Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa
File:                     593de0b1-b07b-4d5a-8e80-eec3224dc436.roa (raw, json)
Hash identifier:          oH2xR8sfmUKGO9uBH8v87F/PEX/SgL6WYLqNbiYZ8SI=
Subject key identifier:   B8:37:D8:57:A9:5E:E6:BB:19:3D:B6:DD:07:38:56:92:73:7B:7E:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2C895832D8CCC94554CA70A2A974A61ACC748877
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa
Signing time:             Wed 16 Apr 2025 00:00:25 +0000
ROA not before:           Wed 16 Apr 2025 00:00:25 +0000
ROA not after:            Wed 21 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 06 May 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:89:58:32:d8:cc:c9:45:54:ca:70:a2:a9:74:a6:1a:cc:74:88:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 16 00:00:25 2025 GMT
            Not After : May 21 23:59:59 2025 GMT
        Subject: serialNumber=2a55d647604bac5e584eb87c57fcc051eff95c89234886f2b8d4c3d6f54969e0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:59:8a:6c:11:f1:63:a2:9e:81:b6:6a:eb:ac:
                    d9:3d:0c:28:c7:4d:16:3d:03:9f:3a:43:b5:a4:a3:
                    66:50:ed:1a:d4:53:8b:8f:7b:45:eb:05:14:40:23:
                    c3:45:a4:1c:84:4c:d9:72:4e:72:50:2d:f4:bf:f6:
                    74:c6:db:fa:a8:0b:48:4d:a3:fb:47:8a:7f:02:3c:
                    c9:27:a5:47:e1:f1:e2:3c:35:01:d0:49:43:99:fe:
                    5e:22:f6:f2:cb:90:cb:02:48:3d:c4:6b:cf:ce:81:
                    76:d1:ae:df:35:b5:06:f2:09:3f:b8:d2:f2:38:ae:
                    98:57:6c:02:39:0b:b9:c2:20:b3:1a:2a:0e:ea:bb:
                    36:10:ee:e2:37:75:ce:4b:f0:81:ae:17:a7:3b:0d:
                    5b:a8:ce:8a:e7:f3:30:2f:ec:71:fc:ca:1e:78:1b:
                    4a:b4:ca:f3:b2:2b:2b:c3:79:7c:d2:27:48:4a:97:
                    74:ba:f7:6f:97:e4:ec:cf:15:5b:84:aa:85:fb:16:
                    27:82:ed:23:0c:84:57:ab:da:00:16:5f:33:d9:87:
                    ae:c7:f0:d8:55:09:10:e4:32:8a:bf:7e:c0:d5:a5:
                    f4:d2:51:3f:04:56:c7:58:47:4b:21:f3:e2:b8:41:
                    1d:eb:78:0a:52:f7:7c:02:14:29:bb:07:44:cb:06:
                    14:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:37:D8:57:A9:5E:E6:BB:19:3D:B6:DD:07:38:56:92:73:7B:7E:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/593de0b1-b07b-4d5a-8e80-eec3224dc436.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:2f:86:05:b9:b3:60:c5:ca:6c:f2:a0:61:95:29:9b:c6:cd:
         a6:e8:48:04:e8:6a:79:9b:f4:9a:98:38:19:4a:ee:80:68:66:
         a6:c0:b8:8e:a1:0c:9d:c8:46:66:dc:83:4f:1e:e0:69:c9:1d:
         cd:ee:d9:d6:c7:cd:0f:ed:6c:08:7f:a2:d7:5b:33:7c:85:e3:
         68:33:69:b0:91:d3:e9:8c:c7:4b:7e:a9:9c:ef:2b:62:20:85:
         b1:47:bb:60:f5:af:c8:0b:40:bb:ce:03:b5:dd:71:2a:58:40:
         ff:7a:6f:1a:0d:c2:72:e3:8c:15:99:71:cb:38:52:04:e3:18:
         af:4d:93:d3:79:02:da:0d:cf:e2:a0:8e:8c:db:56:bc:8e:c8:
         3e:1b:ae:62:23:fb:ba:5d:e9:ce:f0:29:23:ba:ea:e1:e7:a3:
         49:f8:28:58:eb:ef:93:e5:c8:c3:db:4e:db:82:f5:3f:c9:65:
         4b:95:fb:65:05:af:7d:9a:b2:a5:e6:76:e7:46:62:4b:97:f5:
         f5:56:7c:d6:2f:39:20:f3:3f:45:b5:27:34:1e:f7:7e:a1:38:
         0d:88:8c:3e:be:bc:49:0b:46:ea:66:ce:c6:4f:71:c1:c8:ca:
         44:cd:69:9d:38:b5:2c:de:bf:be:c5:28:e4:42:cd:1d:3e:21:
         86:ed:98:4b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULIlYMtjMyUVUynCiqXSmGsx0iHcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE2MDAwMDI1WhcNMjUwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTU1ZDY0NzYwNGJhYzVlNTg0ZWI4N2M1N2ZjYzA1MWVm
Zjk1Yzg5MjM0ODg2ZjJiOGQ0YzNkNmY1NDk2OWUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClWYpsEfFjop6BtmrrrNk9DCjHTRY9A586Q7Wko2ZQ7RrU
U4uPe0XrBRRAI8NFpByETNlyTnJQLfS/9nTG2/qoC0hNo/tHin8CPMknpUfh8eI8
NQHQSUOZ/l4i9vLLkMsCSD3Ea8/OgXbRrt81tQbyCT+40vI4rphXbAI5C7nCILMa
Kg7quzYQ7uI3dc5L8IGuF6c7DVuozorn8zAv7HH8yh54G0q0yvOyKyvDeXzSJ0hK
l3S692+X5OzPFVuEqoX7FieC7SMMhFer2gAWXzPZh67H8NhVCRDkMoq/fsDVpfTS
UT8EVsdYR0sh8+K4QR3reApS93wCFCm7B0TLBhSlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuDfYV6le5rsZPbbdBzhWknN7ft8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5M2RlMGIxLWIwN2ItNGQ1YS04ZTgwLWVlYzMyMjRkYzQzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAByOIAwDQYJKoZIhvcNAQELBQADggEBAJIvhgW5s2DFymzyoGGVKZvGzabo
SAToanmb9JqYOBlK7oBoZqbAuI6hDJ3IRmbcg08e4GnJHc3u2dbHzQ/tbAh/otdb
M3yF42gzabCR0+mMx0t+qZzvK2IghbFHu2D1r8gLQLvOA7XdcSpYQP96bxoNwnLj
jBWZccs4UgTjGK9Nk9N5AtoNz+KgjozbVryOyD4brmIj+7pd6c7wKSO66uHno0n4
KFjr75PlyMPbTtuC9T/JZUuV+2UFr32asqXmdudGYkuX9fVWfNYvOSDzP0W1JzQe
936hOA2IjD6+vEkLRupmzsZPccHIykTNaZ04tSzev77FKORCzR0+IYbtmEs=
-----END CERTIFICATE-----