0ff12428173
Certificate serial:       618B5B4FB3F32E92BB697BCF8CC8E15476FA014F
Authority key identifier: CC:10:61:27:3F:FF:76:3F:76:D2:DE:E2:85:83:E8:BA:3B:05:C4:30
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/e5dea660-bf59-4b4c-b9ad-4a6787e03fce/c319424e039f86d6ad9fc4e7223df841d20ae6d0ff12428173.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2df51cd2-e6af-493a-a88a-3221d01f7d90/e0073d5a-9507-4588-b834-e01ed691ccb6.roa
Signing time:             Tue 20 May 2025 21:37:09 +0000
ROA not before:           Tue 20 May 2025 21:37:09 +0000
ROA not after:            Tue 24 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        198.41.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2df51cd2-e6af-493a-a88a-3221d01f7d90/n4bWrZ_E5yI9-EHSCubQ_xJCgXM.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2df51cd2-e6af-493a-a88a-3221d01f7d90/n4bWrZ_E5yI9-EHSCubQ_xJCgXM.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/e5dea660-bf59-4b4c-b9ad-4a6787e03fce/c319424e039f86d6ad9fc4e7223df841d20ae6d0ff12428173.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/e5dea660-bf59-4b4c-b9ad-4a6787e03fce/e5dea660-bf59-4b4c-b9ad-4a6787e03fce.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/e5dea660-bf59-4b4c-b9ad-4a6787e03fce/e5dea660-bf59-4b4c-b9ad-4a6787e03fce.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/e5dea660-bf59-4b4c-b9ad-4a6787e03fce.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/d6b5ad28-1cbc-47ab-904e-45361a5487c3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/d6b5ad28-1cbc-47ab-904e-45361a5487c3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 07 Jun 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:8b:5b:4f:b3:f3:2e:92:bb:69:7b:cf:8c:c8:e1:54:76:fa:01:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c319424e039f86d6ad9fc4e7223df841d20ae6d0ff12428173
        Validity
            Not Before: May 20 21:37:09 2025 GMT
            Not After : Jun 24 23:59:59 2025 GMT
        Subject: serialNumber=a9941ebe1b986f45977e7b3e18f94b34f192e332363ecf5c1e3ace8dd64c68f4, CN=88af7b95-2ef7-49fc-a37d-1b8f0547180d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e0:bd:91:c3:7b:3b:cc:f9:40:f6:dd:f6:9b:
                    53:6a:88:b7:82:9a:b5:e5:0d:32:96:e8:df:c2:e8:
                    4b:68:17:36:38:43:fb:3d:7a:db:22:93:03:a5:5f:
                    bb:07:0e:73:0f:45:2a:c6:55:28:f3:7d:d6:35:f8:
                    b3:d9:3e:b9:9c:cb:2b:18:05:e1:ae:5d:54:ae:62:
                    21:a9:0d:32:f2:64:03:39:ad:6c:af:8d:e1:4e:ef:
                    20:0d:76:b8:40:13:41:e6:1e:96:a3:4a:da:1a:e8:
                    53:b4:b0:16:c1:f8:48:e1:bc:9b:ef:d2:75:9c:96:
                    a3:7a:44:cb:5c:a0:e2:4b:de:98:bf:5e:3e:89:ec:
                    3d:d8:80:4b:99:9e:b7:d1:5a:89:b9:9d:2f:91:fb:
                    12:37:e1:47:09:c6:7a:bf:c5:13:80:3e:44:b1:23:
                    90:2f:8b:7c:75:79:65:61:54:a7:07:e3:d3:80:2d:
                    a9:64:a4:46:8c:49:04:52:4a:16:ef:8e:7d:43:97:
                    c7:f8:08:5a:19:0b:ad:ab:6b:96:59:29:f3:a3:e9:
                    84:55:74:05:09:e4:91:f5:8d:88:07:3f:3b:95:6d:
                    22:3b:1c:30:2b:21:40:63:51:4a:18:5d:1e:76:62:
                    f7:41:54:b1:53:5a:ee:67:0e:b8:fd:90:15:23:f0:
                    6e:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:F0:D2:BA:ED:5F:68:11:37:7C:B8:3B:22:C3:D0:2D:16:1C:0D:6C
            X509v3 Authority Key Identifier:
