Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d422057d-b017-4ed3-af61-26a843338ab9.roa
File:                     d422057d-b017-4ed3-af61-26a843338ab9.roa (raw, json)
Hash identifier:          ivLUqYKvpbwOTaHz7x5cU4azZC3UhGVrM7s/zYoz8bY=
Subject key identifier:   52:5C:F9:7B:82:F5:22:6D:45:F3:B9:E5:EE:46:49:FF:E7:66:71:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3FD2336EB52F1092D1E4BB66005CAAD1CA6572ED
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d422057d-b017-4ed3-af61-26a843338ab9.roa
Signing time:             Thu 18 Apr 2024 00:00:00 +0000
ROA not before:           Thu 18 Apr 2024 00:00:00 +0000
ROA not after:            Thu 23 May 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        206.216.0.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:d2:33:6e:b5:2f:10:92:d1:e4:bb:66:00:5c:aa:d1:ca:65:72:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 18 00:00:00 2024 GMT
            Not After : May 23 23:59:59 2024 GMT
        Subject: serialNumber=8c57f8634e0aff7ced9b217f0e1089e8f9d88e711a3f6fcdc47d0ed04ae5d1d1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:cb:80:a7:d3:34:b0:fa:56:cb:44:a8:ca:70:
                    f2:c6:05:e2:4f:77:57:03:20:9e:d4:ec:07:90:00:
                    bc:3f:35:46:b6:74:23:5a:bb:c5:8f:ec:35:7f:39:
                    9c:b5:3d:d0:3c:a3:57:d6:00:b8:16:e8:59:4b:4c:
                    df:86:e3:78:0d:0a:4a:9c:fa:bd:89:b3:81:b0:b0:
                    ea:17:f6:97:62:79:a2:bd:9c:ff:00:c0:c9:29:2c:
                    5c:ba:a0:76:97:75:14:61:4e:16:97:9a:27:2c:7b:
                    a9:c2:9e:fc:37:3d:f5:1d:5e:a1:bb:ff:16:b2:00:
                    13:09:99:03:53:46:2e:26:f9:4b:06:e2:77:de:4e:
                    2e:50:08:cd:37:27:15:67:59:37:15:ea:82:35:e5:
                    8a:b9:18:f2:fa:3a:29:83:4c:db:cb:32:9e:4c:d6:
                    a2:9f:8a:31:c4:55:58:3b:ae:70:20:96:01:3f:91:
                    81:d5:df:a8:2c:0d:f8:42:8d:3f:5b:35:46:e4:9b:
                    90:23:c6:2d:ce:84:76:50:53:fd:fb:ea:86:2c:00:
                    ca:77:1e:d4:02:22:3a:e5:e0:0f:8e:66:11:5f:63:
                    d2:c0:ab:17:5b:ff:64:25:ea:c4:3e:36:ef:2d:57:
                    6b:d8:c3:06:28:e2:46:f3:00:9b:a4:63:92:a0:93:
                    c1:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:5C:F9:7B:82:F5:22:6D:45:F3:B9:E5:EE:46:49:FF:E7:66:71:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d422057d-b017-4ed3-af61-26a843338ab9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.216.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         19:e0:d4:1e:c1:78:f1:be:90:a5:48:5c:24:e6:29:9e:fc:2b:
         0f:93:34:01:8e:82:44:72:d3:e8:bc:fb:1e:a4:fe:63:0a:2f:
         cf:7f:17:66:7f:7e:7a:20:2b:31:a9:29:6d:68:75:b6:df:7b:
         5b:04:ae:18:dd:bf:ca:93:b7:8f:a3:21:0a:57:a9:b7:12:66:
         2f:fa:55:bf:97:49:8d:49:10:0e:ff:37:ae:ff:86:c7:a5:ea:
         4e:7f:db:e5:8f:98:26:3f:6e:15:94:25:f5:ba:60:28:e9:a3:
         a9:cb:f7:8d:9f:3b:f5:e2:39:23:ce:00:64:55:a7:d7:3f:a4:
         8e:ac:2d:f0:d5:73:79:11:4b:72:34:75:fc:44:cf:67:d7:97:
         c2:62:43:14:c6:7e:be:c3:1f:52:9d:35:58:b2:e4:df:40:18:
         e6:c8:e8:5f:a7:b2:18:a1:ce:cc:bf:62:de:f6:2c:9e:9c:4a:
         ab:23:87:da:b5:4a:a2:c7:42:72:7b:d8:50:ea:f3:2b:b6:78:
         4c:18:84:26:0a:33:41:b8:4a:bc:4d:e7:0f:c1:ba:01:da:4f:
         27:0b:8a:47:79:f2:5a:40:f9:7d:c2:28:27:62:07:3a:db:44:
         18:af:c0:34:c1:cc:1a:41:46:65:5c:41:45:dd:f2:24:46:2f:
         a5:19:8a:cd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP9IzbrUvEJLR5LtmAFyq0cplcu0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDE4MDAwMDAwWhcNMjQwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YzU3Zjg2MzRlMGFmZjdjZWQ5YjIxN2YwZTEwODllOGY5
ZDg4ZTcxMWEzZjZmY2RjNDdkMGVkMDRhZTVkMWQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1y4Cn0zSw+lbLRKjKcPLGBeJPd1cDIJ7U7AeQALw/NUa2
dCNau8WP7DV/OZy1PdA8o1fWALgW6FlLTN+G43gNCkqc+r2Js4GwsOoX9pdieaK9
nP8AwMkpLFy6oHaXdRRhThaXmicse6nCnvw3PfUdXqG7/xayABMJmQNTRi4m+UsG
4nfeTi5QCM03JxVnWTcV6oI15Yq5GPL6OimDTNvLMp5M1qKfijHEVVg7rnAglgE/
kYHV36gsDfhCjT9bNUbkm5Ajxi3OhHZQU/376oYsAMp3HtQCIjrl4A+OZhFfY9LA
qxdb/2Ql6sQ+Nu8tV2vYwwYo4kbzAJukY5Kgk8HlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUlz5e4L1Im1F87nl7kZJ/+dmcaQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0MjIwNTdkLWIwMTctNGVkMy1hZjYxLTI2YTg0MzMzOGFiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATO2AAwDQYJKoZIhvcNAQELBQADggEBABng1B7BePG+kKVIXCTmKZ78Kw+T
NAGOgkRy0+i8+x6k/mMKL89/F2Z/fnogKzGpKW1odbbfe1sErhjdv8qTt4+jIQpX
qbcSZi/6Vb+XSY1JEA7/N67/hsel6k5/2+WPmCY/bhWUJfW6YCjpo6nL942fO/Xi
OSPOAGRVp9c/pI6sLfDVc3kRS3I0dfxEz2fXl8JiQxTGfr7DH1KdNViy5N9AGObI
6F+nshihzsy/Yt72LJ6cSqsjh9q1SqLHQnJ72FDq8yu2eEwYhCYKM0G4SrxN5w/B
ugHaTycLikd58lpA+X3CKCdiBzrbRBivwDTBzBpBRmVcQUXd8iRGL6UZis0=
-----END CERTIFICATE-----