Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/88f09a26-8b70-4d31-b73b-01df50c56e50.roa
File:                     88f09a26-8b70-4d31-b73b-01df50c56e50.roa (raw, json)
Hash identifier:          7e7zQnouZCRVG0ed2ix/ZGw0/g3wNFTgH+swnVCYQ0E=
Subject key identifier:   33:07:FA:CF:00:AB:22:43:78:71:73:EF:0F:9C:7C:0E:18:53:DA:CC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       65CDBDC23AA3082252375B6DC7183F83840854C1
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/88f09a26-8b70-4d31-b73b-01df50c56e50.roa
Signing time:             Mon 19 May 2025 19:00:57 +0000
ROA not before:           Mon 19 May 2025 19:00:57 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     6167
IP address blocks:        155.146.128.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 03 Jun 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:cd:bd:c2:3a:a3:08:22:52:37:5b:6d:c7:18:3f:83:84:08:54:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: May 19 19:00:57 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=47731632fda6446bfe11c42d658450317601657735e2d9983521210562bcbd33, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:54:d5:a8:e9:07:37:8e:37:37:1b:49:32:8c:
                    71:7f:75:bb:14:36:df:1c:4b:ab:44:8d:81:03:86:
                    db:96:40:86:2d:4f:60:3f:b3:9b:bc:62:69:de:83:
                    02:64:c6:84:11:42:2d:ab:72:f9:44:79:44:cc:8d:
                    11:19:6c:34:2b:73:3e:4c:0d:bf:43:c7:dd:dd:c6:
                    c4:eb:4c:af:3a:3c:88:4f:6e:1b:ca:b6:2d:6f:67:
                    c9:ce:eb:9c:99:d2:28:01:24:c2:f6:cb:37:c1:3c:
                    c3:02:f6:66:35:55:e7:e2:f9:77:18:bb:06:84:60:
                    2f:85:97:89:04:ec:af:e1:d0:39:d9:e6:7b:b4:05:
                    95:8f:50:b6:31:e7:51:ad:66:ba:3c:2a:66:28:d3:
                    6c:b6:93:fe:50:0e:f9:3a:f1:e2:29:79:b8:32:0c:
                    08:22:b0:12:d6:0e:ff:d3:5d:86:9f:b8:c0:2f:bd:
                    35:ed:46:8a:be:db:d5:ad:a5:9c:c0:f8:27:ca:2e:
                    02:af:48:81:39:a8:c9:9d:0c:24:0a:1a:fd:26:70:
                    15:ab:1d:c4:63:56:c5:b7:ba:dc:98:fc:c0:cc:12:
                    9c:04:6e:73:43:ae:8f:46:6b:a2:51:83:f1:02:60:
                    18:e8:5e:30:3b:58:5c:73:a5:46:c1:2d:1c:5f:45:
                    74:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:07:FA:CF:00:AB:22:43:78:71:73:EF:0F:9C:7C:0E:18:53:DA:CC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/88f09a26-8b70-4d31-b73b-01df50c56e50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.146.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5a:db:67:1f:34:2e:1b:8b:7f:d4:f6:5c:12:67:9e:61:14:6f:
         6d:b1:38:6b:bb:a2:5e:71:bd:63:0d:24:84:e0:b5:7d:d0:f6:
         22:9f:5b:af:81:b7:db:91:79:77:08:22:02:f0:58:99:3b:b9:
         a5:2d:d5:2a:58:0e:31:0c:e2:c3:b0:19:1c:0c:3b:10:79:98:
         de:26:37:d7:03:02:c3:16:d3:d5:5c:a9:40:6b:50:8e:6d:b5:
         33:b2:c5:24:84:74:a0:c8:52:cb:75:de:89:a8:84:ef:ea:7a:
         32:63:eb:da:f1:35:08:a7:d0:03:81:29:31:33:d3:3b:4f:d3:
         19:6d:39:eb:e4:db:6a:82:4b:81:7e:16:91:d0:d1:ae:8e:9e:
         21:0d:1c:d6:c8:e6:0b:4c:3b:6d:aa:f5:fe:ed:ad:13:04:bc:
         a6:20:f8:a7:27:9b:83:78:ff:f4:99:34:bc:a0:be:5d:db:79:
         b6:3a:fc:9c:12:44:f2:e5:f5:92:9c:ec:8b:7a:82:ae:24:7d:
         d1:a9:76:3f:ce:f5:3e:59:6f:6b:86:61:79:bf:9e:e5:c9:e4:
         2b:0a:6f:ac:64:27:db:ec:e4:47:24:8d:33:c5:59:b5:18:c5:
         a8:f4:d2:e1:91:7d:00:2e:44:df:ac:3f:ee:0f:e8:88:11:f3:
         8c:57:e6:fa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZc29wjqjCCJSN1ttxxg/g4QIVMEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwNTE5MTkwMDU3WhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NzczMTYzMmZkYTY0NDZiZmUxMWM0MmQ2NTg0NTAzMTc2
MDE2NTc3MzVlMmQ5OTgzNTIxMjEwNTYyYmNiZDMzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRVNWo6Qc3jjc3G0kyjHF/dbsUNt8cS6tEjYEDhtuWQIYt
T2A/s5u8YmnegwJkxoQRQi2rcvlEeUTMjREZbDQrcz5MDb9Dx93dxsTrTK86PIhP
bhvKti1vZ8nO65yZ0igBJML2yzfBPMMC9mY1Vefi+XcYuwaEYC+Fl4kE7K/h0DnZ
5nu0BZWPULYx51GtZro8KmYo02y2k/5QDvk68eIpebgyDAgisBLWDv/TXYafuMAv
vTXtRoq+29WtpZzA+CfKLgKvSIE5qMmdDCQKGv0mcBWrHcRjVsW3utyY/MDMEpwE
bnNDro9Ga6JRg/ECYBjoXjA7WFxzpUbBLRxfRXSnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMwf6zwCrIkN4cXPvD5x8DhhT2swwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg4ZjA5YTI2LThiNzAtNGQzMS1iNzNiLTAxZGY1MGM1NmU1MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASbkoAwDQYJKoZIhvcNAQELBQADggEBAFrbZx80LhuLf9T2XBJnnmEUb22x
OGu7ol5xvWMNJITgtX3Q9iKfW6+Bt9uReXcIIgLwWJk7uaUt1SpYDjEM4sOwGRwM
OxB5mN4mN9cDAsMW09VcqUBrUI5ttTOyxSSEdKDIUst13omohO/qejJj69rxNQin
0AOBKTEz0ztP0xltOevk22qCS4F+FpHQ0a6OniENHNbI5gtMO22q9f7trRMEvKYg
+Kcnm4N4//SZNLygvl3bebY6/JwSRPLl9ZKc7It6gq4kfdGpdj/O9T5Zb2uGYXm/
nuXJ5CsKb6xkJ9vs5EckjTPFWbUYxaj00uGRfQAuRN+sP+4P6IgR84xX5vo=
-----END CERTIFICATE-----