Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2fc25c4-cbcb-41d6-abb1-81a32332c760.roa
File:                     f2fc25c4-cbcb-41d6-abb1-81a32332c760.roa (raw, json)
Hash identifier:          VOH6FXBmwySdiV4U4IoG2BHIPANQ8RWgM6OPRWTM3Ys=
Subject key identifier:   4A:E3:AB:17:99:E2:B7:21:2B:BB:27:BC:42:8D:72:4A:04:18:25:18
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       32E57D684810D7C01A460DCC2B27D48362FD0C11
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2fc25c4-cbcb-41d6-abb1-81a32332c760.roa
Signing time:             Sat 26 Apr 2025 00:01:12 +0000
ROA not before:           Sat 26 Apr 2025 00:01:12 +0000
ROA not after:            Sat 31 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        147.106.64.0/18 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:e5:7d:68:48:10:d7:c0:1a:46:0d:cc:2b:27:d4:83:62:fd:0c:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 26 00:01:12 2025 GMT
            Not After : May 31 23:59:59 2025 GMT
        Subject: serialNumber=c6896b8dc2cf34712f5e0c9688ee0c67d3164a5d145b42af9e6525ba3d3cbf79, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:37:32:39:2b:c2:3a:35:dc:d7:52:e0:e9:91:
                    6a:59:9a:1d:2c:fc:e0:1f:1c:48:26:ad:ac:71:74:
                    55:b2:75:87:11:6d:c4:f2:ab:77:1f:4d:af:15:8c:
                    0d:c3:a5:88:f7:7d:2a:66:57:fb:b6:7e:e0:67:14:
                    72:9e:37:9a:24:9c:5e:79:c4:bc:a1:ed:7e:6d:9e:
                    87:ac:79:66:29:a2:7c:5e:80:32:d6:30:f3:c4:42:
                    3f:36:fb:0a:88:1e:f0:95:a3:cd:ac:9d:ee:86:23:
                    7f:82:ea:54:40:fa:cd:b7:bc:b6:3d:ba:03:62:12:
                    ed:49:3f:a9:db:ba:a6:f7:a7:66:e5:d4:ff:38:a8:
                    bd:0c:ed:d0:e6:01:d2:0d:b9:aa:6a:f3:00:77:0f:
                    d7:5d:a1:0c:99:0e:81:68:ab:55:21:6a:6a:53:e3:
                    c9:4d:59:a0:38:a1:26:9a:0b:52:25:a8:60:c0:3d:
                    15:a4:4e:5c:0f:0a:7e:1f:a3:27:99:ab:f2:3b:80:
                    ab:a9:3d:7c:e0:3f:e0:7b:d4:ce:93:f0:bb:ef:09:
                    46:fb:dd:18:0f:db:55:2c:bf:49:fb:38:60:68:28:
                    10:44:4d:66:59:b4:d8:b4:e8:d8:97:86:d4:1c:39:
                    ab:5e:ef:17:50:86:b8:32:7f:77:92:8d:70:e8:6b:
                    ed:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:E3:AB:17:99:E2:B7:21:2B:BB:27:BC:42:8D:72:4A:04:18:25:18
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f2fc25c4-cbcb-41d6-abb1-81a32332c760.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.106.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d5:5a:d9:c1:20:01:17:c1:ec:18:84:9d:f6:f7:7f:55:d0:38:
         0d:37:4e:f9:5c:d1:ee:3c:38:84:f9:c6:a6:aa:64:28:5a:75:
         ee:e9:ec:e0:79:41:0e:01:2a:79:7b:3c:37:08:fb:e6:74:2c:
         b8:93:ef:9f:96:e0:eb:eb:67:2f:28:f2:54:e4:5e:ec:e8:f7:
         8f:f4:0b:6d:91:eb:dd:76:a0:5a:cf:20:5a:a4:36:81:c4:7a:
         d6:dc:88:d5:3b:c2:92:fa:b1:77:f3:12:3d:f0:42:4e:60:24:
         af:cc:69:e8:f0:3c:b9:e8:55:21:c0:04:22:b8:99:a6:2b:3e:
         e8:21:af:1c:58:de:98:81:8f:2f:07:42:9f:65:a2:61:07:79:
         20:4d:31:40:a2:4c:aa:a3:25:bf:56:66:e5:b5:71:2b:5d:20:
         6c:c8:01:eb:4c:61:95:b7:92:cd:85:f8:74:db:17:d3:3b:97:
         46:28:c3:f8:5c:5b:75:24:d4:9d:ad:66:49:37:5a:b8:ce:6d:
         81:f1:f7:d7:eb:b5:c3:05:3f:3c:9f:f0:ca:2d:85:f1:17:5f:
         af:3a:94:49:08:bf:15:11:7b:6f:00:f9:1a:3b:b7:f2:99:bf:
         4f:bf:b8:e7:da:dd:34:5f:34:4e:8d:34:31:9d:12:9f:4a:e8:
         f6:ff:c4:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMuV9aEgQ18AaRg3MKyfUg2L9DBEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDI2MDAwMTEyWhcNMjUwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNjg5NmI4ZGMyY2YzNDcxMmY1ZTBjOTY4OGVlMGM2N2Qz
MTY0YTVkMTQ1YjQyYWY5ZTY1MjViYTNkM2NiZjc5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDuNzI5K8I6NdzXUuDpkWpZmh0s/OAfHEgmraxxdFWydYcR
bcTyq3cfTa8VjA3DpYj3fSpmV/u2fuBnFHKeN5oknF55xLyh7X5tnoeseWYponxe
gDLWMPPEQj82+wqIHvCVo82sne6GI3+C6lRA+s23vLY9ugNiEu1JP6nbuqb3p2bl
1P84qL0M7dDmAdINuapq8wB3D9ddoQyZDoFoq1UhampT48lNWaA4oSaaC1IlqGDA
PRWkTlwPCn4foyeZq/I7gKupPXzgP+B71M6T8LvvCUb73RgP21Usv0n7OGBoKBBE
TWZZtNi06NiXhtQcOate7xdQhrgyf3eSjXDoa+1TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSuOrF5nityEruye8Qo1ySgQYJRgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyZmMyNWM0LWNiY2ItNDFkNi1hYmIxLTgxYTMyMzMyYzc2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAaTakAwDQYJKoZIhvcNAQELBQADggEBANVa2cEgARfB7BiEnfb3f1XQOA03
Tvlc0e48OIT5xqaqZChade7p7OB5QQ4BKnl7PDcI++Z0LLiT75+W4OvrZy8o8lTk
Xuzo94/0C22R6912oFrPIFqkNoHEetbciNU7wpL6sXfzEj3wQk5gJK/MaejwPLno
VSHABCK4maYrPughrxxY3piBjy8HQp9lomEHeSBNMUCiTKqjJb9WZuW1cStdIGzI
AetMYZW3ks2F+HTbF9M7l0Yow/hcW3Uk1J2tZkk3WrjObYHx99frtcMFPzyf8Mot
hfEXX686lEkIvxURe28A+Ro7t/KZv0+/uOfa3TRfNE6NNDGdEp9K6Pb/xPM=
-----END CERTIFICATE-----