                keyid:CC:10:61:27:3F:FF:76:3F:76:D2:DE:E2:85:83:E8:BA:3B:05:C4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/d6b5ad28-1cbc-47ab-904e-45361a5487c3/e5dea660-bf59-4b4c-b9ad-4a6787e03fce/c319424e039f86d6ad9fc4e7223df841d20ae6d0ff12428173.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2df51cd2-e6af-493a-a88a-3221d01f7d90/e0073d5a-9507-4588-b834-e01ed691ccb6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2df51cd2-e6af-493a-a88a-3221d01f7d90/n4bWrZ_E5yI9-EHSCubQ_xJCgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.41.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:0a:28:2e:2c:86:86:8d:2a:af:6e:18:5a:c0:df:38:0b:54:
         f8:c3:62:fd:28:df:5e:16:3c:d1:82:d1:ec:42:5a:53:12:1c:
         ee:21:98:cb:c0:7e:b9:e0:8d:82:8d:c9:dc:95:ba:95:89:9b:
         c1:81:0b:25:7c:2d:17:40:a8:b6:de:e9:cc:06:d5:f8:63:c5:
         45:a8:b3:57:71:48:de:4b:09:e7:f3:88:02:46:89:42:c9:9d:
         0e:04:e4:a9:69:0c:42:34:c0:68:26:a0:20:b9:52:b9:fe:70:
         e2:76:f4:bf:e9:1f:40:1a:c5:c6:9d:9e:5a:f4:b9:6d:17:af:
         e3:a9:04:f9:42:da:fc:a3:9a:32:dd:93:bd:d9:4f:75:5c:62:
         72:4a:d3:74:64:d2:6e:b3:0b:46:06:89:9c:53:b3:04:aa:47:
         9b:f3:b1:cd:54:f8:a8:aa:11:19:ad:e6:0d:3f:02:93:eb:80:
         7b:b8:1c:b2:cd:36:cf:64:87:13:04:9b:4c:3e:69:9f:67:ca:
         f5:71:34:4e:79:e8:a0:61:ae:a8:69:20:f2:b2:58:98:c1:67:
         5b:e7:38:df:0c:04:48:23:a7:9a:bf:a2:ce:56:45:f7:b2:d9:
         bd:57:16:fa:1b:c1:71:d3:78:7c:c5:aa:93:da:af:45:1e:54:
         2b:a5:77:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYYtbT7PzLpK7aXvPjMjhVHb6AU8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzMxOTQyNGUwMzlmODZkNmFkOWZjNGU3MjIzZGY4NDFk
MjBhZTZkMGZmMTI0MjgxNzMwHhcNMjUwNTIwMjEzNzA5WhcNMjUwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTk0MWViZTFiOTg2ZjQ1OTc3ZTdiM2UxOGY5NGIzNGYx
OTJlMzMyMzYzZWNmNWMxZTNhY2U4ZGQ2NGM2OGY0MS0wKwYDVQQDEyQ4OGFmN2I5
NS0yZWY3LTQ5ZmMtYTM3ZC0xYjhmMDU0NzE4MGQwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC44L2Rw3s7zPlA9t32m1NqiLeCmrXlDTKW6N/C6EtoFzY4
Q/s9etsikwOlX7sHDnMPRSrGVSjzfdY1+LPZPrmcyysYBeGuXVSuYiGpDTLyZAM5
rWyvjeFO7yANdrhAE0HmHpajStoa6FO0sBbB+EjhvJvv0nWclqN6RMtcoOJL3pi/
Xj6J7D3YgEuZnrfRWom5nS+R+xI34UcJxnq/xROAPkSxI5Avi3x1eWVhVKcH49OA
LalkpEaMSQRSShbvjn1Dl8f4CFoZC62ra5ZZKfOj6YRVdAUJ5JH1jYgHPzuVbSI7
HDArIUBjUUoYXR52YvdBVLFTWu5nDrj9kBUj8G4tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNvDSuu1faBE3fLg7IsPQLRYcDWwwHwYDVR0jBBgwFoAUzBBhJz//dj92
0t7ihYPoujsFxDAwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Q2YjVhZDI4LTFjYmMtNDdhYi05MDRlLTQ1MzYxYTU0ODdjMy9lNWRlYTY2MC1i
ZjU5LTRiNGMtYjlhZC00YTY3ODdlMDNmY2UvYzMxOTQyNGUwMzlmODZkNmFkOWZj
NGU3MjIzZGY4NDFkMjBhZTZkMGZmMTI0MjgxNzMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmRmNTFjZDItZTZhZi00OTNhLWE4OGEtMzIy
MWQwMWY3ZDkwL2UwMDczZDVhLTk1MDctNDU4OC1iODM0LWUwMWVkNjkxY2NiNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJkZjUxY2QyLWU2YWYtNDkzYS1hODhh
LTMyMjFkMDFmN2Q5MC9uNGJXclpfRTV5STktRUhTQ3ViUV94SkNnWE0uY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADGKWYwDQYJKoZIhvcNAQELBQADggEBALAKKC4shoaNKq9uGFrA3zgLVPjD
Yv0o314WPNGC0exCWlMSHO4hmMvAfrngjYKNydyVupWJm8GBCyV8LRdAqLbe6cwG
1fhjxUWos1dxSN5LCefziAJGiULJnQ4E5KlpDEI0wGgmoCC5Urn+cOJ29L/pH0Aa
xcadnlr0uW0Xr+OpBPlC2vyjmjLdk73ZT3VcYnJK03Rk0m6zC0YGiZxTswSqR5vz
sc1U+KiqERmt5g0/ApPrgHu4HLLNNs9khxMEm0w+aZ9nyvVxNE556KBhrqhpIPKy
WJjBZ1vnON8MBEgjp5q/os5WRfey2b1XFvobwXHTeHzFqpPar0UeVCuldyU=
-----END CERTIFICATE-----