Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a5459b61-4765-4284-9582-9c6c304ff03b.roa
File:                     a5459b61-4765-4284-9582-9c6c304ff03b.roa (raw, json)
Hash identifier:          NRBTJGc0ItSbYy2Ajei8Pk+6EfMcxsVe178g7J9MCzU=
Subject key identifier:   33:50:1F:3C:B3:BC:DD:7E:EA:A9:4A:AA:6E:06:2C:D4:17:4E:DE:7B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6CE6AFB3C37D5FBEEAC3FFDD6B2E81295FCEBB64
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a5459b61-4765-4284-9582-9c6c304ff03b.roa
Signing time:             Tue 22 Apr 2025 17:30:31 +0000
ROA not before:           Tue 22 Apr 2025 17:30:31 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        5.179.96.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:e6:af:b3:c3:7d:5f:be:ea:c3:ff:dd:6b:2e:81:29:5f:ce:bb:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 22 17:30:31 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=6675752d94fae73d4a7e22d89d8d7986e8ce1cb1495f27b245a907e263648b5d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8e:aa:e9:54:85:2a:7d:2a:91:22:c9:54:fd:
                    0a:42:88:2c:5e:5a:35:6a:5e:8e:7e:d5:b5:fe:27:
                    4a:fc:d2:9a:6e:9a:b8:f7:e1:bf:09:16:fb:96:1e:
                    b6:71:bf:4e:ac:ef:5e:3e:ac:a4:39:67:f1:26:31:
                    de:7c:af:91:e1:e2:08:a7:91:69:db:9f:5c:5b:d8:
                    01:a4:a0:62:4f:ea:dc:3a:be:21:c2:eb:e7:85:0f:
                    74:19:6c:36:7a:69:ba:0d:cf:fb:5c:62:dd:7d:d9:
                    56:40:62:82:a7:48:6d:b0:7e:bb:1e:2f:b7:56:d7:
                    19:59:67:0b:44:e8:8d:2a:1d:2b:f4:50:df:0c:d2:
                    ce:09:03:fa:7a:20:c8:df:18:48:f4:4e:3a:1e:00:
                    b3:f0:9d:1c:0d:5d:83:4a:dd:e3:2b:1f:30:e0:6e:
                    bf:fd:6e:4c:90:55:9f:01:28:de:d6:75:10:4d:d6:
                    b4:5b:53:f6:11:b8:e4:a6:f4:7c:0e:2d:a5:b7:21:
                    f0:f6:61:63:fc:d6:f7:eb:ba:8a:69:bf:eb:08:c2:
                    ae:5f:ee:84:6e:0f:dd:e2:55:a7:fa:23:0e:cf:b4:
                    36:fc:ce:71:ee:ce:b0:68:71:08:a1:98:1d:9b:f9:
                    81:05:1f:d9:8c:ef:ca:ce:31:44:a9:45:f0:b4:e7:
                    0f:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:50:1F:3C:B3:BC:DD:7E:EA:A9:4A:AA:6E:06:2C:D4:17:4E:DE:7B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a5459b61-4765-4284-9582-9c6c304ff03b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.179.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         71:04:8d:21:c8:66:a7:db:c5:57:0c:83:f5:58:d3:05:d6:92:
         12:33:7e:07:8b:7c:29:a5:82:5e:fe:fe:03:ed:5e:6a:49:6a:
         28:8b:9f:da:db:2a:9b:4c:a3:61:db:82:44:7f:bc:01:97:ca:
         8b:b4:71:e3:f9:f5:01:ef:ca:08:94:9b:44:43:58:24:8b:cc:
         3f:f6:ec:59:27:e8:f4:aa:86:44:0f:be:46:17:8c:e3:87:70:
         55:44:c7:15:25:87:f1:b3:82:69:bf:b3:7a:32:d9:e6:55:da:
         17:89:64:db:13:f7:6d:c2:7c:dc:d4:24:48:3f:36:99:05:6d:
         2f:ff:4d:ce:96:33:a5:c2:3c:62:ad:d2:77:91:27:59:ff:c4:
         87:be:b1:71:11:e4:20:05:ea:cf:75:dd:22:43:ec:17:54:45:
         e2:b9:63:0f:dd:a6:f3:4e:4b:0b:6a:84:99:aa:94:e0:a4:5e:
         50:e2:26:98:85:9e:4e:24:c0:d8:fd:b8:4a:91:42:75:7b:49:
         11:cd:49:e1:ea:f1:21:6b:4e:02:c5:43:ff:98:a2:89:a4:1e:
         c8:84:1d:77:44:21:a2:e2:8f:fd:7b:d1:4c:31:15:a5:ea:53:
         f2:50:8a:98:0c:a5:f1:29:d3:84:7f:ad:d0:5a:b5:20:4b:c3:
         4c:7c:1c:3a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbOavs8N9X77qw//day6BKV/Ou2QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDIyMTczMDMxWhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2Njc1NzUyZDk0ZmFlNzNkNGE3ZTIyZDg5ZDhkNzk4NmU4
Y2UxY2IxNDk1ZjI3YjI0NWE5MDdlMjYzNjQ4YjVkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcjqrpVIUqfSqRIslU/QpCiCxeWjVqXo5+1bX+J0r80ppu
mrj34b8JFvuWHrZxv06s714+rKQ5Z/EmMd58r5Hh4ginkWnbn1xb2AGkoGJP6tw6
viHC6+eFD3QZbDZ6aboNz/tcYt192VZAYoKnSG2wfrseL7dW1xlZZwtE6I0qHSv0
UN8M0s4JA/p6IMjfGEj0TjoeALPwnRwNXYNK3eMrHzDgbr/9bkyQVZ8BKN7WdRBN
1rRbU/YRuOSm9HwOLaW3IfD2YWP81vfruoppv+sIwq5f7oRuD93iVaf6Iw7PtDb8
znHuzrBocQihmB2b+YEFH9mM78rOMUSpRfC05w/ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUM1AfPLO83X7qqUqqbgYs1BdO3nswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E1NDU5YjYxLTQ3NjUtNDI4NC05NTgyLTljNmMzMDRmZjAzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQFs2AwDQYJKoZIhvcNAQELBQADggEBAHEEjSHIZqfbxVcMg/VY0wXWkhIz
fgeLfCmlgl7+/gPtXmpJaiiLn9rbKptMo2HbgkR/vAGXyou0ceP59QHvygiUm0RD
WCSLzD/27Fkn6PSqhkQPvkYXjOOHcFVExxUlh/Gzgmm/s3oy2eZV2heJZNsT923C
fNzUJEg/NpkFbS//Tc6WM6XCPGKt0neRJ1n/xIe+sXER5CAF6s913SJD7BdUReK5
Yw/dpvNOSwtqhJmqlOCkXlDiJpiFnk4kwNj9uEqRQnV7SRHNSeHq8SFrTgLFQ/+Y
oomkHsiEHXdEIaLij/170UwxFaXqU/JQipgMpfEp04R/rdBatSBLw0x8HDo=
-----END CERTIFICATE-----