Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/97873d74-2b1b-42d6-9c41-b2870237ac5b.roa
File:                     97873d74-2b1b-42d6-9c41-b2870237ac5b.roa (raw, json)
Hash identifier:          qwO+TQ4KPBEoKm4uCU0nmpKXSMkKXfo4WsSaaCL7Z2U=
Subject key identifier:   C0:71:1A:69:3D:B4:85:EA:CD:15:17:CA:D7:B9:64:67:C9:35:E7:C1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       577EDED3F1AE0BF5EBB96634C8E56CAC0F7197E5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/97873d74-2b1b-42d6-9c41-b2870237ac5b.roa
Signing time:             Fri 09 May 2025 00:10:11 +0000
ROA not before:           Fri 09 May 2025 00:10:11 +0000
ROA not after:            Fri 13 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.144.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 13 May 2025 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:7e:de:d3:f1:ae:0b:f5:eb:b9:66:34:c8:e5:6c:ac:0f:71:97:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May  9 00:10:11 2025 GMT
            Not After : Jun 13 23:59:59 2025 GMT
        Subject: serialNumber=0b38068ec14aa1f7f2594367e46f0e59b736d25c5a96ecc3ea156102f2e863e1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:18:f3:93:bb:3d:2e:b8:00:15:c9:61:d3:f9:
                    50:1f:ee:47:a0:20:44:0a:3b:d5:50:cf:9a:88:ca:
                    b4:28:78:7f:bb:c3:a2:09:a3:27:74:aa:05:0b:61:
                    99:f2:30:cc:17:c8:e0:54:0b:95:75:c2:0a:e0:3a:
                    72:e7:9d:15:f2:89:35:29:e7:1f:da:18:9e:8a:91:
                    10:94:0e:f5:14:71:13:a9:fa:88:90:59:e0:f5:1b:
                    74:80:88:bb:c9:29:df:2f:a8:a3:36:62:42:10:47:
                    b2:43:36:84:56:6f:a7:1e:34:82:82:22:42:c3:e9:
                    13:06:de:69:c1:dc:dc:40:c9:25:34:82:7a:e9:0b:
                    c4:a7:e6:0b:3b:55:cb:5e:15:ac:cd:f0:8b:c3:0c:
                    a0:b8:eb:e0:de:7a:b3:a9:8f:2f:d7:15:34:d1:a9:
                    49:11:77:f3:66:65:01:f9:71:4f:1f:d6:fe:5e:c4:
                    3b:9a:3f:54:59:88:00:76:43:42:61:d2:81:8f:53:
                    85:03:d6:f6:fe:ff:7c:1d:ab:f3:16:4b:60:44:75:
                    28:ab:52:44:ff:da:e2:51:11:ad:0a:f5:e3:8c:82:
                    05:3a:27:40:06:b5:c7:d8:ee:a6:2b:d9:4d:32:ce:
                    70:21:4f:fe:34:db:b3:f5:3c:cf:2e:4c:d9:f4:18:
                    fd:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:71:1A:69:3D:B4:85:EA:CD:15:17:CA:D7:B9:64:67:C9:35:E7:C1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/97873d74-2b1b-42d6-9c41-b2870237ac5b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         44:53:6d:5c:93:52:af:61:71:8e:2f:bb:ee:1b:c7:70:5f:0c:
         d0:cc:d5:37:df:8c:de:ec:db:24:49:3b:5a:f5:bf:68:ab:41:
         48:c9:07:32:c9:f0:ed:ef:a8:74:44:ab:b6:78:b9:f3:72:6a:
         19:ae:eb:e5:8f:0b:a7:69:5e:f3:42:df:41:5d:22:79:d7:48:
         2c:6b:09:f9:e8:bb:ec:2d:73:70:8a:2c:a9:17:0d:22:63:9a:
         bd:60:99:30:b1:45:8d:a7:77:0a:35:80:9d:2b:3c:ad:a4:bd:
         f6:b9:57:61:75:31:38:62:a9:6a:19:77:e7:b5:1e:5c:d4:aa:
         88:60:65:f9:ca:0f:f0:09:8b:76:29:d5:63:16:28:10:35:b3:
         c7:ac:62:d5:ac:83:4b:b7:d5:54:83:0b:6a:bc:2e:93:8a:67:
         f7:12:7d:21:b3:1e:ae:d4:93:65:47:2d:14:39:fa:fd:54:18:
         fe:3a:cc:8f:63:8b:94:69:76:73:99:5c:54:83:d2:bc:22:63:
         d2:71:d1:fa:f3:69:eb:eb:a9:92:d7:8c:b5:34:bd:ff:b1:95:
         67:7d:d1:57:a9:20:d2:df:ff:cb:8e:48:a2:20:9e:b3:25:f9:
         3d:db:bb:07:35:50:63:5f:86:b4:39:f3:87:02:aa:54:d1:17:
         cf:30:fc:87
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV37e0/GuC/XruWY0yOVsrA9xl+UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNTA5MDAxMDExWhcNMjUwNjEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjM4MDY4ZWMxNGFhMWY3ZjI1OTQzNjdlNDZmMGU1OWI3
MzZkMjVjNWE5NmVjYzNlYTE1NjEwMmYyZTg2M2UxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHGPOTuz0uuAAVyWHT+VAf7kegIEQKO9VQz5qIyrQoeH+7
w6IJoyd0qgULYZnyMMwXyOBUC5V1wgrgOnLnnRXyiTUp5x/aGJ6KkRCUDvUUcROp
+oiQWeD1G3SAiLvJKd8vqKM2YkIQR7JDNoRWb6ceNIKCIkLD6RMG3mnB3NxAySU0
gnrpC8Sn5gs7VcteFazN8IvDDKC46+DeerOpjy/XFTTRqUkRd/NmZQH5cU8f1v5e
xDuaP1RZiAB2Q0Jh0oGPU4UD1vb+/3wdq/MWS2BEdSirUkT/2uJREa0K9eOMggU6
J0AGtcfY7qYr2U0yznAhT/4027P1PM8uTNn0GP1XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwHEaaT20herNFRfK17lkZ8k158EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk3ODczZDc0LTJiMWItNDJkNi05YzQxLWIyODcwMjM3YWM1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOIEpAwDQYJKoZIhvcNAQELBQADggEBAERTbVyTUq9hcY4vu+4bx3BfDNDM
1TffjN7s2yRJO1r1v2irQUjJBzLJ8O3vqHREq7Z4ufNyahmu6+WPC6dpXvNC30Fd
InnXSCxrCfnou+wtc3CKLKkXDSJjmr1gmTCxRY2ndwo1gJ0rPK2kvfa5V2F1MThi
qWoZd+e1HlzUqohgZfnKD/AJi3Yp1WMWKBA1s8esYtWsg0u31VSDC2q8LpOKZ/cS
fSGzHq7Uk2VHLRQ5+v1UGP46zI9ji5RpdnOZXFSD0rwiY9Jx0frzaevrqZLXjLU0
vf+xlWd90VepINLf/8uOSKIgnrMl+T3buwc1UGNfhrQ584cCqlTRF88w/Ic=
-----END CERTIFICATE-----