Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8fa87dd7-0792-438a-a9a3-e7678e7e5b28.roa
File:                     8fa87dd7-0792-438a-a9a3-e7678e7e5b28.roa (raw, json)
Hash identifier:          MYqx5PU0Y5M+1VBYdTtfqpoFF7A1JBVapbxyMMRuoEg=
Subject key identifier:   92:A4:51:ED:19:0D:A7:EC:4A:C8:6E:98:9D:09:F6:16:CD:D9:E4:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       31C560545ACEBF72ED71A8EC62F3FDB0C72E17FB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8fa87dd7-0792-438a-a9a3-e7678e7e5b28.roa
Signing time:             Tue 28 May 2024 00:00:00 +0000
ROA not before:           Tue 28 May 2024 00:00:00 +0000
ROA not after:            Tue 02 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f2f:4000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 03 Jun 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:c5:60:54:5a:ce:bf:72:ed:71:a8:ec:62:f3:fd:b0:c7:2e:17:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 28 00:00:00 2024 GMT
            Not After : Jul  2 23:59:59 2024 GMT
        Subject: serialNumber=3fc48ebcbf9354e2ad4849e5c0e544083bbc66b0387569dd0a37440b868fe9ed, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:1a:6e:8a:ed:a7:3e:8e:ea:6c:4d:86:0e:92:
                    dd:03:bb:12:84:a8:6f:48:5b:99:5e:70:d8:c5:3d:
                    e2:d2:3b:74:0d:16:4f:cc:5f:1d:c9:63:5e:c0:ec:
                    c6:f0:8a:af:3e:83:c5:8c:30:23:cf:23:14:9e:4b:
                    31:46:22:8c:27:f9:0e:f0:1f:57:07:6f:a3:a7:a0:
                    61:f4:35:0c:44:ba:fe:a5:09:73:9e:cc:c8:16:e5:
                    f2:ff:60:db:6d:f0:79:ef:85:5d:18:93:4b:86:a8:
                    71:7d:12:ba:88:c5:0e:36:ce:70:e0:85:20:6e:71:
                    ca:23:5d:77:bf:1d:9d:2b:99:17:59:05:f4:55:3d:
                    1c:f9:e0:93:86:bf:98:03:77:bb:c9:3d:ab:63:a7:
                    ec:92:9a:ef:b1:b2:95:a2:67:d6:a2:6c:c5:be:71:
                    ff:9b:d8:ba:02:3c:32:06:f9:8f:e3:49:ee:0b:09:
                    e7:1e:3e:6f:53:af:bc:98:cb:f6:c8:b7:cb:97:d1:
                    cb:4e:0f:5c:e5:ec:46:d5:c4:ee:ad:67:9f:01:46:
                    37:8d:51:b5:79:f2:c3:85:8b:a0:28:4f:57:58:70:
                    90:85:a6:14:55:c3:a6:a5:dc:ae:ba:97:86:b1:3f:
                    e5:a0:2c:66:7e:e8:d8:f8:f2:21:c8:d5:7c:d9:af:
                    da:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:A4:51:ED:19:0D:A7:EC:4A:C8:6E:98:9D:09:F6:16:CD:D9:E4:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8fa87dd7-0792-438a-a9a3-e7678e7e5b28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f2f:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         98:bb:09:36:e9:46:b0:7b:c0:ae:e1:d0:ff:97:bf:a4:49:0b:
         6c:c1:32:31:50:07:a4:d0:a4:1e:37:d5:0a:d6:2b:ef:b5:45:
         65:c0:bb:c1:90:d5:3f:31:d7:ef:05:19:d1:81:32:4e:e5:46:
         82:a5:a2:22:ad:da:1b:d8:72:a6:bf:8e:17:11:3e:63:1d:88:
         81:5b:3c:85:cd:30:e7:f5:8b:84:72:3d:d7:eb:dc:5b:eb:04:
         85:a3:0a:3a:83:5a:5f:02:f7:eb:c3:4f:ff:3f:58:9b:af:91:
         bd:b7:13:2c:e3:5c:1f:58:06:72:a7:5f:33:25:02:89:73:02:
         48:f2:a5:20:af:05:2c:e1:82:40:8b:f8:33:4a:f3:41:af:f2:
         e5:d7:42:4e:59:73:af:d8:19:49:71:34:f3:1d:30:7e:d5:7b:
         6a:44:2b:f5:20:6b:49:e7:c6:fa:6d:e6:c0:6d:46:98:54:2e:
         48:a0:cc:68:f7:07:29:be:5a:10:5e:fe:b0:f4:79:b8:50:3e:
         fa:d4:0d:b8:52:15:00:53:d9:1a:9e:8d:01:8b:e8:30:88:e2:
         11:6b:77:b7:86:d3:03:dd:b2:5f:c4:d7:74:94:81:3e:a6:a4:
         97:63:2e:69:13:ff:d6:dd:a0:42:1e:f3:50:f6:9d:a6:18:a9:
         0f:10:da:20
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUMcVgVFrOv3LtcajsYvP9sMcuF/swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNTI4MDAwMDAwWhcNMjQwNzAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZmM0OGViY2JmOTM1NGUyYWQ0ODQ5ZTVjMGU1NDQwODNi
YmM2NmIwMzg3NTY5ZGQwYTM3NDQwYjg2OGZlOWVkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDGm6K7ac+jupsTYYOkt0DuxKEqG9IW5lecNjFPeLSO3QN
Fk/MXx3JY17A7Mbwiq8+g8WMMCPPIxSeSzFGIown+Q7wH1cHb6OnoGH0NQxEuv6l
CXOezMgW5fL/YNtt8HnvhV0Yk0uGqHF9ErqIxQ42znDghSBuccojXXe/HZ0rmRdZ
BfRVPRz54JOGv5gDd7vJPatjp+ySmu+xspWiZ9aibMW+cf+b2LoCPDIG+Y/jSe4L
CecePm9Tr7yYy/bIt8uX0ctOD1zl7EbVxO6tZ58BRjeNUbV58sOFi6AoT1dYcJCF
phRVw6al3K66l4axP+WgLGZ+6Nj48iHI1XzZr9obAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUkqRR7RkNp+xKyG6YnQn2Fs3Z5JMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhmYTg3ZGQ3LTA3OTItNDM4YS1hOWEzLWU3Njc4ZTdlNWIyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8vQDANBgkqhkiG9w0BAQsFAAOCAQEAmLsJNulGsHvAruHQ/5e/pEkL
bMEyMVAHpNCkHjfVCtYr77VFZcC7wZDVPzHX7wUZ0YEyTuVGgqWiIq3aG9hypr+O
FxE+Yx2IgVs8hc0w5/WLhHI91+vcW+sEhaMKOoNaXwL368NP/z9Ym6+RvbcTLONc
H1gGcqdfMyUCiXMCSPKlIK8FLOGCQIv4M0rzQa/y5ddCTllzr9gZSXE08x0wftV7
akQr9SBrSefG+m3mwG1GmFQuSKDMaPcHKb5aEF7+sPR5uFA++tQNuFIVAFPZGp6N
AYvoMIjiEWt3t4bTA92yX8TXdJSBPqakl2MuaRP/1t2gQh7zUPadphipDxDaIA==
-----END CERTIFICATE-----