Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/907d1ff6-b72d-4eb8-81e9-4b99b5824d76.roa
File:                     907d1ff6-b72d-4eb8-81e9-4b99b5824d76.roa (raw, json)
Hash identifier:          jUncHE6YTPMX2cUrlXyL5iL+rRsjhhVdj7+c3zyUFrI=
Subject key identifier:   85:AB:2F:51:3A:B3:B9:11:CC:1C:40:15:B7:1A:9D:48:AA:03:A3:44
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       237E5E5D45365A81192F2B52DC1C93FE028BC374
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/907d1ff6-b72d-4eb8-81e9-4b99b5824d76.roa
Signing time:             Fri 10 May 2024 00:00:00 +0000
ROA not before:           Fri 10 May 2024 00:00:00 +0000
ROA not after:            Fri 14 Jun 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        56.187.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 03 Jun 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:7e:5e:5d:45:36:5a:81:19:2f:2b:52:dc:1c:93:fe:02:8b:c3:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: May 10 00:00:00 2024 GMT
            Not After : Jun 14 23:59:59 2024 GMT
        Subject: serialNumber=817a9119d1a1259e71340ca6fdbe5e48d5c9fe726c7b3f9865aa3ed56c01a77b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:b3:39:de:38:bf:c2:7a:37:88:2b:ab:ae:23:
                    c4:8d:00:0b:44:5d:e0:20:a8:31:57:99:11:c2:82:
                    7a:79:22:1c:51:d0:f4:e5:40:35:a0:a7:5d:42:fc:
                    55:d0:dc:c3:06:ad:21:c1:33:b8:86:ca:e3:af:af:
                    9c:61:73:1b:5e:e2:ab:29:d7:0c:71:3f:1d:04:10:
                    c3:a6:80:4a:c6:52:3e:37:f1:80:19:0a:fc:de:53:
                    60:c2:b8:81:ec:8d:74:f3:e3:3c:01:5f:f4:4e:b6:
                    d0:d1:4f:31:fc:41:f8:c0:88:53:cc:e7:2a:4f:bb:
                    62:17:24:59:30:07:ca:c3:3b:5b:b6:6a:57:a3:9e:
                    f9:ad:a2:2d:66:10:df:0c:4e:34:d3:a2:39:59:1d:
                    d6:cd:f4:df:38:41:e0:8a:32:44:c2:d5:ee:16:4c:
                    ec:2e:d5:9c:c8:1d:f0:ae:3c:b8:f7:fc:5b:21:71:
                    23:21:c4:62:2e:91:9e:34:3d:ec:ed:a3:05:74:0a:
                    79:30:19:0e:92:74:9f:a6:10:6d:84:47:75:22:75:
                    6b:18:d9:82:e7:9e:d8:54:ba:92:fc:eb:51:92:87:
                    16:d4:f1:fa:17:6d:b5:d5:5c:66:2d:7f:c3:09:e5:
                    0b:1f:ea:ad:4e:c2:23:2a:6a:6e:05:a2:b6:fc:0d:
                    25:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:AB:2F:51:3A:B3:B9:11:CC:1C:40:15:B7:1A:9D:48:AA:03:A3:44
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/907d1ff6-b72d-4eb8-81e9-4b99b5824d76.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.187.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         34:d4:b6:ca:7c:d7:8b:6e:68:41:f5:e3:2f:13:b4:1f:cc:97:
         c4:72:bb:94:98:3c:f2:c3:81:3f:bd:c4:5b:f7:5a:76:ae:a2:
         5b:f4:a2:9d:e0:5c:c2:11:33:f7:b0:b2:87:30:bf:21:00:5e:
         04:d1:13:c6:0a:01:5d:29:10:3e:3e:96:e1:f0:15:a0:4b:cd:
         d0:b4:ab:0c:07:21:01:d4:d8:ae:a6:b4:73:ca:d6:1c:1c:22:
         d1:04:a9:98:e7:aa:d0:87:d3:5c:b4:2a:76:3c:ff:8c:9f:e4:
         46:a3:15:9e:42:1f:79:b4:dc:0e:76:a6:fb:7d:b9:b6:96:70:
         f0:3e:ef:8d:18:89:45:c1:93:3a:ad:cc:75:60:be:4e:be:7f:
         72:55:da:2c:20:15:bc:3f:5a:9e:ce:5d:3d:fa:7c:52:35:a4:
         d4:81:ec:11:0d:ed:65:cd:07:ae:d2:ed:75:33:74:83:93:fb:
         8d:f1:42:e0:1a:e5:91:15:a0:be:88:66:1b:e4:24:f1:d9:37:
         cf:bc:71:8b:93:a2:94:20:9e:7c:cd:8c:ef:9a:26:8f:1a:7b:
         77:d5:7b:39:a2:19:f7:a5:83:0e:09:f3:c6:50:ff:78:c5:f5:
         0f:3c:bf:c8:10:b6:e6:ce:50:03:ee:26:71:d8:fe:ef:52:79:
         92:48:30:0b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUI35eXUU2WoEZLytS3ByT/gKLw3QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNTEwMDAwMDAwWhcNMjQwNjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MTdhOTExOWQxYTEyNTllNzEzNDBjYTZmZGJlNWU0OGQ1
YzlmZTcyNmM3YjNmOTg2NWFhM2VkNTZjMDFhNzdiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD2szneOL/CejeIK6uuI8SNAAtEXeAgqDFXmRHCgnp5IhxR
0PTlQDWgp11C/FXQ3MMGrSHBM7iGyuOvr5xhcxte4qsp1wxxPx0EEMOmgErGUj43
8YAZCvzeU2DCuIHsjXTz4zwBX/ROttDRTzH8QfjAiFPM5ypPu2IXJFkwB8rDO1u2
alejnvmtoi1mEN8MTjTTojlZHdbN9N84QeCKMkTC1e4WTOwu1ZzIHfCuPLj3/Fsh
cSMhxGIukZ40PeztowV0CnkwGQ6SdJ+mEG2ER3UidWsY2YLnnthUupL861GShxbU
8foXbbXVXGYtf8MJ5Qsf6q1OwiMqam4Forb8DSUzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUhasvUTqzuRHMHEAVtxqdSKoDo0QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkwN2QxZmY2LWI3MmQtNGViOC04MWU5LTRiOTliNTgyNGQ3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4uzANBgkqhkiG9w0BAQsFAAOCAQEANNS2ynzXi25oQfXjLxO0H8yXxHK7
lJg88sOBP73EW/dadq6iW/SineBcwhEz97CyhzC/IQBeBNETxgoBXSkQPj6W4fAV
oEvN0LSrDAchAdTYrqa0c8rWHBwi0QSpmOeq0IfTXLQqdjz/jJ/kRqMVnkIfebTc
Dnam+325tpZw8D7vjRiJRcGTOq3MdWC+Tr5/clXaLCAVvD9ans5dPfp8UjWk1IHs
EQ3tZc0HrtLtdTN0g5P7jfFC4BrlkRWgvohmG+Qk8dk3z7xxi5OilCCefM2M75om
jxp7d9V7OaIZ96WDDgnzxlD/eMX1Dzy/yBC25s5QA+4mcdj+71J5kkgwCw==
-----END CERTIFICATE-----