Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7eb73713-284b-4d6a-b386-5f78fbbd5d1a.roa
File:                     7eb73713-284b-4d6a-b386-5f78fbbd5d1a.roa (raw, json)
Hash identifier:          Xwtnm01SFZEXdQlTSrtreRtNy5NbSrOWGE9/acmi/lg=
Subject key identifier:   FC:21:59:E0:B4:D9:C5:4D:B5:AA:17:89:86:E7:D0:1E:5C:EC:7F:B7
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       7587843EECB1D3B70386FD8009AAB271D8054598
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7eb73713-284b-4d6a-b386-5f78fbbd5d1a.roa
ROA valid until:          Mon 13 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:
    1: 199.36.120.0/24 maxlen: 24

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:87:84:3e:ec:b1:d3:b7:03:86:fd:80:09:aa:b2:71:d8:05:45:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 10 00:00:00 2023 GMT
            Not After : Feb 13 23:59:59 2023 GMT
        Subject: serialNumber=7912a108b35b273a358997bbef10886d1bd953be8391075ddfd96048a3d3297e, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:21:19:dc:b6:51:52:e0:19:fc:82:ff:a1:ba:
                    0f:b6:74:ca:2a:f4:fe:37:25:75:78:57:97:3e:90:
                    84:f4:a6:34:87:40:43:d2:02:86:e8:fa:0e:0d:76:
                    ff:7d:8e:e6:2f:f2:5a:2b:9e:fd:b4:96:50:73:9a:
                    fd:7c:ab:60:6e:10:cc:9c:e9:58:6f:b3:ff:a7:3b:
                    d3:f0:87:a3:49:e9:bf:9b:c4:f5:9a:49:87:73:d6:
                    c3:cb:86:a2:81:d8:2e:2b:34:06:fa:e4:bc:6c:dd:
                    72:3a:b9:96:49:0e:1b:23:22:92:bc:85:17:2c:93:
                    8a:f8:eb:2f:3f:6d:fd:93:ac:e6:2c:1d:82:0b:28:
                    93:1f:6b:ee:f5:5f:2f:8a:41:ed:30:2d:00:5f:2b:
                    19:6a:f1:1a:f8:6b:e8:0b:40:fc:51:31:80:56:49:
                    24:a6:44:9b:8a:91:18:35:2e:85:cc:82:6a:fd:05:
                    cc:17:70:48:df:5d:bf:b6:47:d9:84:d9:51:98:6e:
                    57:dc:a2:d0:09:51:2a:ec:61:c5:4b:85:0d:3e:45:
                    61:2f:c6:a7:d9:69:d9:26:52:e1:da:55:8d:d2:75:
                    61:09:b4:cb:e3:d1:90:16:24:16:b5:34:79:5f:91:
                    b4:5b:c0:14:c5:b0:88:cf:a3:c3:5f:07:de:7e:ba:
                    58:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                FC:21:59:E0:B4:D9:C5:4D:B5:AA:17:89:86:E7:D0:1E:5C:EC:7F:B7
            X509v3 Authority Key Identifier: 
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access: 
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/7eb73713-284b-4d6a-b386-5f78fbbd5d1a.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:4d:7e:01:24:3e:37:b2:f1:9e:21:a0:02:89:42:d2:57:ef:
         5c:76:3b:c8:4c:67:e8:73:06:d4:48:9f:88:45:d0:18:b7:82:
         1f:41:fc:d0:71:3f:55:85:4a:23:44:6c:cb:24:0c:36:d2:23:
         3e:d9:b2:58:7e:fa:c4:c7:3e:e5:9f:c1:bb:a0:21:85:9e:ee:
         ed:60:3a:61:33:7f:b4:36:56:84:fb:21:cd:ca:8f:d0:16:97:
         8b:ed:01:48:c4:4a:d0:e4:03:36:53:71:44:a8:df:c3:da:b2:
         84:8f:65:fa:29:7b:09:04:5b:d5:e7:19:91:d7:34:89:8b:4d:
         8d:a9:d5:82:cd:16:4a:d7:72:77:ff:cd:42:1b:90:92:f3:1e:
         e5:e8:0f:e0:e1:6a:38:cf:40:76:fb:fb:c8:53:fe:a4:7c:ac:
         7f:1b:5f:f5:96:64:19:11:a7:35:01:32:ad:2f:26:61:b3:3f:
         47:37:15:2a:50:c4:c6:af:fd:c6:5e:a5:a1:aa:82:c0:3b:86:
         ff:e0:41:2c:e0:f9:f1:ff:3d:60:a5:1b:5b:68:35:7c:ab:45:
         5a:61:40:1f:67:58:58:af:b1:82:15:6b:87:e8:0e:f2:8f:0f:
         13:c3:0e:da:0e:91:85:63:9e:c6:7f:95:a4:f4:8d:5d:5a:a3:
         c4:c9:bc:25
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUdYeEPuyx07cDhv2ACaqycdgFRZgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjEwMDAwMDAwWhcNMjMwMjEzMjM1OTU5
WjCBpTFJMEcGA1UEBRNANzkxMmExMDhiMzViMjczYTM1ODk5N2JiZWYxMDg4NmQx
YmQ5NTNiZTgzOTEwNzVkZGZkOTYwNDhhM2QzMjk3ZTEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALAhGdy2UVLgGfyC/6G6D7Z0yir0/jcldXhXlz6QhPSmNIdAQ9IC
huj6Dg12/32O5i/yWiue/bSWUHOa/XyrYG4QzJzpWG+z/6c70/CHo0npv5vE9ZpJ
h3PWw8uGooHYLis0BvrkvGzdcjq5lkkOGyMikryFFyyTivjrLz9t/ZOs5iwdggso
kx9r7vVfL4pB7TAtAF8rGWrxGvhr6AtA/FExgFZJJKZEm4qRGDUuhcyCav0FzBdw
SN9dv7ZH2YTZUZhuV9yi0AlRKuxhxUuFDT5FYS/Gp9lp2SZS4dpVjdJ1YQm0y+PR
kBYkFrU0eV+RtFvAFMWwiM+jw18H3n66WEsCAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBT8IVngtNnFTbWqF4mG59AeXOx/tzAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvN2ViNzM3MTMtMjg0Yi00ZDZhLWIzODYtNWY3OGZiYmQ1ZDFhLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGBNfgEkPjey8Z4h
oAKJQtJX71x2O8hMZ+hzBtRIn4hF0Bi3gh9B/NBxP1WFSiNEbMskDDbSIz7Zslh+
+sTHPuWfwbugIYWe7u1gOmEzf7Q2VoT7Ic3Kj9AWl4vtAUjEStDkAzZTcUSo38Pa
soSPZfopewkEW9XnGZHXNImLTY2p1YLNFkrXcnf/zUIbkJLzHuXoD+DhajjPQHb7
+8hT/qR8rH8bX/WWZBkRpzUBMq0vJmGzP0c3FSpQxMav/cZepaGqgsA7hv/gQSzg
+fH/PWClG1toNXyrRVphQB9nWFivsYIVa4foDvKPDxPDDtoOkYVjnsZ/laT0jV1a
o8TJvCU=
-----END CERTIFICATE-----