Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f6d0499-6523-42dc-96f7-6d729660d8b6.roa
File:                     9f6d0499-6523-42dc-96f7-6d729660d8b6.roa (raw, json)
Hash identifier:          HF6CeCbDFB1NrvK7+R6FPLwirrF9Uf5Jb+hexWFFznk=
Subject key identifier:   EA:2A:A9:96:58:73:AB:E3:A4:E8:35:8F:AC:30:7A:E2:97:04:9F:D8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       11FF85B465145C384E623959787282F987DA52F1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f6d0499-6523-42dc-96f7-6d729660d8b6.roa
Signing time:             Sat 12 Apr 2025 00:00:17 +0000
ROA not before:           Sat 12 Apr 2025 00:00:17 +0000
ROA not after:            Sat 17 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        23.238.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:ff:85:b4:65:14:5c:38:4e:62:39:59:78:72:82:f9:87:da:52:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 12 00:00:17 2025 GMT
            Not After : May 17 23:59:59 2025 GMT
        Subject: serialNumber=90747a0494c1782a5fdfa96184c99edc80598b67a013ba7aacc6751bdd327903, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:d2:df:27:f1:9f:3b:17:6d:af:37:b5:f1:42:
                    80:83:4a:7c:7a:31:07:b2:b5:0e:a7:59:7e:71:51:
                    fd:a7:d1:c6:67:8a:86:d8:a3:0f:a3:8a:a2:dd:ec:
                    31:ac:25:4d:d4:c1:66:74:c2:b9:20:ea:72:40:6f:
                    0e:ca:b1:ec:38:69:85:da:a8:e6:8d:0f:63:24:12:
                    3e:59:80:84:fe:aa:a6:26:be:da:37:d2:5d:aa:04:
                    bd:c6:7d:67:4a:91:63:bc:6b:f8:c6:48:9a:e8:c4:
                    5b:fd:76:62:b2:74:78:ae:15:18:c1:f8:f5:2b:ab:
                    d1:79:dc:f3:c5:06:f4:57:fb:7c:df:b8:53:91:c2:
                    72:d4:65:44:72:53:69:62:a2:4a:b0:99:e8:d3:ff:
                    3f:c4:59:3d:0b:f4:05:57:0c:6e:4f:40:d4:9d:5b:
                    52:e4:b8:df:24:77:ed:a7:7e:a6:a8:a0:7b:d6:74:
                    ba:a2:3b:dc:18:a8:34:73:93:a5:b4:59:05:62:ea:
                    bc:5a:8d:37:78:7d:d0:c8:b1:c9:27:77:d3:1d:41:
                    ad:f8:ea:c1:41:fa:d0:11:f4:3f:ef:64:a8:ed:7d:
                    fe:4f:5b:6a:92:39:08:95:da:29:90:bb:0d:24:a4:
                    99:85:76:a6:1e:4b:ff:2a:89:08:3d:4a:51:76:b1:
                    e2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:2A:A9:96:58:73:AB:E3:A4:E8:35:8F:AC:30:7A:E2:97:04:9F:D8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f6d0499-6523-42dc-96f7-6d729660d8b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.238.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         1f:8b:47:74:8f:74:40:d8:aa:93:76:e2:d9:8e:10:13:3a:9a:
         dc:31:b0:aa:62:86:9e:f1:94:ea:7b:62:37:9b:27:00:bf:6b:
         d8:b7:25:22:f3:fd:50:49:8b:fd:1f:b7:01:dd:b0:06:fb:4d:
         02:4a:db:8f:1e:0c:27:bc:ac:81:90:4a:fa:15:57:44:3b:49:
         9f:8d:90:de:ee:0f:dd:55:fb:18:13:74:a4:34:94:f0:88:32:
         52:a4:3d:c0:f4:b5:2e:fe:fc:af:d8:e6:a0:67:46:d7:e9:6f:
         02:35:33:e0:36:5c:b8:9f:84:42:ba:95:4b:38:77:00:47:9e:
         9d:6c:1e:ad:c4:de:d2:f2:72:0e:bc:a4:92:b1:16:ec:5c:c2:
         35:0a:29:19:8f:f4:59:90:f1:b7:1d:3b:ea:2d:f4:17:15:72:
         ad:81:6b:81:d9:e5:f8:19:56:d7:b2:7d:9a:4c:aa:05:66:24:
         2f:36:66:01:86:7f:54:70:f5:34:39:c8:65:c2:9d:c4:26:45:
         35:f8:3b:2b:f4:4e:b3:67:ad:ca:3e:22:d9:f8:94:c4:d2:45:
         62:48:47:cd:70:43:55:61:99:fd:f3:9e:9f:32:5a:cb:56:4d:
         c2:f7:9b:af:eb:b3:95:d0:fc:42:b2:ee:aa:55:69:ae:e0:e6:
         d0:b0:e7:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEf+FtGUUXDhOYjlZeHKC+YfaUvEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDEyMDAwMDE3WhcNMjUwNTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDc0N2EwNDk0YzE3ODJhNWZkZmE5NjE4NGM5OWVkYzgw
NTk4YjY3YTAxM2JhN2FhY2M2NzUxYmRkMzI3OTAzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDl0t8n8Z87F22vN7XxQoCDSnx6MQeytQ6nWX5xUf2n0cZn
iobYow+jiqLd7DGsJU3UwWZ0wrkg6nJAbw7Ksew4aYXaqOaND2MkEj5ZgIT+qqYm
vto30l2qBL3GfWdKkWO8a/jGSJroxFv9dmKydHiuFRjB+PUrq9F53PPFBvRX+3zf
uFORwnLUZURyU2liokqwmejT/z/EWT0L9AVXDG5PQNSdW1LkuN8kd+2nfqaooHvW
dLqiO9wYqDRzk6W0WQVi6rxajTd4fdDIscknd9MdQa346sFB+tAR9D/vZKjtff5P
W2qSOQiV2imQuw0kpJmFdqYeS/8qiQg9SlF2seKDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6iqpllhzq+Ok6DWPrDB64pcEn9gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlmNmQwNDk5LTY1MjMtNDJkYy05NmY3LTZkNzI5NjYwZDhiNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcX7oAwDQYJKoZIhvcNAQELBQADggEBAB+LR3SPdEDYqpN24tmOEBM6mtwx
sKpihp7xlOp7YjebJwC/a9i3JSLz/VBJi/0ftwHdsAb7TQJK248eDCe8rIGQSvoV
V0Q7SZ+NkN7uD91V+xgTdKQ0lPCIMlKkPcD0tS7+/K/Y5qBnRtfpbwI1M+A2XLif
hEK6lUs4dwBHnp1sHq3E3tLycg68pJKxFuxcwjUKKRmP9FmQ8bcdO+ot9BcVcq2B
a4HZ5fgZVteyfZpMqgVmJC82ZgGGf1Rw9TQ5yGXCncQmRTX4Oyv0TrNnrco+Itn4
lMTSRWJIR81wQ1Vhmf3znp8yWstWTcL3m6/rs5XQ/EKy7qpVaa7g5tCw52w=
-----END CERTIFICATE-----