Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/09739967-9eaf-4466-adca-6a715e6c180f.roa
File:                     09739967-9eaf-4466-adca-6a715e6c180f.roa (raw, json)
Hash identifier:          iuhShETLb+fk2dNw89sedyor3LFg5XoXhbzFRvZt06Q=
Subject key identifier:   32:67:FD:CE:5C:62:0E:D6:F7:CC:49:C7:C1:10:8B:74:98:85:4C:A5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7325D97BE5FC25C0B98FF9123AB5B93A6B1695DB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/09739967-9eaf-4466-adca-6a715e6c180f.roa
Signing time:             Mon 13 May 2024 00:00:00 +0000
ROA not before:           Mon 13 May 2024 00:00:00 +0000
ROA not after:            Mon 17 Jun 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.172.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 03 Jun 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:25:d9:7b:e5:fc:25:c0:b9:8f:f9:12:3a:b5:b9:3a:6b:16:95:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 13 00:00:00 2024 GMT
            Not After : Jun 17 23:59:59 2024 GMT
        Subject: serialNumber=6f24176b39c5819f9bc9c8d4d6bc3ad192234f761bcda4049bb3af9c669e8aa6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:63:1c:b9:94:01:a8:dd:b0:ce:26:59:cd:67:
                    fd:b9:7d:16:a4:34:64:c7:3c:7a:4a:4b:26:16:2b:
                    78:ae:22:6d:76:cb:74:9a:68:be:60:ea:50:85:85:
                    70:2d:e6:1c:cd:dc:a7:da:7e:25:66:d6:ff:36:e4:
                    62:86:d1:15:8a:a6:38:3d:10:96:8d:1f:e0:9c:72:
                    03:df:12:38:6d:67:22:12:fa:28:a5:19:98:ee:ce:
                    b3:03:d6:81:f1:31:59:12:0c:7c:fd:58:b9:5c:d5:
                    99:1f:81:bf:63:ee:37:26:00:5b:23:e0:76:fe:17:
                    1b:44:fa:73:67:10:c2:22:df:ed:fd:89:c3:a1:b4:
                    32:42:e6:37:4c:5b:0f:a1:67:ae:bd:dd:1d:8d:60:
                    a4:cb:22:68:41:b3:47:bd:03:a0:d7:85:98:d1:9a:
                    72:e7:7f:31:4c:f5:84:a2:c1:03:3d:c4:46:05:3c:
                    29:82:b0:12:f6:71:ad:45:0d:6d:39:bc:46:63:0e:
                    97:25:d4:04:9c:94:04:5d:86:b0:af:80:d4:f2:68:
                    4b:cf:93:74:e1:15:6b:b4:d1:d4:05:10:98:da:08:
                    be:53:13:7e:50:05:29:7f:a5:5d:99:5f:55:37:24:
                    25:ab:25:1f:a9:27:21:22:6c:e5:9d:be:24:8d:08:
                    ba:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:67:FD:CE:5C:62:0E:D6:F7:CC:49:C7:C1:10:8B:74:98:85:4C:A5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/09739967-9eaf-4466-adca-6a715e6c180f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:b5:25:51:2d:fb:c6:0b:34:5a:3c:72:a7:35:cf:40:09:d8:
         d7:5d:4e:6f:3f:a7:c0:f7:cb:c1:43:e7:c4:ac:0c:50:19:c8:
         14:b7:3b:21:64:68:ab:8d:3e:f5:e2:c6:9f:8b:06:f8:85:68:
         f9:ec:09:1f:16:e5:a5:27:d7:af:76:85:eb:d9:ac:3e:ea:78:
         8d:b8:ed:b1:19:ad:a7:89:28:08:20:bd:88:90:2b:5f:f5:db:
         a8:a7:1f:e9:82:6c:52:2b:0b:82:9b:ff:eb:9d:21:72:06:28:
         7a:9e:bc:f3:f8:9f:df:3a:74:86:13:ea:3b:84:60:34:c1:4e:
         bb:ec:f8:8a:66:bb:94:64:6c:e7:86:38:40:1a:7c:a2:2f:ce:
         34:00:4e:c4:60:d3:0a:c1:40:ab:d1:12:90:e8:63:d4:09:a8:
         03:e3:07:e9:98:9f:9a:16:9a:be:32:27:30:0e:5c:21:fc:3e:
         f5:fb:49:59:0c:a2:fc:b0:2e:a0:1b:94:af:40:86:40:10:c1:
         fc:6e:79:d4:8e:4e:95:09:20:af:ed:33:0c:0d:5c:9a:8d:de:
         cd:bf:5e:40:fe:56:7c:47:e7:8a:53:93:48:43:b9:7a:4b:19:
         cc:a4:ac:ea:9d:c1:98:8c:85:7b:bb:b3:05:34:03:92:e8:42:
         0b:6b:86:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcyXZe+X8JcC5j/kSOrW5OmsWldswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNTEzMDAwMDAwWhcNMjQwNjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZjI0MTc2YjM5YzU4MTlmOWJjOWM4ZDRkNmJjM2FkMTky
MjM0Zjc2MWJjZGE0MDQ5YmIzYWY5YzY2OWU4YWE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoYxy5lAGo3bDOJlnNZ/25fRakNGTHPHpKSyYWK3iuIm12
y3SaaL5g6lCFhXAt5hzN3KfafiVm1v825GKG0RWKpjg9EJaNH+CccgPfEjhtZyIS
+iilGZjuzrMD1oHxMVkSDHz9WLlc1Zkfgb9j7jcmAFsj4Hb+FxtE+nNnEMIi3+39
icOhtDJC5jdMWw+hZ6693R2NYKTLImhBs0e9A6DXhZjRmnLnfzFM9YSiwQM9xEYF
PCmCsBL2ca1FDW05vEZjDpcl1ASclARdhrCvgNTyaEvPk3ThFWu00dQFEJjaCL5T
E35QBSl/pV2ZX1U3JCWrJR+pJyEibOWdviSNCLrRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMmf9zlxiDtb3zEnHwRCLdJiFTKUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA5NzM5OTY3LTllYWYtNDQ2Ni1hZGNhLTZhNzE1ZTZjMTgwZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJM36wwDQYJKoZIhvcNAQELBQADggEBAJC1JVEt+8YLNFo8cqc1z0AJ2Ndd
Tm8/p8D3y8FD58SsDFAZyBS3OyFkaKuNPvXixp+LBviFaPnsCR8W5aUn1692hevZ
rD7qeI247bEZraeJKAggvYiQK1/126inH+mCbFIrC4Kb/+udIXIGKHqevPP4n986
dIYT6juEYDTBTrvs+Ipmu5RkbOeGOEAafKIvzjQATsRg0wrBQKvREpDoY9QJqAPj
B+mYn5oWmr4yJzAOXCH8PvX7SVkMovywLqAblK9AhkAQwfxuedSOTpUJIK/tMwwN
XJqN3s2/XkD+VnxH54pTk0hDuXpLGcykrOqdwZiMhXu7swU0A5LoQgtrhpI=
-----END CERTIFICATE-----